Merge pull request #122 from gilles-peskine-arm/psa-crypto-api-beta3-docs

Update API document to beta3
diff --git a/.travis.yml b/.travis.yml
index 4d23652..fe3c1ec 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,6 +4,13 @@
 - gcc
 sudo: false
 cache: ccache
+
+# blocklist
+branches:
+  except:
+  - development-psa
+  - coverity_scan
+
 script:
 - tests/scripts/recursion.pl library/*.c
 - tests/scripts/check-generated-files.sh
@@ -15,13 +22,8 @@
 - make
 - make test
 - programs/test/selftest
-- OSSL_NO_DTLS=1 tests/compat.sh
-- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
 - tests/scripts/test-ref-configs.pl
 - tests/scripts/curves.pl
-- tests/scripts/key-exchanges.pl
-after_failure:
-- tests/scripts/travis-log-failure.sh
 env:
   global:
     secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
@@ -34,7 +36,7 @@
   coverity_scan:
     project:
       name: "ARMmbed/mbedtls"
-    notification_email: p.j.bakker@polarssl.org
+    notification_email: simon.butcher@arm.com
     build_command_prepend:
     build_command: make
     branch_pattern: coverity_scan
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 11efd87..feca4ab 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -200,8 +200,6 @@
         ADD_CUSTOM_TARGET(covtest
             COMMAND make test
             COMMAND programs/test/selftest
-            COMMAND tests/compat.sh
-            COMMAND tests/ssl-opt.sh
         )
 
         ADD_CUSTOM_TARGET(lcov
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3433ed0..18851db 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -50,15 +50,15 @@
 
  2. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
 
- 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to build or test scripts.
+ 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
 
 It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
 
 Currently maintained LTS branches are:
 
-1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1)
+1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
 
-2. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
+1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
 
 
 Tests
diff --git a/ChangeLog b/ChangeLog
index f4bb416..d4e945a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,218 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS 2.xx.x branch released xxxx-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+   * Add the Any Policy certificate policy oid, as defined in
+     rfc 5280 section 4.2.1.4.
+
+Bugfix
+   * Fix private key DER output in the key_app_writer example. File contents
+     were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
+     Christian Walther in #2239.
 
 Changes
-   * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
-     from the cipher abstraction layer. Fixes #2198.
+   * Server's RSA certificate in certs.c was SHA-1 signed. In the default
+     mbedTLS configuration only SHA-2 signed certificates are accepted.
+     This certificate is used in the demo server programs, which lead the
+     client programs to fail at the peer's certificate verification
+     due to an unacceptable hash signature. The certificate has been
+     updated to one that is SHA-256 signed. Fix contributed by
+     Illya Gerasymchuk.
+   * Return from various debugging routines immediately if the
+     provided SSL context is unset.
+   * Remove dead code from bignum.c in the default configuration.
+     Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
+   * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
+     Contributed by Peter Kolbus (Garmin).
+
+= mbed TLS 2.17.0 branch released 2019-03-19
+
+Features
+   * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`
+     which allows copy-less parsing of DER encoded X.509 CRTs,
+     at the cost of additional lifetime constraints on the input
+     buffer, but at the benefit of reduced RAM consumption.
+   * Add a new function mbedtls_asn1_write_named_bitstring() to write ASN.1
+     named bitstring in DER as required by RFC 5280 Appendix B.
+   * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
+     from the default list (enabled by default). See
+     https://sweet32.info/SWEET32_CCS16.pdf.
+
+API Changes
+   * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
+     See the Features section for more information.
+   * Allow to opt in to the removal the API mbedtls_ssl_get_peer_cert()
+     for the benefit of saving RAM, by disabling the new compile-time
+     option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (enabled by default for
+     API stability). Disabling this option makes mbedtls_ssl_get_peer_cert()
+     always return NULL, and removes the peer_cert field from the
+     mbedtls_ssl_session structure which otherwise stores the peer's
+     certificate.
+
+Security
+   * Make mbedtls_ecdh_get_params return an error if the second key
+     belongs to a different group from the first. Before, if an application
+     passed keys that belonged to different group, the first key's data was
+     interpreted according to the second group, which could lead to either
+     an error or a meaningless output from mbedtls_ecdh_get_params. In the
+     latter case, this could expose at most 5 bits of the private key.
+
+Bugfix
+   * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
+     when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
+   * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined.
+     Raised as a comment in #1996.
+   * Reduce the stack consumption of mbedtls_mpi_fill_random() which could
+     previously lead to a stack overflow on constrained targets.
+   * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions
+     in the header files, which missed the precompilation check. #971
+   * Fix returning the value 1 when mbedtls_ecdsa_genkey failed.
+   * Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326.
+   * Remove the mbedtls namespacing from the header file, to fix a "file not found"
+     build error. Fixed by Haijun Gu #2319.
+   * Fix signed-to-unsigned integer conversion warning
+     in X.509 module. Fixes #2212.
+   * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion.
+     Fixes #2190.
+   * Fix false failure in all.sh when backup files exist in include/mbedtls
+     (e.g. config.h.bak). Fixed by Peter Kolbus (Garmin) #2407.
+   * Ensure that unused bits are zero when writing ASN.1 bitstrings when using
+     mbedtls_asn1_write_bitstring().
+   * Fix issue when writing the named bitstrings in KeyUsage and NsCertType
+     extensions in CSRs and CRTs that caused these bitstrings to not be encoded
+     correctly as trailing zeroes were not accounted for as unused bits in the
+     leading content octet. Fixes #1610.
+
+Changes
+   * Reduce RAM consumption during session renegotiation by not storing
+     the peer CRT chain and session ticket twice.
+   * Include configuration file in all header files that use configuration,
+     instead of relying on other header files that they include.
+     Inserted as an enhancement for #1371
+   * Add support for alternative CSR headers, as used by Microsoft and defined
+     in RFC 7468. Found by Michael Ernst. Fixes #767.
+   * Correct many misspellings. Fixed by MisterDA #2371.
+   * Provide an abstraction of vsnprintf to allow alternative implementations
+     for platforms that don't provide it. Based on contributions by Joris Aerts
+     and Nathaniel Wesley Filardo.
+   * Fix clobber list in MIPS assembly for large integer multiplication.
+     Previously, this could lead to functionally incorrect assembly being
+     produced by some optimizing compilers, showing up as failures in
+     e.g. RSA or ECC signature operations. Reported in #1722, fix suggested
+     by Aurelien Jarno and submitted by Jeffrey Martin.
+   * Reduce the complexity of the timing tests. They were assuming more than the
+     underlying OS actually guarantees.
+   * Fix configuration queries in ssl-opt.h. #2030
+   * Ensure that ssl-opt.h can be run in OS X. #2029
+   * Re-enable certain interoperability tests in ssl-opt.sh which had previously
+     been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
+   * Ciphersuites based on 3DES now have the lowest priority by default when
+     they are enabled.
+
+= mbed TLS 2.16.0 branch released 2018-12-21
+
+Features
+   * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation
+     of parameters in the API. This allows detection of obvious misuses of the
+     API, such as passing NULL pointers. The API of existing functions hasn't
+     changed, but requirements on parameters have been made more explicit in
+     the documentation. See the corresponding API documentation for each
+     function to see for which parameter values it is defined. This feature is
+     disabled by default. See its API documentation in config.h for additional
+     steps you have to take when enabling it.
+
+API Changes
+   * The following functions in the random generator modules have been
+     deprecated and replaced as shown below. The new functions change
+     the return type from void to int to allow returning error codes when
+     using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest
+     primitive. Fixes #1798.
+     mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret()
+     mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
+   * Extend ECDH interface to enable alternative implementations.
+   * Deprecate error codes of the form MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH for
+     ARIA, CAMELLIA and Blowfish. These error codes will be replaced by
+     the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
+   * Additional parameter validation checks have been added for the following
+     modules - AES, ARIA, Blowfish, CAMELLIA, CCM, GCM, DHM, ECP, ECDSA, ECDH,
+     ECJPAKE, SHA, Chacha20 and Poly1305, cipher, pk, RSA, and MPI.
+     Where modules have had parameter validation added, existing parameter
+     checks may have changed. Some modules, such as Chacha20 had existing
+     parameter validation whereas other modules had little. This has now been
+     changed so that the same level of validation is present in all modules, and
+     that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
+     is off. That means that checks which were previously present by default
+     will no longer be.
+
+New deprecations
+   * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update
+     in favor of functions that can return an error code.
+
+Bugfix
+   * Fix for Clang, which was reporting a warning for the bignum.c inline
+     assembly for AMD64 targets creating string literals greater than those
+     permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482.
+   * Fix runtime error in `mbedtls_platform_entropy_poll()` when run
+     through qemu user emulation. Reported and fix suggested by randombit
+     in #1212. Fixes #1212.
+   * Fix an unsafe bounds check when restoring an SSL session from a ticket.
+     This could lead to a buffer overflow, but only in case ticket authentication
+     was broken. Reported and fix suggested by Guido Vranken in #659.
+   * Add explicit integer to enumeration type casts to example program
+     programs/pkey/gen_key which previously led to compilation failure
+     on some toolchains. Reported by phoenixmcallister. Fixes #2170.
+   * Fix double initialization of ECC hardware that made some accelerators
+     hang.
+   * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence
+     of check for certificate/key matching. Reported by Attila Molnar, #507.
+
+ = mbed TLS 2.15.1 branch released 2018-11-30
+
+ Changes
+    * Update the Mbed Crypto submodule to version 0.1.0b2.
+
+ = mbed TLS 2.15.0 branch released 2018-11-23
+
+ Features
+    * Add an experimental build option, USE_CRYPTO_SUBMODULE, to enable use of
+      Mbed Crypto as the source of the cryptography implementation.
+    * Add an experimental configuration option, MBEDTLS_PSA_CRYPTO_C, to enable
+      the PSA Crypto API from Mbed Crypto when additionally used with the
+      USE_CRYPTO_SUBMODULE build option.
+
+ Changes
+    * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
+      from the cipher abstraction layer. Fixes #2198.
+
+= mbed TLS 2.14.1 branch released 2018-11-30
+
+Security
+   * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
+     decryption that could lead to a Bleichenbacher-style padding oracle
+     attack. In TLS, this affects servers that accept ciphersuites based on
+     RSA decryption (i.e. ciphersuites whose name contains RSA but not
+     (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute),  Robert Gillham
+     (University of Adelaide), Daniel Genkin (University of Michigan),
+     Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
+     (University of Adelaide, Data61). The attack is described in more detail
+     in the paper available here: http://cat.eyalro.net/cat.pdf  CVE-2018-19608
+   * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
+     via branching and memory access patterns. An attacker who could submit
+     a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
+     of the decryption and not its result could nonetheless decrypt RSA
+     plaintexts and forge RSA signatures. Other asymmetric algorithms may
+     have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
+     Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
+   * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG
+     modules.
+
+API Changes
+   * The new functions mbedtls_ctr_drbg_update_ret() and
+     mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update()
+     and mbedtls_hmac_drbg_update() respectively, but the new functions
+     report errors whereas the old functions return void. We recommend that
+     applications use the new functions.
 
 = mbed TLS 2.14.0 branch released 2018-11-19
 
@@ -229,7 +437,7 @@
      1.2, that allowed a local attacker, able to execute code on the local
      machine as well as manipulate network packets, to partially recover the
      plaintext of messages under some conditions by using a cache attack
-     targetting an internal MD/SHA buffer. With TLS or if
+     targeting an internal MD/SHA buffer. With TLS or if
      mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if
      the same secret (for example a HTTP Cookie) has been repeatedly sent over
      connections manipulated by the attacker. Connections using GCM or CCM
@@ -1115,7 +1323,7 @@
    * Fix potential build failures related to the 'apidoc' target, introduced
      in the previous patch release. Found by Robert Scheck. #390 #391
    * Fix issue in Makefile that prevented building using armar. #386
-   * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and
+   * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and
      ECDSA was disabled in config.h . The leak didn't occur by default.
    * Fix an issue that caused valid certificates to be rejected whenever an
      expired or not yet valid certificate was parsed before a valid certificate
@@ -1357,7 +1565,7 @@
      You now need to link to all of them if you use TLS for example.
    * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace.
      Some names have been further changed to make them more consistent.
-     Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are
+     Migration helpers scripts/rename.pl and include/mbedtls/compat-1.3.h are
      provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt
    * Renamings of fields inside structures, not covered by the previous list:
      mbedtls_cipher_info_t.key_length -> key_bitlen
@@ -1412,7 +1620,7 @@
    * net_accept() gained new arguments for the size of the client_ip buffer.
    * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now
      return void.
-   * ecdsa_write_signature() gained an addtional md_alg argument and
+   * ecdsa_write_signature() gained an additional md_alg argument and
      ecdsa_write_signature_det() was deprecated.
    * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
    * Last argument of x509_crt_check_key_usage() and
@@ -2947,7 +3155,7 @@
       not swapped on PadLock; also fixed compilation on older versions
       of gcc (bug reported by David Barrett)
     * Correctly handle the case in padlock_xcryptcbc() when input or
-      ouput data is non-aligned by falling back to the software
+      output data is non-aligned by falling back to the software
       implementation, as VIA Nehemiah cannot handle non-aligned buffers
     * Fixed a memory leak in x509parse_crt() which was reported by Greg
       Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to
diff --git a/Makefile b/Makefile
index f32641a..12d3008 100644
--- a/Makefile
+++ b/Makefile
@@ -102,8 +102,6 @@
 covtest:
 	$(MAKE) check
 	programs/test/selftest
-	tests/compat.sh
-	tests/ssl-opt.sh
 
 lcov:
 	rm -rf Coverage
diff --git a/README.md b/README.md
index 107f7dd..e243fe7 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@
 
 ### PSA Cryptography API
 
-You can read the [complete PSA cryptography API specification as a PDF document](https://github.com/ARMmbed/mbed-crypto/blob/psa-crypto-api/docs/PSA_Cryptography_API_Specification.pdf). The API reference is also available in [HTML format](https://htmlpreview.github.io/?https://github.com/ARMmbed/mbed-crypto/blob/psa-crypto-api/docs/html/modules.html).
+You can read the [complete PSA cryptography API specification as a PDF document](https://github.com/ARMmbed/mbed-crypto/blob/psa-crypto-api/docs/PSA_Cryptography_API_Specification.pdf). The API reference is also available in [HTML format](https://htmlpreview.github.io/?https://github.com/ARMmbed/mbed-crypto/blob/psa-crypto-api/docs/html/index.html).
 
 ### Browsable library documentation
 
diff --git a/configs/config-default.h b/configs/config-default.h
index 16ed503..e6abf24 100644
--- a/configs/config-default.h
+++ b/configs/config-default.h
@@ -139,7 +139,7 @@
  *
  * System has time.h, time(), and an implementation for
  * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necesarily very accurate, but at least
+ * The time needs to be correct (not necessarily very accurate, but at least
  * the date should be correct). This is used to verify the validity period of
  * X.509 certificates.
  *
@@ -226,6 +226,7 @@
 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
 //#define MBEDTLS_PLATFORM_PRINTF_ALT
 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
 
@@ -256,6 +257,48 @@
  */
 //#define MBEDTLS_DEPRECATED_REMOVED
 
+/**
+ * \def MBEDTLS_CHECK_PARAMS
+ *
+ * This configuration option controls whether the library validates more of
+ * the parameters passed to it.
+ *
+ * When this flag is not defined, the library only attempts to validate an
+ * input parameter if: (1) they may come from the outside world (such as the
+ * network, the filesystem, etc.) or (2) not validating them could result in
+ * internal memory errors such as overflowing a buffer controlled by the
+ * library. On the other hand, it doesn't attempt to validate parameters whose
+ * values are fully controlled by the application (such as pointers).
+ *
+ * When this flag is defined, the library additionally attempts to validate
+ * parameters that are fully controlled by the application, and should always
+ * be valid if the application code is fully correct and trusted.
+ *
+ * For example, when a function accepts as input a pointer to a buffer that may
+ * contain untrusted data, and its documentation mentions that this pointer
+ * must not be NULL:
+ * - the pointer is checked to be non-NULL only if this option is enabled
+ * - the content of the buffer is always validated
+ *
+ * When this flag is defined, if a library function receives a parameter that
+ * is invalid, it will:
+ * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
+ *   call to the function mbedtls_param_failed()
+ * - immediately return (with a specific error code unless the function
+ *   returns void and can't communicate an error).
+ *
+ * When defining this flag, you also need to:
+ * - either provide a definition of the function mbedtls_param_failed() in
+ *   your application (see platform_util.h for its prototype) as the library
+ *   calls that function, but does not provide a default definition for it,
+ * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
+ *   below if the above mechanism is not flexible enough to suit your needs.
+ *   See the documentation of this macro later in this file.
+ *
+ * Uncomment to enable validation of application-controlled parameters.
+ */
+//#define MBEDTLS_CHECK_PARAMS
+
 /* \} name SECTION: System support */
 
 /**
@@ -359,7 +402,7 @@
  * \note Because of a signature change, the core AES encryption and decryption routines are
  *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
  *       respectively. When setting up alternative implementations, these functions should
- *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ *       be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
  *       must stay untouched.
  *
  * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
@@ -414,11 +457,11 @@
  *      unsigned char mbedtls_internal_ecp_grp_capable(
  *          const mbedtls_ecp_group *grp )
  *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- *      void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
+ *      void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
  * The mbedtls_internal_ecp_grp_capable function should return 1 if the
  * replacement functions implement arithmetic for the given group and 0
  * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
  * called before and after each point operation and provide an opportunity to
  * implement optimized set up and tear down instructions.
  *
@@ -1160,6 +1203,30 @@
 #define MBEDTLS_PKCS1_V21
 
 /**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * Module:  library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_PSA_HAS_ITS_IO
+ *
+ * Enable the non-volatile secure storage usage.
+ *
+ * This is crucial on systems that do not have a HW TRNG support.
+ *
+ */
+//#define MBEDTLS_PSA_HAS_ITS_IO
+
+/**
  * \def MBEDTLS_RSA_NO_CRT
  *
  * Do not use the Chinese Remainder Theorem
@@ -1496,7 +1563,7 @@
  * \def MBEDTLS_SSL_SESSION_TICKETS
  *
  * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintainance of a
+ * Client-side, provides full support for session tickets (maintenance of a
  * session store remains the responsibility of the application, though).
  * Server-side, you also need to provide callbacks for writing and parsing
  * tickets, including authenticated encryption and key management. Example
@@ -1583,6 +1650,24 @@
 //#define MBEDTLS_THREADING_PTHREAD
 
 /**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, see
+ * #MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Note: this option is still in progress, the full X.509 and TLS modules are
+ * not covered yet, but parts that are not ported to PSA yet will still work
+ * as usual, so enabling this option should not break backwards compatibility.
+ *
+ * \warning  Support for PSA is still an experimental feature.
+ *           Any public API that depends on this option may change
+ *           at any time until this warning is removed.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
  * \def MBEDTLS_VERSION_FEATURES
  *
  * Allow run-time checking of compile-time enabled features. Thus allowing users
@@ -1662,7 +1747,7 @@
  *
  * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
  * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be a applicable to your use case.
+ * CRIME or similar exploits may be applicable to your use case.
  *
  * \note Currently compression can't be used with DTLS.
  *
@@ -2591,6 +2676,65 @@
 #define MBEDTLS_POLY1305_C
 
 /**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * \note This option only has an effect when the build option
+ * USE_CRYPTO_SUBMODULE is also in use.
+ *
+ * \warning This feature is experimental and available on an opt-in basis only.
+ * PSA APIs are subject to change at any time. The implementation comes with
+ * less assurance and support than the rest of Mbed TLS.
+ *
+ * Module:  crypto/library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module:  library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C and one of either
+ * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ * (but not both)
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ *
+ * Enable persistent key storage over files for the
+ * Platform Security Architecture cryptography API.
+ *
+ * Module:  library/psa_crypto_storage_file.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+ *
+ * Enable persistent key storage over PSA ITS for the
+ * Platform Security Architecture cryptography API.
+ *
+ * Module:  library/psa_crypto_storage_its.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+
+/**
  * \def MBEDTLS_RIPEMD160_C
  *
  * Enable the RIPEMD-160 hash algorithm.
@@ -2974,7 +3118,7 @@
 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
@@ -2991,11 +3135,42 @@
 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf /**< Default vsnprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
 
+/**
+ * \brief       This macro is invoked by the library when an invalid parameter
+ *              is detected that is only checked with MBEDTLS_CHECK_PARAMS
+ *              (see the documentation of that option for context).
+ *
+ *              When you leave this undefined here, a default definition is
+ *              provided that invokes the function mbedtls_param_failed(),
+ *              which is declared in platform_util.h for the benefit of the
+ *              library, but that you need to define in your application.
+ *
+ *              When you define this here, this replaces the default
+ *              definition in platform_util.h (which no longer declares the
+ *              function mbedtls_param_failed()) and it is your responsibility
+ *              to make sure this macro expands to something suitable (in
+ *              particular, that all the necessary declarations are visible
+ *              from within the library - you can ensure that by providing
+ *              them in this file next to the macro definition).
+ *
+ *              Note that you may define this macro to expand to nothing, in
+ *              which case you don't have to worry about declarations or
+ *              definitions. However, you will then be notified about invalid
+ *              parameters only in non-void functions, and void function will
+ *              just silently return early on invalid parameters, which
+ *              partially negates the benefits of enabling
+ *              #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
+ *
+ * \param cond  The expression that should evaluate to true, but doesn't.
+ */
+//#define MBEDTLS_PARAM_FAILED( cond )               assert( cond )
+
 /* SSL Cache options */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
@@ -3004,31 +3179,65 @@
 
 /** \def MBEDTLS_SSL_MAX_CONTENT_LEN
  *
- * Maximum fragment length in bytes.
+ * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
  *
- * Determines the size of both the incoming and outgoing TLS I/O buffers.
+ * This determines the size of both the incoming and outgoing TLS I/O buffers
+ * in such a way that both are capable of holding the specified amount of
+ * plaintext data, regardless of the protection mechanism used.
  *
- * Uncommenting MBEDTLS_SSL_IN_CONTENT_LEN and/or MBEDTLS_SSL_OUT_CONTENT_LEN
- * will override this length by setting maximum incoming and/or outgoing
- * fragment length, respectively.
+ * To configure incoming and outgoing I/O buffers separately, use
+ * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
+ * which overwrite the value set by this option.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of both
+ * incoming and outgoing I/O buffers.
  */
 //#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384
 
 /** \def MBEDTLS_SSL_IN_CONTENT_LEN
  *
- * Maximum incoming fragment length in bytes.
+ * Maximum length (in bytes) of incoming plaintext fragments.
  *
- * Uncomment to set the size of the inward TLS buffer independently of the
- * outward buffer.
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option is undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer
+ * independently of the outgoing I/O buffer.
  */
 //#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
 
 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
  *
- * Maximum outgoing fragment length in bytes.
+ * Maximum length (in bytes) of outgoing plaintext fragments.
  *
- * Uncomment to set the size of the outward TLS buffer independently of the
- * inward buffer.
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
  *
  * It is possible to save RAM by setting a smaller outward buffer, while keeping
  * the default inward 16384 byte buffer to conform to the TLS specification.
@@ -3038,11 +3247,8 @@
  * The specific size requirement depends on the configured ciphers and any
  * certificate data which is sent during the handshake.
  *
- * For absolute minimum RAM usage, it's best to enable
- * MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This
- * reduces both incoming and outgoing buffer sizes. However this is only
- * guaranteed if the other end of the connection also supports the TLS
- * max_fragment_len extension. Otherwise the connection may fail.
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
+ * independently of the incoming I/O buffer.
  */
 //#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
 
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 013bc03..d4743bb 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -70,9 +70,6 @@
 #define MBEDTLS_CERTS_C
 #define MBEDTLS_PEM_PARSE_C
 
-/* For testing with compat.sh */
-#define MBEDTLS_FS_IO
-
 #include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
index c9a8ebd..4873c36 100644
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@@ -1,9 +1,11 @@
 /**
- * \file config-psa-crypto.h
+ * \file config.h
  *
- * \brief Configuration with all cryptography features and no X.509 or TLS.
+ * \brief Configuration options (set of defines)
  *
- * This configuration is intended to prototype the PSA reference implementation.
+ *  This set of compile-time options may be used to enable
+ *  or disable features selectively, and reduce the global
+ *  memory footprint.
  */
 /*
  *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
@@ -46,10 +48,14 @@
  * Requires support for asm() in compiler.
  *
  * Used in:
+ *      library/aria.c
  *      library/timing.c
- *      library/padlock.c
  *      include/mbedtls/bn_mul.h
  *
+ * Required by:
+ *      MBEDTLS_AESNI_C
+ *      MBEDTLS_PADLOCK_C
+ *
  * Comment to disable the use of assembly code.
  */
 #define MBEDTLS_HAVE_ASM
@@ -83,6 +89,28 @@
 //#define MBEDTLS_NO_UDBL_DIVISION
 
 /**
+ * \def MBEDTLS_NO_64BIT_MULTIPLICATION
+ *
+ * The platform lacks support for 32x32 -> 64-bit multiplication.
+ *
+ * Used in:
+ *      library/poly1305.c
+ *
+ * Some parts of the library may use multiplication of two unsigned 32-bit
+ * operands with a 64-bit result in order to speed up computations. On some
+ * platforms, this is not available in hardware and has to be implemented in
+ * software, usually in a library provided by the toolchain.
+ *
+ * Sometimes it is not desirable to have to link to that library. This option
+ * removes the dependency of that library on platforms that lack a hardware
+ * 64-bit multiplier by embedding a software implementation in Mbed TLS.
+ *
+ * Note that depending on the compiler, this may decrease performance compared
+ * to using the library function provided by the toolchain.
+ */
+//#define MBEDTLS_NO_64BIT_MULTIPLICATION
+
+/**
  * \def MBEDTLS_HAVE_SSE2
  *
  * CPU supports SSE2 instruction set.
@@ -92,6 +120,42 @@
 //#define MBEDTLS_HAVE_SSE2
 
 /**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
+ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
+ * MBEDTLS_PLATFORM_STD_TIME.
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
+ * The time needs to be correct (not necessarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ *
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
  * \def MBEDTLS_PLATFORM_MEMORY
  *
  * Enable the memory allocation layer.
@@ -152,13 +216,17 @@
  * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
  * MBEDTLS_PLATFORM_XXX_MACRO!
  *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
  * Uncomment a macro to enable alternate implementation of specific base
  * platform function
  */
 //#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
 //#define MBEDTLS_PLATFORM_PRINTF_ALT
 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
 
@@ -189,6 +257,48 @@
  */
 //#define MBEDTLS_DEPRECATED_REMOVED
 
+/**
+ * \def MBEDTLS_CHECK_PARAMS
+ *
+ * This configuration option controls whether the library validates more of
+ * the parameters passed to it.
+ *
+ * When this flag is not defined, the library only attempts to validate an
+ * input parameter if: (1) they may come from the outside world (such as the
+ * network, the filesystem, etc.) or (2) not validating them could result in
+ * internal memory errors such as overflowing a buffer controlled by the
+ * library. On the other hand, it doesn't attempt to validate parameters whose
+ * values are fully controlled by the application (such as pointers).
+ *
+ * When this flag is defined, the library additionally attempts to validate
+ * parameters that are fully controlled by the application, and should always
+ * be valid if the application code is fully correct and trusted.
+ *
+ * For example, when a function accepts as input a pointer to a buffer that may
+ * contain untrusted data, and its documentation mentions that this pointer
+ * must not be NULL:
+ * - the pointer is checked to be non-NULL only if this option is enabled
+ * - the content of the buffer is always validated
+ *
+ * When this flag is defined, if a library function receives a parameter that
+ * is invalid, it will:
+ * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
+ *   call to the function mbedtls_param_failed()
+ * - immediately return (with a specific error code unless the function
+ *   returns void and can't communicate an error).
+ *
+ * When defining this flag, you also need to:
+ * - either provide a definition of the function mbedtls_param_failed() in
+ *   your application (see platform_util.h for its prototype) as the library
+ *   calls that function, but does not provide a default definition for it,
+ * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
+ *   below if the above mechanism is not flexible enough to suit your needs.
+ *   See the documentation of this macro later in this file.
+ *
+ * Uncomment to enable validation of application-controlled parameters.
+ */
+//#define MBEDTLS_CHECK_PARAMS
+
 /* \} name SECTION: System support */
 
 /**
@@ -200,6 +310,19 @@
  */
 
 /**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
  * \def MBEDTLS_AES_ALT
  *
  * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
@@ -226,23 +349,29 @@
  */
 //#define MBEDTLS_AES_ALT
 //#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_ARIA_ALT
 //#define MBEDTLS_BLOWFISH_ALT
 //#define MBEDTLS_CAMELLIA_ALT
 //#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
 //#define MBEDTLS_CMAC_ALT
 //#define MBEDTLS_DES_ALT
 //#define MBEDTLS_DHM_ALT
 //#define MBEDTLS_ECJPAKE_ALT
 //#define MBEDTLS_GCM_ALT
+//#define MBEDTLS_NIST_KW_ALT
 //#define MBEDTLS_MD2_ALT
 //#define MBEDTLS_MD4_ALT
 //#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_POLY1305_ALT
 //#define MBEDTLS_RIPEMD160_ALT
 //#define MBEDTLS_RSA_ALT
 //#define MBEDTLS_SHA1_ALT
 //#define MBEDTLS_SHA256_ALT
 //#define MBEDTLS_SHA512_ALT
 //#define MBEDTLS_XTEA_ALT
+
 /*
  * When replacing the elliptic curve module, pleace consider, that it is
  * implemented with two .c files:
@@ -273,7 +402,7 @@
  * \note Because of a signature change, the core AES encryption and decryption routines are
  *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
  *       respectively. When setting up alternative implementations, these functions should
- *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ *       be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
  *       must stay untouched.
  *
  * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
@@ -328,11 +457,11 @@
  *      unsigned char mbedtls_internal_ecp_grp_capable(
  *          const mbedtls_ecp_group *grp )
  *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- *      void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
+ *      void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
  * The mbedtls_internal_ecp_grp_capable function should return 1 if the
  * replacement functions implement arithmetic for the given group and 0
  * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
  * called before and after each point operation and provide an opportunity to
  * implement optimized set up and tear down instructions.
  *
@@ -465,6 +594,53 @@
 #define MBEDTLS_CIPHER_MODE_CTR
 
 /**
+ * \def MBEDTLS_CIPHER_MODE_OFB
+ *
+ * Enable Output Feedback mode (OFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_OFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_XTS
+ *
+ * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
+ */
+#define MBEDTLS_CIPHER_MODE_XTS
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
  * \def MBEDTLS_CIPHER_PADDING_PKCS7
  *
  * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
@@ -481,6 +657,37 @@
 #define MBEDTLS_CIPHER_PADDING_ZEROS
 
 /**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ *
+ * \warning   DES is considered a weak cipher and its use constitutes a
+ *            security risk. We recommend considering stronger ciphers instead.
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
  *
  * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -514,6 +721,30 @@
 #define MBEDTLS_ECP_NIST_OPTIM
 
 /**
+ * \def MBEDTLS_ECP_RESTARTABLE
+ *
+ * Enable "non-blocking" ECC operations that can return early and be resumed.
+ *
+ * This allows various functions to pause by returning
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
+ * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
+ * to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
+ * of ECC operations a function may perform before pausing; see
+ * mbedtls_ecp_set_max_ops() for more information.
+ *
+ * This is useful in non-threaded environments if you want to avoid blocking
+ * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
+ *
+ * Uncomment this macro to enable restartable ECC computations.
+ *
+ * \note  This option only works with the default software implementation of
+ *        elliptic curve functionality. It is incompatible with
+ *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT.
+ */
+//#define MBEDTLS_ECP_RESTARTABLE
+
+/**
  * \def MBEDTLS_ECDSA_DETERMINISTIC
  *
  * Enable deterministic ECDSA (RFC 6979).
@@ -528,6 +759,281 @@
 #define MBEDTLS_ECDSA_DETERMINISTIC
 
 /**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ *           MBEDTLS_SHA256_C
+ *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
  * \def MBEDTLS_PK_PARSE_EC_EXTENDED
  *
  * Enhance support for reading EC keys using variants of SEC1 not allowed by
@@ -640,6 +1146,21 @@
  */
 //#define MBEDTLS_ENTROPY_NV_SEED
 
+/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+ *
+ * In PSA key storage, encode the owner of the key.
+ *
+ * This is only meaningful when building the library as part of a
+ * multi-client service. When you activate this option, you must provide
+ * an implementation of the type psa_key_owner_id_t and a translation
+ * from psa_key_file_id_t to file name in all the storage backends that
+ * you wish to support.
+ *
+ * Note that this option is meant for internal use only and may be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+
 /**
  * \def MBEDTLS_MEMORY_DEBUG
  *
@@ -711,19 +1232,23 @@
 //#define MBEDTLS_PSA_CRYPTO_SPM
 
 /**
- * \def MBEDTLS_PSA_HAS_ITS_IO
+ * \def MBEDTLS_PSA_INJECT_ENTROPY
  *
- * Enable the non-volatile secure storage usage.
+ * Enable support for entropy injection at first boot. This feature is
+ * required on systems that do not have a built-in entropy source (TRNG).
+ * This feature is currently not supported on systems that have a built-in
+ * entropy source.
  *
- * This is crucial on systems that do not have a HW TRNG support.
+ * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
  *
  */
-//#define MBEDTLS_PSA_HAS_ITS_IO
+//#define MBEDTLS_PSA_INJECT_ENTROPY
 
 /**
  * \def MBEDTLS_RSA_NO_CRT
  *
- * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
  *
  * Uncomment this macro to disable the use of CRT in RSA.
  *
@@ -754,6 +1279,373 @@
 //#define MBEDTLS_SHA256_SMALLER
 
 /**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_ASYNC_PRIVATE
+ *
+ * Enable asynchronous external private key operations in SSL. This allows
+ * you to configure an SSL connection to call an external cryptographic
+ * module to perform private key operations instead of performing the
+ * operation inside the library.
+ *
+ */
+//#define MBEDTLS_SSL_ASYNC_PRIVATE
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Enable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ *
+ * \note   Even if this option is disabled, both client and server are aware
+ *         of the Renegotiation Indication Extension (RFC 5746) used to
+ *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
+ *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
+ *          configuration of this extension).
+ *
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+//#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ *           (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ *        or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintenance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_EXPORT_KEYS
+ *
+ * Enable support for exporting key block and master secret.
+ * This is required for certain users of TLS, e.g. EAP-TLS.
+ *
+ * Comment this macro to disable support for key export
+ */
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+ *
+ * Fallback to old (pre-2.7), non-conforming implementation of the truncated
+ * HMAC extension which also truncates the HMAC key. Note that this option is
+ * only meant for a transitory upgrade period and is likely to be removed in
+ * a future version of the library.
+ *
+ * \warning The old implementation is non-compliant and has a security weakness
+ *          (2^80 brute force attack on the HMAC key used for a single,
+ *          uninterrupted connection). This should only be enabled temporarily
+ *          when (1) the use of truncated HMAC is essential in order to save
+ *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
+ *          the fixed implementation yet (pre-2.7).
+ *
+ * \deprecated This option is deprecated and will likely be removed in a
+ *             future version of Mbed TLS.
+ *
+ * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
+ *
+ * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
+ */
+//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+
+/**
  * \def MBEDTLS_THREADING_ALT
  *
  * Provide your own alternate threading implementation.
@@ -776,6 +1668,24 @@
 //#define MBEDTLS_THREADING_PTHREAD
 
 /**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, see
+ * #MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Note: this option is still in progress, the full X.509 and TLS modules are
+ * not covered yet, but parts that are not ported to PSA yet will still work
+ * as usual, so enabling this option should not break backwards compatibility.
+ *
+ * \warning  Support for PSA is still an experimental feature.
+ *           Any public API that depends on this option may change
+ *           at any time until this warning is removed.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
  * \def MBEDTLS_VERSION_FEATURES
  *
  * Allow run-time checking of compile-time enabled features. Thus allowing users
@@ -788,6 +1698,89 @@
  */
 #define MBEDTLS_VERSION_FEATURES
 
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * \deprecated This feature is deprecated and will be removed
+ *             in the next major revision of the library.
+ *
+ * Used in: library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
 /* \} name SECTION: mbed TLS feature support */
 
 /**
@@ -817,7 +1810,7 @@
  * Enable the AES block cipher.
  *
  * Module:  library/aes.c
- * Caller:  library/ssl_tls.c
+ * Caller:  library/cipher.c
  *          library/pem.c
  *          library/ctr_drbg.c
  *
@@ -892,7 +1885,7 @@
  * Enable the ARCFOUR stream cipher.
  *
  * Module:  library/arc4.c
- * Caller:  library/ssl_tls.c
+ * Caller:  library/cipher.c
  *
  * This module enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -986,7 +1979,7 @@
  * Enable the Camellia block cipher.
  *
  * Module:  library/camellia.c
- * Caller:  library/ssl_tls.c
+ * Caller:  library/cipher.c
  *
  * This module enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -1036,6 +2029,58 @@
 #define MBEDTLS_CAMELLIA_C
 
 /**
+ * \def MBEDTLS_ARIA_C
+ *
+ * Enable the ARIA block cipher.
+ *
+ * Module:  library/aria.c
+ * Caller:  library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
+ */
+//#define MBEDTLS_ARIA_C
+
+/**
  * \def MBEDTLS_CCM_C
  *
  * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
@@ -1050,6 +2095,38 @@
 #define MBEDTLS_CCM_C
 
 /**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module:  library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 stream cipher.
+ *
+ * Module:  library/chacha20.c
+ */
+#define MBEDTLS_CHACHA20_C
+
+/**
+ * \def MBEDTLS_CHACHAPOLY_C
+ *
+ * Enable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module:  library/chachapoly.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#define MBEDTLS_CHACHAPOLY_C
+
+/**
  * \def MBEDTLS_CIPHER_C
  *
  * Enable the generic cipher layer.
@@ -1077,25 +2154,41 @@
 /**
  * \def MBEDTLS_CTR_DRBG_C
  *
- * Enable the CTR_DRBG AES-256-based random generator.
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
  *
  * Module:  library/ctr_drbg.c
  * Caller:
  *
  * Requires: MBEDTLS_AES_C
  *
- * This module provides the CTR_DRBG AES-256 random number generator.
+ * This module provides the CTR_DRBG AES random number generator.
  */
 #define MBEDTLS_CTR_DRBG_C
 
 /**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define MBEDTLS_DEBUG_C
+
+/**
  * \def MBEDTLS_DES_C
  *
  * Enable the DES block cipher.
  *
  * Module:  library/des.c
  * Caller:  library/pem.c
- *          library/ssl_tls.c
+ *          library/cipher.c
  *
  * This module enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -1186,7 +2279,7 @@
  *
  * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
  */
-#define MBEDTLS_ECJPAKE_C
+//#define MBEDTLS_ECJPAKE_C
 
 /**
  * \def MBEDTLS_ECP_C
@@ -1243,6 +2336,44 @@
 #define MBEDTLS_GCM_C
 
 /**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
+ * Module:  library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HKDF_C
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Module:  library/hkdf.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
+ */
+#define MBEDTLS_HKDF_C
+
+/**
  * \def MBEDTLS_HMAC_DRBG_C
  *
  * Enable the HMAC_DRBG random generator.
@@ -1257,6 +2388,19 @@
 #define MBEDTLS_HMAC_DRBG_C
 
 /**
+ * \def MBEDTLS_NIST_KW_C
+ *
+ * Enable the Key Wrapping mode for 128-bit block ciphers,
+ * as defined in NIST SP 800-38F. Only KW and KWP modes
+ * are supported. At the moment, only AES is approved by NIST.
+ *
+ * Module:  library/nist_kw.c
+ *
+ * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
+ */
+//#define MBEDTLS_NIST_KW_C
+
+/**
  * \def MBEDTLS_MD_C
  *
  * Enable the generic message digest layer.
@@ -1283,7 +2427,7 @@
  *            it, and considering stronger message digests instead.
  *
  */
-#define MBEDTLS_MD2_C
+//#define MBEDTLS_MD2_C
 
 /**
  * \def MBEDTLS_MD4_C
@@ -1300,7 +2444,7 @@
  *            it, and considering stronger message digests instead.
  *
  */
-#define MBEDTLS_MD4_C
+//#define MBEDTLS_MD4_C
 
 /**
  * \def MBEDTLS_MD5_C
@@ -1341,6 +2485,25 @@
 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
 
 /**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+#define MBEDTLS_NET_C
+
+/**
  * \def MBEDTLS_OID_C
  *
  * Enable the OID database.
@@ -1375,7 +2538,7 @@
  *
  * This modules adds support for the VIA PadLock on x86.
  */
-//#define MBEDTLS_PADLOCK_C
+#define MBEDTLS_PADLOCK_C
 
 /**
  * \def MBEDTLS_PEM_PARSE_C
@@ -1521,6 +2684,16 @@
 #define MBEDTLS_PLATFORM_C
 
 /**
+ * \def MBEDTLS_POLY1305_C
+ *
+ * Enable the Poly1305 MAC algorithm.
+ *
+ * Module:  library/poly1305.c
+ * Caller:  library/chachapoly.c
+ */
+#define MBEDTLS_POLY1305_C
+
+/**
  * \def MBEDTLS_PSA_CRYPTO_C
  *
  * Enable the Platform Security Architecture cryptography API.
@@ -1539,38 +2712,23 @@
  *
  * Module:  library/psa_crypto_storage.c
  *
- * Requires: MBEDTLS_PSA_CRYPTO_C and one of either
- * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- * (but not both)
- *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ *           the PSA ITS interface
  */
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
 
 /**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ * \def MBEDTLS_PSA_ITS_FILE_C
  *
- * Enable persistent key storage over files for the
- * Platform Security Architecture cryptography API.
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
  *
- * Module:  library/psa_crypto_storage_file.c
+ * Module:  library/psa_its_file.c
  *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
- *
+ * Requires: MBEDTLS_FS_IO
  */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- *
- * Enable persistent key storage over PSA ITS for the
- * Platform Security Architecture cryptography API.
- *
- * Module:  library/psa_crypto_storage_its.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+#define MBEDTLS_PSA_ITS_FILE_C
 
 /**
  * \def MBEDTLS_RIPEMD160_C
@@ -1657,6 +2815,84 @@
 #define MBEDTLS_SHA512_C
 
 /**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
  * \def MBEDTLS_THREADING_C
  *
  * Enable the threading abstraction layer.
@@ -1679,6 +2915,29 @@
 //#define MBEDTLS_THREADING_C
 
 /**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/timing.c
+ * Caller:  library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+/**
  * \def MBEDTLS_VERSION_C
  *
  * Enable run-time version information.
@@ -1690,6 +2949,106 @@
 #define MBEDTLS_VERSION_C
 
 /**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ *           MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/x509_crt.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/x509_crl.c
+ * Caller:  library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/**
  * \def MBEDTLS_XTEA_C
  *
  * Enable the XTEA block cipher.
@@ -1726,6 +3085,7 @@
 //#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY              /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
 
 /* HMAC_DRBG options */
 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
@@ -1754,7 +3114,7 @@
 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
@@ -1771,12 +3131,194 @@
 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf /**< Default vsnprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
 
 /**
+ * \brief       This macro is invoked by the library when an invalid parameter
+ *              is detected that is only checked with MBEDTLS_CHECK_PARAMS
+ *              (see the documentation of that option for context).
+ *
+ *              When you leave this undefined here, a default definition is
+ *              provided that invokes the function mbedtls_param_failed(),
+ *              which is declared in platform_util.h for the benefit of the
+ *              library, but that you need to define in your application.
+ *
+ *              When you define this here, this replaces the default
+ *              definition in platform_util.h (which no longer declares the
+ *              function mbedtls_param_failed()) and it is your responsibility
+ *              to make sure this macro expands to something suitable (in
+ *              particular, that all the necessary declarations are visible
+ *              from within the library - you can ensure that by providing
+ *              them in this file next to the macro definition).
+ *
+ *              Note that you may define this macro to expand to nothing, in
+ *              which case you don't have to worry about declarations or
+ *              definitions. However, you will then be notified about invalid
+ *              parameters only in non-void functions, and void function will
+ *              just silently return early on invalid parameters, which
+ *              partially negates the benefits of enabling
+ *              #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
+ *
+ * \param cond  The expression that should evaluate to true, but doesn't.
+ */
+//#define MBEDTLS_PARAM_FAILED( cond )               assert( cond )
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+
+/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
+ *
+ * This determines the size of both the incoming and outgoing TLS I/O buffers
+ * in such a way that both are capable of holding the specified amount of
+ * plaintext data, regardless of the protection mechanism used.
+ *
+ * To configure incoming and outgoing I/O buffers separately, use
+ * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
+ * which overwrite the value set by this option.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of both
+ * incoming and outgoing I/O buffers.
+ */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384
+
+/** \def MBEDTLS_SSL_IN_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming plaintext fragments.
+ *
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option is undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer
+ * independently of the outgoing I/O buffer.
+ */
+//#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
+
+/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of outgoing plaintext fragments.
+ *
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * It is possible to save RAM by setting a smaller outward buffer, while keeping
+ * the default inward 16384 byte buffer to conform to the TLS specification.
+ *
+ * The minimum required outward buffer size is determined by the handshake
+ * protocol's usage. Handshaking will fail if the outward buffer is too small.
+ * The specific size requirement depends on the configured ciphers and any
+ * certificate data which is sent during the handshake.
+ *
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
+ * independently of the incoming I/O buffer.
+ */
+//#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
+
+/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
+ *
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ *
+ * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
+ * to account for a reassembled handshake message of maximum size,
+ * together with its reassembly bitmap.
+ *
+ * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
+ * should be sufficient for all practical situations as it allows
+ * to reassembly a large handshake message (such as a certificate)
+ * while buffering multiple smaller handshake messages.
+ *
+ */
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
+
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+
+/**
+ * Allow SHA-1 in the default TLS configuration for certificate signing.
+ * Without this build-time option, SHA-1 support must be activated explicitly
+ * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
+ * recommended because of it is possible to generate SHA-1 collisions, however
+ * this may be safe for legacy infrastructure where additional controls apply.
+ *
+ * \warning   SHA-1 is considered a weak message digest and its use constitutes
+ *            a security risk. If possible, we recommend avoiding dependencies
+ *            on it, and considering stronger message digests instead.
+ *
+ */
+// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+/**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
+ * signature and ciphersuite selection. Without this build-time option, SHA-1
+ * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
+ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
+ * default. At the time of writing, there is no practical attack on the use
+ * of SHA-1 in handshake signatures, hence this option is turned on by default
+ * to preserve compatibility with existing peers, but the general
+ * warning applies nonetheless:
+ *
+ * \warning   SHA-1 is considered a weak message digest and its use constitutes
+ *            a security risk. If possible, we recommend avoiding dependencies
+ *            on it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+
+/**
  * Uncomment the macro to let mbed TLS use your alternate implementation of
  * mbedtls_platform_zeroize(). This replaces the default implementation in
  * platform_util.c.
@@ -1796,8 +3338,36 @@
  */
 //#define MBEDTLS_PLATFORM_ZEROIZE_ALT
 
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
 /* \} name SECTION: Customisation configuration options */
 
-#include "mbedtls/check_config.h"
+/* Target and application specific configurations
+ *
+ * Allow user to override any previous default.
+ *
+ */
+#if defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 25db16b..f729a03 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -75,10 +75,6 @@
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_TLS_C
 
-/* For tests using ssl-opt.sh */
-#define MBEDTLS_NET_C
-#define MBEDTLS_TIMING_C
-
 /* Save RAM at the expense of ROM */
 #define MBEDTLS_AES_ROM_TABLES
 
diff --git a/docs/PSA_Cryptography_API_Specification.pdf b/docs/PSA_Cryptography_API_Specification.pdf
index 8c7dfe8..171547d 100644
--- a/docs/PSA_Cryptography_API_Specification.pdf
+++ b/docs/PSA_Cryptography_API_Specification.pdf
Binary files differ
diff --git a/docs/architecture/.gitignore b/docs/architecture/.gitignore
new file mode 100644
index 0000000..23f832b
--- /dev/null
+++ b/docs/architecture/.gitignore
@@ -0,0 +1,2 @@
+*.html
+*.pdf
diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile
new file mode 100644
index 0000000..f763c9c
--- /dev/null
+++ b/docs/architecture/Makefile
@@ -0,0 +1,19 @@
+PANDOC = pandoc
+
+default: all
+
+all_markdown = \
+	       mbed-crypto-storage-specification.md \
+	       # This line is intentionally left blank
+
+html: $(all_markdown:.md=.html)
+pdf: $(all_markdown:.md=.pdf)
+all: html pdf
+
+.SUFFIXES:
+.SUFFIXES: .md .html .pdf
+
+.md.html:
+	$(PANDOC) -o $@ $<
+.md.pdf:
+	$(PANDOC) -o $@ $<
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
new file mode 100644
index 0000000..2d4fed5
--- /dev/null
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -0,0 +1,161 @@
+Mbed Crypto storage specification
+=================================
+
+This document specifies how Mbed Crypto uses storage.
+
+Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore:
+
+1. Any change may break existing installations and may require an upgrade path.
+1. This document retains historical information about all past released versions. Do not remove information from this document unless it has always been incorrect or it is about a version that you are sure was never released.
+
+Mbed Crypto 0.1.0
+-----------------
+
+Tags: mbedcrypto-0.1.0b, mbedcrypto-0.1.0b2
+
+Released in November 2018. <br>
+Integrated in Mbed OS 5.11.
+
+Supported backends:
+
+* [PSA ITS](#file-namespace-on-its-for-0.1.0)
+* [C stdio](#file-namespace-on-stdio-for-0.1.0)
+
+Supported features:
+
+* [Persistent transparent keys](#key-file-format-for-0.1.0) designated by a [slot number](#key-names-for-0.1.0).
+* [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.1.0) on ITS only.
+
+This is a beta release, and we do not promise backward compatibility, with one exception:
+
+> On Mbed OS, if a device has a nonvolatile random seed file produced with Mbed OS 5.11.x and is upgraded to a later version of Mbed OS, the nonvolatile random seed file is preserved or upgraded.
+
+We do not make any promises regarding key storage, or regarding the nonvolatile random seed file on other platforms.
+
+### Key names for 0.1.0
+
+Information about each key is stored in a dedicated file whose name is constructed from the key identifier. The way in which the file name is constructed depends on the storage backend. The content of the file is described [below](#key-file-format-for-0.1.0).
+
+The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid.
+
+The code uses the following constant in an internal header (note that despite the name, this value is actually one plus the maximum permitted value):
+
+    #define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xffff0000
+
+There is a shared namespace for all callers.
+
+### Key file format for 0.1.0
+
+All integers are encoded in little-endian order in 8-bit bytes.
+
+The layout of a key file is:
+
+* magic (8 bytes): `"PSA\0KEY\0"`
+* version (4 bytes): 0
+* type (4 bytes): `psa_key_type_t` value
+* policy usage flags (4 bytes): `psa_key_usage_t` value
+* policy usage algorithm (4 bytes): `psa_algorithm_t` value
+* key material length (4 bytes)
+* key material: output of `psa_export_key`
+* Any trailing data is rejected on load.
+
+### Nonvolatile random seed file format for 0.1.0
+
+The nonvolatile random seed file contains a seed for the random generator. If present, it is rewritten at each boot as part of the random generator initialization.
+
+The file format is just the seed as a byte string with no metadata or encoding of any kind.
+
+### File namespace on ITS for 0.1.0
+
+Assumption: ITS provides a 32-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+* File 0: unused.
+* Files 1 through 0xfffeffff: [content](#key-file-format-for-0.1.0) of the [key whose identifier is the file identifier](#key-names-for-0.1.0).
+* File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.1.0).
+* Files 0xffff0000 through 0xffffff51, 0xffffff53 through 0xffffffff: unused.
+
+### File namespace on stdio for 0.1.0
+
+Assumption: C stdio, allowing names containing lowercase letters, digits and underscores, of length up to 23.
+
+An undocumented build-time configuration value `CRYPTO_STORAGE_FILE_LOCATION` allows storing the key files in a directory other than the current directory. This value is simply prepended to the file name (so it must end with a directory separator to put the keys in a different directory).
+
+* `CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0"`: used as a temporary file. Must be writable. May be overwritten or deleted if present.
+* `sprintf(CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%lu", key_id)` [content](#key-file-format-for-0.1.0) of the [key whose identifier](#key-names-for-0.1.0) is `key_id`.
+* Other files: unused.
+
+Mbed Crypto 0.2.0
+-----------------
+
+**Warning:** the information in this section is provisional and may change before Mbed Crypto is released for Mbed OS 5.12. At the time of writing, we don't even know whether this version will be called 0.2.0.
+
+To be released for Mbed OS 5.12.
+
+Supported integrations:
+
+* [PSA platform](#file-namespace-on-a-psa-platform-for-0.2.0)
+* [library using PSA ITS](#file-namespace-on-its-as-a-library-for-0.2.0)
+* [library using C stdio](#file-namespace-on-stdio-for-0.2.0)
+
+Supported features:
+
+* [Persistent transparent keys](#key-file-format-for-0.2.0) designated by a [key identifier and owner](#key-names-for-0.2.0).
+* [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.2.0) on ITS only.
+
+Backward compatibility commitments: TBD
+
+### Key names for 0.2.0
+
+Information about each key is stored in a dedicated file designated by a _key file identifier_ (`psa_key_file_id_t`). The key file identifier is constructed from the 32-bit key identifier (`psa_key_id_t`) and, if applicable, an identifier of the owner of the key. In integrations where there is no concept of key owner (in particular, in library integrations), the key file identifier is exactly the key identifier. When the library is integrated into a service, the service determines the semantics of the owner identifier.
+
+The way in which the file name is constructed from the key file identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-0.2.0).
+
+The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid.
+
+* Library integration: the key file name is just the key identifer. This is a 32-bit value.
+* PSA service integration: the key file identifier is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier specified by the application and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value.
+
+### Key file format for 0.2.0
+
+The layout is identical to [0.1.0](#key-file-format-for-0.1.0) so far. However note that the encoding of key types, algorithms and key material has changed, therefore the storage format is not compatible (despite using the same value in the version field so far).
+
+### Nonvolatile random seed file format for 0.2.0
+
+[Identical to 0.1.0](#nonvolatile-random-seed-file-format-for-0.1.0).
+
+### File namespace on a PSA platform for 0.2.0
+
+Assumption: ITS provides a 64-bit file identifier namespace. The Crypto service can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+Assumption: the owner identifier is a nonzero value of type `int32_t`.
+
+* Files 0 through 0xffffff51, 0xffffff53 through 0xffffffff: unused, reserved for internal use of the crypto library or crypto service.
+* File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.1.0).
+* Files 0x100000000 through 0xffffffffffff: [content](#key-file-format-for-0.2.0) of the [key whose identifier is the file identifier](#key-names-for-0.2.0). The upper 32 bits determine the owner.
+
+### File namespace on ITS as a library for 0.2.0
+
+Assumption: ITS provides a 64-bit file identifier namespace. The entity using the crypto library can use arbitrary file identifiers and no other part of the system accesses the same file identifier namespace.
+
+This is a library integration, so there is no owner. The key file identifier is identical to the key identifier.
+
+* File 0: unused.
+* Files 1 through 0xfffeffff: [content](#key-file-format-for-0.2.0) of the [key whose identifier is the file identifier](#key-names-for-0.2.0).
+* File 0xffffff52 (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`): [nonvolatile random seed](#nonvolatile-random-seed-file-format-for-0.2.0).
+* Files 0xffff0000 through 0xffffff51, 0xffffff53 through 0xffffffff, 0x100000000 through 0xffffffffffffffff: unused.
+
+### File namespace on stdio for 0.2.0
+
+This is a library integration, so there is no owner. The key file identifier is identical to the key identifier.
+
+[Identical to 0.1.0](#file-namespace-on-stdio-for-0.1.0).
+
+### Upgrade from 0.1.0 to 0.2.0.
+
+* Delete files 1 through 0xfffeffff, which contain keys in a format that is no longer supported.
+
+### Suggested changes to make before 0.2.0
+
+The library integration and the PSA platform integration use different sets of file names. This is annoyingly non-uniform. For example, if we want to store non-key files, we have room in different ranges (0 through 0xffffffff on a PSA platform, 0xffff0000 through 0xffffffffffffffff in a library integration).
+
+It would simplify things to always have a 32-bit owner, with a nonzero value, and thus reserve the range 0–0xffffffff for internal library use.
diff --git a/docs/getting_started.md b/docs/getting_started.md
index 3008a19..9ab4f8f 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -73,7 +73,7 @@
 1. Test the information stored in this slot:
 ```C
     int key_slot = 1;
-    uint8_t *data = "KEYPAIR_KEY_DATA";
+    uint8_t *data = "KEY_PAIR_KEY_DATA";
     size_t data_size;
     psa_key_type_t type = PSA_KEY_TYPE_RSA_PUBLIC_KEY;
     size_t got_bits;
@@ -127,7 +127,7 @@
                              PSA_ALG_RSA_PKCS1V15_SIGN_RAW);
     status = psa_set_key_policy(key_slot, &policy);
 
-    status = psa_import_key(key_slot, PSA_KEY_TYPE_RSA_KEYPAIR,
+    status = psa_import_key(key_slot, PSA_KEY_TYPE_RSA_KEY_PAIR,
                             key, sizeof(key));
 
     /* Sing message using the key */
@@ -335,7 +335,7 @@
 1. Set up the generator using the `psa_key_derivation` function providing a key slot containing a key that can be used for key derivation and a salt and label (Note: salt and label are optional).
 1. Initiate a key policy to for the derived key by calling `psa_key_policy_set_usage()` with `PSA_KEY_USAGE_ENCRYPT` parameter and the algorithm `PSA_ALG_CTR`.
 1. Set the key policy to the derived key slot.
-1. Import a key from generator into the desired key slot using (`psa_generator_import_key`).
+1. Import a key from generator into the desired key slot using (`psa_key_derivation_output_key`).
 1. Clean up generator.
 
 At this point the derived key slot holds a new 128-bit AES-CTR encryption key derived from the key, salt and label provided:
@@ -358,7 +358,7 @@
 
     psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
     psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
     size_t derived_bits = 128;
     size_t capacity = PSA_BITS_TO_BYTES(derived_bits);
 
@@ -378,10 +378,10 @@
 
     psa_set_key_policy(derived_key, &policy);
 
-    psa_generator_import_key(derived_key, PSA_KEY_TYPE_AES, derived_bits, &generator);
+    psa_key_derivation_output_key(derived_key, PSA_KEY_TYPE_AES, derived_bits, &generator);
 
     /* Clean up generator and key */
-    psa_generator_abort(&generator);
+    psa_key_derivation_abort(&generator);
     /* as part of clean up you may want to clean up the keys used by calling:
      * psa_destroy_key( base_key ); or psa_destroy_key( derived_key ); */
     mbedtls_psa_crypto_free();
@@ -510,7 +510,7 @@
     psa_set_key_policy(slot, &policy);
 
     /* Generate a key */
-    psa_generate_key(slot, PSA_KEY_TYPE_AES, bits, NULL, 0);
+    psa_generate_key(slot, PSA_KEY_TYPE_AES, bits);
 
     psa_export_key(slot, exported, exported_size, &exported_length)
 
diff --git a/docs/html/.buildinfo b/docs/html/.buildinfo
new file mode 100644
index 0000000..379f371
--- /dev/null
+++ b/docs/html/.buildinfo
@@ -0,0 +1,4 @@
+# Sphinx build info version 1
+# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
+config: 3c0fcdd2bdf4eedd64fc44c41889daf2
+tags: 645f666f9bcd5a90fca523b33c5a78b7
diff --git a/docs/html/_static/ajax-loader.gif b/docs/html/_static/ajax-loader.gif
new file mode 100644
index 0000000..61faf8c
--- /dev/null
+++ b/docs/html/_static/ajax-loader.gif
Binary files differ
diff --git a/docs/html/_static/alabaster.css b/docs/html/_static/alabaster.css
new file mode 100644
index 0000000..0eddaeb
--- /dev/null
+++ b/docs/html/_static/alabaster.css
@@ -0,0 +1,701 @@
+@import url("basic.css");
+
+/* -- page layout ----------------------------------------------------------- */
+
+body {
+    font-family: Georgia, serif;
+    font-size: 17px;
+    background-color: #fff;
+    color: #000;
+    margin: 0;
+    padding: 0;
+}
+
+
+div.document {
+    width: 940px;
+    margin: 30px auto 0 auto;
+}
+
+div.documentwrapper {
+    float: left;
+    width: 100%;
+}
+
+div.bodywrapper {
+    margin: 0 0 0 220px;
+}
+
+div.sphinxsidebar {
+    width: 220px;
+    font-size: 14px;
+    line-height: 1.5;
+}
+
+hr {
+    border: 1px solid #B1B4B6;
+}
+
+div.body {
+    background-color: #fff;
+    color: #3E4349;
+    padding: 0 30px 0 30px;
+}
+
+div.body > .section {
+    text-align: left;
+}
+
+div.footer {
+    width: 940px;
+    margin: 20px auto 30px auto;
+    font-size: 14px;
+    color: #888;
+    text-align: right;
+}
+
+div.footer a {
+    color: #888;
+}
+
+p.caption {
+    font-family: inherit;
+    font-size: inherit;
+}
+
+
+div.relations {
+    display: none;
+}
+
+
+div.sphinxsidebar a {
+    color: #444;
+    text-decoration: none;
+    border-bottom: 1px dotted #999;
+}
+
+div.sphinxsidebar a:hover {
+    border-bottom: 1px solid #999;
+}
+
+div.sphinxsidebarwrapper {
+    padding: 18px 10px;
+}
+
+div.sphinxsidebarwrapper p.logo {
+    padding: 0;
+    margin: -10px 0 0 0px;
+    text-align: center;
+}
+
+div.sphinxsidebarwrapper h1.logo {
+    margin-top: -10px;
+    text-align: center;
+    margin-bottom: 5px;
+    text-align: left;
+}
+
+div.sphinxsidebarwrapper h1.logo-name {
+    margin-top: 0px;
+}
+
+div.sphinxsidebarwrapper p.blurb {
+    margin-top: 0;
+    font-style: normal;
+}
+
+div.sphinxsidebar h3,
+div.sphinxsidebar h4 {
+    font-family: Georgia, serif;
+    color: #444;
+    font-size: 24px;
+    font-weight: normal;
+    margin: 0 0 5px 0;
+    padding: 0;
+}
+
+div.sphinxsidebar h4 {
+    font-size: 20px;
+}
+
+div.sphinxsidebar h3 a {
+    color: #444;
+}
+
+div.sphinxsidebar p.logo a,
+div.sphinxsidebar h3 a,
+div.sphinxsidebar p.logo a:hover,
+div.sphinxsidebar h3 a:hover {
+    border: none;
+}
+
+div.sphinxsidebar p {
+    color: #555;
+    margin: 10px 0;
+}
+
+div.sphinxsidebar ul {
+    margin: 10px 0;
+    padding: 0;
+    color: #000;
+}
+
+div.sphinxsidebar ul li.toctree-l1 > a {
+    font-size: 120%;
+}
+
+div.sphinxsidebar ul li.toctree-l2 > a {
+    font-size: 110%;
+}
+
+div.sphinxsidebar input {
+    border: 1px solid #CCC;
+    font-family: Georgia, serif;
+    font-size: 1em;
+}
+
+div.sphinxsidebar hr {
+    border: none;
+    height: 1px;
+    color: #AAA;
+    background: #AAA;
+
+    text-align: left;
+    margin-left: 0;
+    width: 50%;
+}
+
+div.sphinxsidebar .badge {
+    border-bottom: none;
+}
+
+div.sphinxsidebar .badge:hover {
+    border-bottom: none;
+}
+
+/* To address an issue with donation coming after search */
+div.sphinxsidebar h3.donation {
+    margin-top: 10px;
+}
+
+/* -- body styles ----------------------------------------------------------- */
+
+a {
+    color: #004B6B;
+    text-decoration: underline;
+}
+
+a:hover {
+    color: #6D4100;
+    text-decoration: underline;
+}
+
+div.body h1,
+div.body h2,
+div.body h3,
+div.body h4,
+div.body h5,
+div.body h6 {
+    font-family: Georgia, serif;
+    font-weight: normal;
+    margin: 30px 0px 10px 0px;
+    padding: 0;
+}
+
+div.body h1 { margin-top: 0; padding-top: 0; font-size: 240%; }
+div.body h2 { font-size: 180%; }
+div.body h3 { font-size: 150%; }
+div.body h4 { font-size: 130%; }
+div.body h5 { font-size: 100%; }
+div.body h6 { font-size: 100%; }
+
+a.headerlink {
+    color: #DDD;
+    padding: 0 4px;
+    text-decoration: none;
+}
+
+a.headerlink:hover {
+    color: #444;
+    background: #EAEAEA;
+}
+
+div.body p, div.body dd, div.body li {
+    line-height: 1.4em;
+}
+
+div.admonition {
+    margin: 20px 0px;
+    padding: 10px 30px;
+    background-color: #EEE;
+    border: 1px solid #CCC;
+}
+
+div.admonition tt.xref, div.admonition code.xref, div.admonition a tt {
+    background-color: #FBFBFB;
+    border-bottom: 1px solid #fafafa;
+}
+
+div.admonition p.admonition-title {
+    font-family: Georgia, serif;
+    font-weight: normal;
+    font-size: 24px;
+    margin: 0 0 10px 0;
+    padding: 0;
+    line-height: 1;
+}
+
+div.admonition p.last {
+    margin-bottom: 0;
+}
+
+div.highlight {
+    background-color: #fff;
+}
+
+dt:target, .highlight {
+    background: #FAF3E8;
+}
+
+div.warning {
+    background-color: #FCC;
+    border: 1px solid #FAA;
+}
+
+div.danger {
+    background-color: #FCC;
+    border: 1px solid #FAA;
+    -moz-box-shadow: 2px 2px 4px #D52C2C;
+    -webkit-box-shadow: 2px 2px 4px #D52C2C;
+    box-shadow: 2px 2px 4px #D52C2C;
+}
+
+div.error {
+    background-color: #FCC;
+    border: 1px solid #FAA;
+    -moz-box-shadow: 2px 2px 4px #D52C2C;
+    -webkit-box-shadow: 2px 2px 4px #D52C2C;
+    box-shadow: 2px 2px 4px #D52C2C;
+}
+
+div.caution {
+    background-color: #FCC;
+    border: 1px solid #FAA;
+}
+
+div.attention {
+    background-color: #FCC;
+    border: 1px solid #FAA;
+}
+
+div.important {
+    background-color: #EEE;
+    border: 1px solid #CCC;
+}
+
+div.note {
+    background-color: #EEE;
+    border: 1px solid #CCC;
+}
+
+div.tip {
+    background-color: #EEE;
+    border: 1px solid #CCC;
+}
+
+div.hint {
+    background-color: #EEE;
+    border: 1px solid #CCC;
+}
+
+div.seealso {
+    background-color: #EEE;
+    border: 1px solid #CCC;
+}
+
+div.topic {
+    background-color: #EEE;
+}
+
+p.admonition-title {
+    display: inline;
+}
+
+p.admonition-title:after {
+    content: ":";
+}
+
+pre, tt, code {
+    font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
+    font-size: 0.9em;
+}
+
+.hll {
+    background-color: #FFC;
+    margin: 0 -12px;
+    padding: 0 12px;
+    display: block;
+}
+
+img.screenshot {
+}
+
+tt.descname, tt.descclassname, code.descname, code.descclassname {
+    font-size: 0.95em;
+}
+
+tt.descname, code.descname {
+    padding-right: 0.08em;
+}
+
+img.screenshot {
+    -moz-box-shadow: 2px 2px 4px #EEE;
+    -webkit-box-shadow: 2px 2px 4px #EEE;
+    box-shadow: 2px 2px 4px #EEE;
+}
+
+table.docutils {
+    border: 1px solid #888;
+    -moz-box-shadow: 2px 2px 4px #EEE;
+    -webkit-box-shadow: 2px 2px 4px #EEE;
+    box-shadow: 2px 2px 4px #EEE;
+}
+
+table.docutils td, table.docutils th {
+    border: 1px solid #888;
+    padding: 0.25em 0.7em;
+}
+
+table.field-list, table.footnote {
+    border: none;
+    -moz-box-shadow: none;
+    -webkit-box-shadow: none;
+    box-shadow: none;
+}
+
+table.footnote {
+    margin: 15px 0;
+    width: 100%;
+    border: 1px solid #EEE;
+    background: #FDFDFD;
+    font-size: 0.9em;
+}
+
+table.footnote + table.footnote {
+    margin-top: -15px;
+    border-top: none;
+}
+
+table.field-list th {
+    padding: 0 0.8em 0 0;
+}
+
+table.field-list td {
+    padding: 0;
+}
+
+table.field-list p {
+    margin-bottom: 0.8em;
+}
+
+/* Cloned from
+ * https://github.com/sphinx-doc/sphinx/commit/ef60dbfce09286b20b7385333d63a60321784e68
+ */
+.field-name {
+    -moz-hyphens: manual;
+    -ms-hyphens: manual;
+    -webkit-hyphens: manual;
+    hyphens: manual;
+}
+
+table.footnote td.label {
+    width: .1px;
+    padding: 0.3em 0 0.3em 0.5em;
+}
+
+table.footnote td {
+    padding: 0.3em 0.5em;
+}
+
+dl {
+    margin: 0;
+    padding: 0;
+}
+
+dl dd {
+    margin-left: 30px;
+}
+
+blockquote {
+    margin: 0 0 0 30px;
+    padding: 0;
+}
+
+ul, ol {
+    /* Matches the 30px from the narrow-screen "li > ul" selector below */
+    margin: 10px 0 10px 30px;
+    padding: 0;
+}
+
+pre {
+    background: #EEE;
+    padding: 7px 30px;
+    margin: 15px 0px;
+    line-height: 1.3em;
+}
+
+div.viewcode-block:target {
+    background: #ffd;
+}
+
+dl pre, blockquote pre, li pre {
+    margin-left: 0;
+    padding-left: 30px;
+}
+
+tt, code {
+    background-color: #ecf0f3;
+    color: #222;
+    /* padding: 1px 2px; */
+}
+
+tt.xref, code.xref, a tt {
+    background-color: #FBFBFB;
+    border-bottom: 1px solid #fff;
+}
+
+a.reference {
+    text-decoration: none;
+    border-bottom: 1px dotted #004B6B;
+}
+
+/* Don't put an underline on images */
+a.image-reference, a.image-reference:hover {
+    border-bottom: none;
+}
+
+a.reference:hover {
+    border-bottom: 1px solid #6D4100;
+}
+
+a.footnote-reference {
+    text-decoration: none;
+    font-size: 0.7em;
+    vertical-align: top;
+    border-bottom: 1px dotted #004B6B;
+}
+
+a.footnote-reference:hover {
+    border-bottom: 1px solid #6D4100;
+}
+
+a:hover tt, a:hover code {
+    background: #EEE;
+}
+
+
+@media screen and (max-width: 870px) {
+
+    div.sphinxsidebar {
+    	display: none;
+    }
+
+    div.document {
+       width: 100%;
+
+    }
+
+    div.documentwrapper {
+    	margin-left: 0;
+    	margin-top: 0;
+    	margin-right: 0;
+    	margin-bottom: 0;
+    }
+
+    div.bodywrapper {
+    	margin-top: 0;
+    	margin-right: 0;
+    	margin-bottom: 0;
+    	margin-left: 0;
+    }
+
+    ul {
+    	margin-left: 0;
+    }
+
+	li > ul {
+        /* Matches the 30px from the "ul, ol" selector above */
+		margin-left: 30px;
+	}
+
+    .document {
+    	width: auto;
+    }
+
+    .footer {
+    	width: auto;
+    }
+
+    .bodywrapper {
+    	margin: 0;
+    }
+
+    .footer {
+    	width: auto;
+    }
+
+    .github {
+        display: none;
+    }
+
+
+
+}
+
+
+
+@media screen and (max-width: 875px) {
+
+    body {
+        margin: 0;
+        padding: 20px 30px;
+    }
+
+    div.documentwrapper {
+        float: none;
+        background: #fff;
+    }
+
+    div.sphinxsidebar {
+        display: block;
+        float: none;
+        width: 102.5%;
+        margin: 50px -30px -20px -30px;
+        padding: 10px 20px;
+        background: #333;
+        color: #FFF;
+    }
+
+    div.sphinxsidebar h3, div.sphinxsidebar h4, div.sphinxsidebar p,
+    div.sphinxsidebar h3 a {
+        color: #fff;
+    }
+
+    div.sphinxsidebar a {
+        color: #AAA;
+    }
+
+    div.sphinxsidebar p.logo {
+        display: none;
+    }
+
+    div.document {
+        width: 100%;
+        margin: 0;
+    }
+
+    div.footer {
+        display: none;
+    }
+
+    div.bodywrapper {
+        margin: 0;
+    }
+
+    div.body {
+        min-height: 0;
+        padding: 0;
+    }
+
+    .rtd_doc_footer {
+        display: none;
+    }
+
+    .document {
+        width: auto;
+    }
+
+    .footer {
+        width: auto;
+    }
+
+    .footer {
+        width: auto;
+    }
+
+    .github {
+        display: none;
+    }
+}
+
+
+/* misc. */
+
+.revsys-inline {
+    display: none!important;
+}
+
+/* Make nested-list/multi-paragraph items look better in Releases changelog
+ * pages. Without this, docutils' magical list fuckery causes inconsistent
+ * formatting between different release sub-lists.
+ */
+div#changelog > div.section > ul > li > p:only-child {
+    margin-bottom: 0;
+}
+
+/* Hide fugly table cell borders in ..bibliography:: directive output */
+table.docutils.citation, table.docutils.citation td, table.docutils.citation th {
+  border: none;
+  /* Below needed in some edge cases; if not applied, bottom shadows appear */
+  -moz-box-shadow: none;
+  -webkit-box-shadow: none;
+  box-shadow: none;
+}
+
+
+/* relbar */
+
+.related {
+    line-height: 30px;
+    width: 100%;
+    font-size: 0.9rem;
+}
+
+.related.top {
+    border-bottom: 1px solid #EEE;
+    margin-bottom: 20px;
+}
+
+.related.bottom {
+    border-top: 1px solid #EEE;
+}
+
+.related ul {
+    padding: 0;
+    margin: 0;
+    list-style: none;
+}
+
+.related li {
+    display: inline;
+}
+
+nav#rellinks {
+    float: right;
+}
+
+nav#rellinks li+li:before {
+    content: "|";
+}
+
+nav#breadcrumbs li+li:before {
+    content: "\00BB";
+}
+
+/* Hide certain items when printing */
+@media print {
+    div.related {
+        display: none;
+    }
+}
\ No newline at end of file
diff --git a/docs/html/_static/basic.css b/docs/html/_static/basic.css
new file mode 100644
index 0000000..0807176
--- /dev/null
+++ b/docs/html/_static/basic.css
@@ -0,0 +1,676 @@
+/*
+ * basic.css
+ * ~~~~~~~~~
+ *
+ * Sphinx stylesheet -- basic theme.
+ *
+ * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+/* -- main layout ----------------------------------------------------------- */
+
+div.clearer {
+    clear: both;
+}
+
+/* -- relbar ---------------------------------------------------------------- */
+
+div.related {
+    width: 100%;
+    font-size: 90%;
+}
+
+div.related h3 {
+    display: none;
+}
+
+div.related ul {
+    margin: 0;
+    padding: 0 0 0 10px;
+    list-style: none;
+}
+
+div.related li {
+    display: inline;
+}
+
+div.related li.right {
+    float: right;
+    margin-right: 5px;
+}
+
+/* -- sidebar --------------------------------------------------------------- */
+
+div.sphinxsidebarwrapper {
+    padding: 10px 5px 0 10px;
+}
+
+div.sphinxsidebar {
+    float: left;
+    width: 230px;
+    margin-left: -100%;
+    font-size: 90%;
+    word-wrap: break-word;
+    overflow-wrap : break-word;
+}
+
+div.sphinxsidebar ul {
+    list-style: none;
+}
+
+div.sphinxsidebar ul ul,
+div.sphinxsidebar ul.want-points {
+    margin-left: 20px;
+    list-style: square;
+}
+
+div.sphinxsidebar ul ul {
+    margin-top: 0;
+    margin-bottom: 0;
+}
+
+div.sphinxsidebar form {
+    margin-top: 10px;
+}
+
+div.sphinxsidebar input {
+    border: 1px solid #98dbcc;
+    font-family: sans-serif;
+    font-size: 1em;
+}
+
+div.sphinxsidebar #searchbox form.search {
+    overflow: hidden;
+}
+
+div.sphinxsidebar #searchbox input[type="text"] {
+    float: left;
+    width: 80%;
+    padding: 0.25em;
+    box-sizing: border-box;
+}
+
+div.sphinxsidebar #searchbox input[type="submit"] {
+    float: left;
+    width: 20%;
+    border-left: none;
+    padding: 0.25em;
+    box-sizing: border-box;
+}
+
+
+img {
+    border: 0;
+    max-width: 100%;
+}
+
+/* -- search page ----------------------------------------------------------- */
+
+ul.search {
+    margin: 10px 0 0 20px;
+    padding: 0;
+}
+
+ul.search li {
+    padding: 5px 0 5px 20px;
+    background-image: url(file.png);
+    background-repeat: no-repeat;
+    background-position: 0 7px;
+}
+
+ul.search li a {
+    font-weight: bold;
+}
+
+ul.search li div.context {
+    color: #888;
+    margin: 2px 0 0 30px;
+    text-align: left;
+}
+
+ul.keywordmatches li.goodmatch a {
+    font-weight: bold;
+}
+
+/* -- index page ------------------------------------------------------------ */
+
+table.contentstable {
+    width: 90%;
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table.contentstable p.biglink {
+    line-height: 150%;
+}
+
+a.biglink {
+    font-size: 1.3em;
+}
+
+span.linkdescr {
+    font-style: italic;
+    padding-top: 5px;
+    font-size: 90%;
+}
+
+/* -- general index --------------------------------------------------------- */
+
+table.indextable {
+    width: 100%;
+}
+
+table.indextable td {
+    text-align: left;
+    vertical-align: top;
+}
+
+table.indextable ul {
+    margin-top: 0;
+    margin-bottom: 0;
+    list-style-type: none;
+}
+
+table.indextable > tbody > tr > td > ul {
+    padding-left: 0em;
+}
+
+table.indextable tr.pcap {
+    height: 10px;
+}
+
+table.indextable tr.cap {
+    margin-top: 10px;
+    background-color: #f2f2f2;
+}
+
+img.toggler {
+    margin-right: 3px;
+    margin-top: 3px;
+    cursor: pointer;
+}
+
+div.modindex-jumpbox {
+    border-top: 1px solid #ddd;
+    border-bottom: 1px solid #ddd;
+    margin: 1em 0 1em 0;
+    padding: 0.4em;
+}
+
+div.genindex-jumpbox {
+    border-top: 1px solid #ddd;
+    border-bottom: 1px solid #ddd;
+    margin: 1em 0 1em 0;
+    padding: 0.4em;
+}
+
+/* -- domain module index --------------------------------------------------- */
+
+table.modindextable td {
+    padding: 2px;
+    border-collapse: collapse;
+}
+
+/* -- general body styles --------------------------------------------------- */
+
+div.body {
+    min-width: 450px;
+    max-width: 800px;
+}
+
+div.body p, div.body dd, div.body li, div.body blockquote {
+    -moz-hyphens: auto;
+    -ms-hyphens: auto;
+    -webkit-hyphens: auto;
+    hyphens: auto;
+}
+
+a.headerlink {
+    visibility: hidden;
+}
+
+h1:hover > a.headerlink,
+h2:hover > a.headerlink,
+h3:hover > a.headerlink,
+h4:hover > a.headerlink,
+h5:hover > a.headerlink,
+h6:hover > a.headerlink,
+dt:hover > a.headerlink,
+caption:hover > a.headerlink,
+p.caption:hover > a.headerlink,
+div.code-block-caption:hover > a.headerlink {
+    visibility: visible;
+}
+
+div.body p.caption {
+    text-align: inherit;
+}
+
+div.body td {
+    text-align: left;
+}
+
+.first {
+    margin-top: 0 !important;
+}
+
+p.rubric {
+    margin-top: 30px;
+    font-weight: bold;
+}
+
+img.align-left, .figure.align-left, object.align-left {
+    clear: left;
+    float: left;
+    margin-right: 1em;
+}
+
+img.align-right, .figure.align-right, object.align-right {
+    clear: right;
+    float: right;
+    margin-left: 1em;
+}
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+    text-align: left;
+}
+
+.align-center {
+    text-align: center;
+}
+
+.align-right {
+    text-align: right;
+}
+
+/* -- sidebars -------------------------------------------------------------- */
+
+div.sidebar {
+    margin: 0 0 0.5em 1em;
+    border: 1px solid #ddb;
+    padding: 7px 7px 0 7px;
+    background-color: #ffe;
+    width: 40%;
+    float: right;
+}
+
+p.sidebar-title {
+    font-weight: bold;
+}
+
+/* -- topics ---------------------------------------------------------------- */
+
+div.topic {
+    border: 1px solid #ccc;
+    padding: 7px 7px 0 7px;
+    margin: 10px 0 10px 0;
+}
+
+p.topic-title {
+    font-size: 1.1em;
+    font-weight: bold;
+    margin-top: 10px;
+}
+
+/* -- admonitions ----------------------------------------------------------- */
+
+div.admonition {
+    margin-top: 10px;
+    margin-bottom: 10px;
+    padding: 7px;
+}
+
+div.admonition dt {
+    font-weight: bold;
+}
+
+div.admonition dl {
+    margin-bottom: 0;
+}
+
+p.admonition-title {
+    margin: 0px 10px 5px 0px;
+    font-weight: bold;
+}
+
+div.body p.centered {
+    text-align: center;
+    margin-top: 25px;
+}
+
+/* -- tables ---------------------------------------------------------------- */
+
+table.docutils {
+    border: 0;
+    border-collapse: collapse;
+}
+
+table.align-center {
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table caption span.caption-number {
+    font-style: italic;
+}
+
+table caption span.caption-text {
+}
+
+table.docutils td, table.docutils th {
+    padding: 1px 8px 1px 5px;
+    border-top: 0;
+    border-left: 0;
+    border-right: 0;
+    border-bottom: 1px solid #aaa;
+}
+
+table.footnote td, table.footnote th {
+    border: 0 !important;
+}
+
+th {
+    text-align: left;
+    padding-right: 5px;
+}
+
+table.citation {
+    border-left: solid 1px gray;
+    margin-left: 1px;
+}
+
+table.citation td {
+    border-bottom: none;
+}
+
+/* -- figures --------------------------------------------------------------- */
+
+div.figure {
+    margin: 0.5em;
+    padding: 0.5em;
+}
+
+div.figure p.caption {
+    padding: 0.3em;
+}
+
+div.figure p.caption span.caption-number {
+    font-style: italic;
+}
+
+div.figure p.caption span.caption-text {
+}
+
+/* -- field list styles ----------------------------------------------------- */
+
+table.field-list td, table.field-list th {
+    border: 0 !important;
+}
+
+.field-list ul {
+    margin: 0;
+    padding-left: 1em;
+}
+
+.field-list p {
+    margin: 0;
+}
+
+.field-name {
+    -moz-hyphens: manual;
+    -ms-hyphens: manual;
+    -webkit-hyphens: manual;
+    hyphens: manual;
+}
+
+/* -- hlist styles ---------------------------------------------------------- */
+
+table.hlist td {
+    vertical-align: top;
+}
+
+
+/* -- other body styles ----------------------------------------------------- */
+
+ol.arabic {
+    list-style: decimal;
+}
+
+ol.loweralpha {
+    list-style: lower-alpha;
+}
+
+ol.upperalpha {
+    list-style: upper-alpha;
+}
+
+ol.lowerroman {
+    list-style: lower-roman;
+}
+
+ol.upperroman {
+    list-style: upper-roman;
+}
+
+dl {
+    margin-bottom: 15px;
+}
+
+dd p {
+    margin-top: 0px;
+}
+
+dd ul, dd table {
+    margin-bottom: 10px;
+}
+
+dd {
+    margin-top: 3px;
+    margin-bottom: 10px;
+    margin-left: 30px;
+}
+
+dt:target, span.highlighted {
+    background-color: #fbe54e;
+}
+
+rect.highlighted {
+    fill: #fbe54e;
+}
+
+dl.glossary dt {
+    font-weight: bold;
+    font-size: 1.1em;
+}
+
+.optional {
+    font-size: 1.3em;
+}
+
+.sig-paren {
+    font-size: larger;
+}
+
+.versionmodified {
+    font-style: italic;
+}
+
+.system-message {
+    background-color: #fda;
+    padding: 5px;
+    border: 3px solid red;
+}
+
+.footnote:target  {
+    background-color: #ffa;
+}
+
+.line-block {
+    display: block;
+    margin-top: 1em;
+    margin-bottom: 1em;
+}
+
+.line-block .line-block {
+    margin-top: 0;
+    margin-bottom: 0;
+    margin-left: 1.5em;
+}
+
+.guilabel, .menuselection {
+    font-family: sans-serif;
+}
+
+.accelerator {
+    text-decoration: underline;
+}
+
+.classifier {
+    font-style: oblique;
+}
+
+abbr, acronym {
+    border-bottom: dotted 1px;
+    cursor: help;
+}
+
+/* -- code displays --------------------------------------------------------- */
+
+pre {
+    overflow: auto;
+    overflow-y: hidden;  /* fixes display issues on Chrome browsers */
+}
+
+span.pre {
+    -moz-hyphens: none;
+    -ms-hyphens: none;
+    -webkit-hyphens: none;
+    hyphens: none;
+}
+
+td.linenos pre {
+    padding: 5px 0px;
+    border: 0;
+    background-color: transparent;
+    color: #aaa;
+}
+
+table.highlighttable {
+    margin-left: 0.5em;
+}
+
+table.highlighttable td {
+    padding: 0 0.5em 0 0.5em;
+}
+
+div.code-block-caption {
+    padding: 2px 5px;
+    font-size: small;
+}
+
+div.code-block-caption code {
+    background-color: transparent;
+}
+
+div.code-block-caption + div > div.highlight > pre {
+    margin-top: 0;
+}
+
+div.code-block-caption span.caption-number {
+    padding: 0.1em 0.3em;
+    font-style: italic;
+}
+
+div.code-block-caption span.caption-text {
+}
+
+div.literal-block-wrapper {
+    padding: 1em 1em 0;
+}
+
+div.literal-block-wrapper div.highlight {
+    margin: 0;
+}
+
+code.descname {
+    background-color: transparent;
+    font-weight: bold;
+    font-size: 1.2em;
+}
+
+code.descclassname {
+    background-color: transparent;
+}
+
+code.xref, a code {
+    background-color: transparent;
+    font-weight: bold;
+}
+
+h1 code, h2 code, h3 code, h4 code, h5 code, h6 code {
+    background-color: transparent;
+}
+
+.viewcode-link {
+    float: right;
+}
+
+.viewcode-back {
+    float: right;
+    font-family: sans-serif;
+}
+
+div.viewcode-block:target {
+    margin: -1px -10px;
+    padding: 0 10px;
+}
+
+/* -- math display ---------------------------------------------------------- */
+
+img.math {
+    vertical-align: middle;
+}
+
+div.body div.math p {
+    text-align: center;
+}
+
+span.eqno {
+    float: right;
+}
+
+span.eqno a.headerlink {
+    position: relative;
+    left: 0px;
+    z-index: 1;
+}
+
+div.math:hover a.headerlink {
+    visibility: visible;
+}
+
+/* -- printout stylesheet --------------------------------------------------- */
+
+@media print {
+    div.document,
+    div.documentwrapper,
+    div.bodywrapper {
+        margin: 0 !important;
+        width: 100%;
+    }
+
+    div.sphinxsidebar,
+    div.related,
+    div.footer,
+    #top-link {
+        display: none;
+    }
+}
\ No newline at end of file
diff --git a/docs/html/_static/comment-bright.png b/docs/html/_static/comment-bright.png
new file mode 100644
index 0000000..15e27ed
--- /dev/null
+++ b/docs/html/_static/comment-bright.png
Binary files differ
diff --git a/docs/html/_static/comment-close.png b/docs/html/_static/comment-close.png
new file mode 100644
index 0000000..4d91bcf
--- /dev/null
+++ b/docs/html/_static/comment-close.png
Binary files differ
diff --git a/docs/html/_static/comment.png b/docs/html/_static/comment.png
new file mode 100644
index 0000000..dfbc0cb
--- /dev/null
+++ b/docs/html/_static/comment.png
Binary files differ
diff --git a/docs/html/_static/custom.css b/docs/html/_static/custom.css
new file mode 100644
index 0000000..2a924f1
--- /dev/null
+++ b/docs/html/_static/custom.css
@@ -0,0 +1 @@
+/* This file intentionally left blank. */
diff --git a/docs/html/_static/doctools.js b/docs/html/_static/doctools.js
new file mode 100644
index 0000000..344db17
--- /dev/null
+++ b/docs/html/_static/doctools.js
@@ -0,0 +1,315 @@
+/*
+ * doctools.js
+ * ~~~~~~~~~~~
+ *
+ * Sphinx JavaScript utilities for all documentation.
+ *
+ * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+/**
+ * select a different prefix for underscore
+ */
+$u = _.noConflict();
+
+/**
+ * make the code below compatible with browsers without
+ * an installed firebug like debugger
+if (!window.console || !console.firebug) {
+  var names = ["log", "debug", "info", "warn", "error", "assert", "dir",
+    "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace",
+    "profile", "profileEnd"];
+  window.console = {};
+  for (var i = 0; i < names.length; ++i)
+    window.console[names[i]] = function() {};
+}
+ */
+
+/**
+ * small helper function to urldecode strings
+ */
+jQuery.urldecode = function(x) {
+  return decodeURIComponent(x).replace(/\+/g, ' ');
+};
+
+/**
+ * small helper function to urlencode strings
+ */
+jQuery.urlencode = encodeURIComponent;
+
+/**
+ * This function returns the parsed url parameters of the
+ * current request. Multiple values per key are supported,
+ * it will always return arrays of strings for the value parts.
+ */
+jQuery.getQueryParameters = function(s) {
+  if (typeof s === 'undefined')
+    s = document.location.search;
+  var parts = s.substr(s.indexOf('?') + 1).split('&');
+  var result = {};
+  for (var i = 0; i < parts.length; i++) {
+    var tmp = parts[i].split('=', 2);
+    var key = jQuery.urldecode(tmp[0]);
+    var value = jQuery.urldecode(tmp[1]);
+    if (key in result)
+      result[key].push(value);
+    else
+      result[key] = [value];
+  }
+  return result;
+};
+
+/**
+ * highlight a given string on a jquery object by wrapping it in
+ * span elements with the given class name.
+ */
+jQuery.fn.highlightText = function(text, className) {
+  function highlight(node, addItems) {
+    if (node.nodeType === 3) {
+      var val = node.nodeValue;
+      var pos = val.toLowerCase().indexOf(text);
+      if (pos >= 0 &&
+          !jQuery(node.parentNode).hasClass(className) &&
+          !jQuery(node.parentNode).hasClass("nohighlight")) {
+        var span;
+        var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
+        if (isInSVG) {
+          span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
+        } else {
+          span = document.createElement("span");
+          span.className = className;
+        }
+        span.appendChild(document.createTextNode(val.substr(pos, text.length)));
+        node.parentNode.insertBefore(span, node.parentNode.insertBefore(
+          document.createTextNode(val.substr(pos + text.length)),
+          node.nextSibling));
+        node.nodeValue = val.substr(0, pos);
+        if (isInSVG) {
+          var bbox = span.getBBox();
+          var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
+       	  rect.x.baseVal.value = bbox.x;
+          rect.y.baseVal.value = bbox.y;
+          rect.width.baseVal.value = bbox.width;
+          rect.height.baseVal.value = bbox.height;
+          rect.setAttribute('class', className);
+          var parentOfText = node.parentNode.parentNode;
+          addItems.push({
+              "parent": node.parentNode,
+              "target": rect});
+        }
+      }
+    }
+    else if (!jQuery(node).is("button, select, textarea")) {
+      jQuery.each(node.childNodes, function() {
+        highlight(this, addItems);
+      });
+    }
+  }
+  var addItems = [];
+  var result = this.each(function() {
+    highlight(this, addItems);
+  });
+  for (var i = 0; i < addItems.length; ++i) {
+    jQuery(addItems[i].parent).before(addItems[i].target);
+  }
+  return result;
+};
+
+/*
+ * backward compatibility for jQuery.browser
+ * This will be supported until firefox bug is fixed.
+ */
+if (!jQuery.browser) {
+  jQuery.uaMatch = function(ua) {
+    ua = ua.toLowerCase();
+
+    var match = /(chrome)[ \/]([\w.]+)/.exec(ua) ||
+      /(webkit)[ \/]([\w.]+)/.exec(ua) ||
+      /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) ||
+      /(msie) ([\w.]+)/.exec(ua) ||
+      ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) ||
+      [];
+
+    return {
+      browser: match[ 1 ] || "",
+      version: match[ 2 ] || "0"
+    };
+  };
+  jQuery.browser = {};
+  jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true;
+}
+
+/**
+ * Small JavaScript module for the documentation.
+ */
+var Documentation = {
+
+  init : function() {
+    this.fixFirefoxAnchorBug();
+    this.highlightSearchWords();
+    this.initIndexTable();
+    if (DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) {
+      this.initOnKeyListeners();
+    }
+  },
+
+  /**
+   * i18n support
+   */
+  TRANSLATIONS : {},
+  PLURAL_EXPR : function(n) { return n === 1 ? 0 : 1; },
+  LOCALE : 'unknown',
+
+  // gettext and ngettext don't access this so that the functions
+  // can safely bound to a different name (_ = Documentation.gettext)
+  gettext : function(string) {
+    var translated = Documentation.TRANSLATIONS[string];
+    if (typeof translated === 'undefined')
+      return string;
+    return (typeof translated === 'string') ? translated : translated[0];
+  },
+
+  ngettext : function(singular, plural, n) {
+    var translated = Documentation.TRANSLATIONS[singular];
+    if (typeof translated === 'undefined')
+      return (n == 1) ? singular : plural;
+    return translated[Documentation.PLURALEXPR(n)];
+  },
+
+  addTranslations : function(catalog) {
+    for (var key in catalog.messages)
+      this.TRANSLATIONS[key] = catalog.messages[key];
+    this.PLURAL_EXPR = new Function('n', 'return +(' + catalog.plural_expr + ')');
+    this.LOCALE = catalog.locale;
+  },
+
+  /**
+   * add context elements like header anchor links
+   */
+  addContextElements : function() {
+    $('div[id] > :header:first').each(function() {
+      $('<a class="headerlink">\u00B6</a>').
+      attr('href', '#' + this.id).
+      attr('title', _('Permalink to this headline')).
+      appendTo(this);
+    });
+    $('dt[id]').each(function() {
+      $('<a class="headerlink">\u00B6</a>').
+      attr('href', '#' + this.id).
+      attr('title', _('Permalink to this definition')).
+      appendTo(this);
+    });
+  },
+
+  /**
+   * workaround a firefox stupidity
+   * see: https://bugzilla.mozilla.org/show_bug.cgi?id=645075
+   */
+  fixFirefoxAnchorBug : function() {
+    if (document.location.hash && $.browser.mozilla)
+      window.setTimeout(function() {
+        document.location.href += '';
+      }, 10);
+  },
+
+  /**
+   * highlight the search words provided in the url in the text
+   */
+  highlightSearchWords : function() {
+    var params = $.getQueryParameters();
+    var terms = (params.highlight) ? params.highlight[0].split(/\s+/) : [];
+    if (terms.length) {
+      var body = $('div.body');
+      if (!body.length) {
+        body = $('body');
+      }
+      window.setTimeout(function() {
+        $.each(terms, function() {
+          body.highlightText(this.toLowerCase(), 'highlighted');
+        });
+      }, 10);
+      $('<p class="highlight-link"><a href="javascript:Documentation.' +
+        'hideSearchWords()">' + _('Hide Search Matches') + '</a></p>')
+          .appendTo($('#searchbox'));
+    }
+  },
+
+  /**
+   * init the domain index toggle buttons
+   */
+  initIndexTable : function() {
+    var togglers = $('img.toggler').click(function() {
+      var src = $(this).attr('src');
+      var idnum = $(this).attr('id').substr(7);
+      $('tr.cg-' + idnum).toggle();
+      if (src.substr(-9) === 'minus.png')
+        $(this).attr('src', src.substr(0, src.length-9) + 'plus.png');
+      else
+        $(this).attr('src', src.substr(0, src.length-8) + 'minus.png');
+    }).css('display', '');
+    if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) {
+        togglers.click();
+    }
+  },
+
+  /**
+   * helper function to hide the search marks again
+   */
+  hideSearchWords : function() {
+    $('#searchbox .highlight-link').fadeOut(300);
+    $('span.highlighted').removeClass('highlighted');
+  },
+
+  /**
+   * make the url absolute
+   */
+  makeURL : function(relativeURL) {
+    return DOCUMENTATION_OPTIONS.URL_ROOT + '/' + relativeURL;
+  },
+
+  /**
+   * get the current relative url
+   */
+  getCurrentURL : function() {
+    var path = document.location.pathname;
+    var parts = path.split(/\//);
+    $.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//), function() {
+      if (this === '..')
+        parts.pop();
+    });
+    var url = parts.join('/');
+    return path.substring(url.lastIndexOf('/') + 1, path.length - 1);
+  },
+
+  initOnKeyListeners: function() {
+    $(document).keyup(function(event) {
+      var activeElementType = document.activeElement.tagName;
+      // don't navigate when in search box or textarea
+      if (activeElementType !== 'TEXTAREA' && activeElementType !== 'INPUT' && activeElementType !== 'SELECT') {
+        switch (event.keyCode) {
+          case 37: // left
+            var prevHref = $('link[rel="prev"]').prop('href');
+            if (prevHref) {
+              window.location.href = prevHref;
+              return false;
+            }
+          case 39: // right
+            var nextHref = $('link[rel="next"]').prop('href');
+            if (nextHref) {
+              window.location.href = nextHref;
+              return false;
+            }
+        }
+      }
+    });
+  }
+};
+
+// quick alias for translations
+_ = Documentation.gettext;
+
+$(document).ready(function() {
+  Documentation.init();
+});
diff --git a/docs/html/_static/documentation_options.js b/docs/html/_static/documentation_options.js
new file mode 100644
index 0000000..b2f4f64
--- /dev/null
+++ b/docs/html/_static/documentation_options.js
@@ -0,0 +1,10 @@
+var DOCUMENTATION_OPTIONS = {
+    URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'),
+    VERSION: '1.0 beta3',
+    LANGUAGE: 'None',
+    COLLAPSE_INDEX: false,
+    FILE_SUFFIX: '.html',
+    HAS_SOURCE: true,
+    SOURCELINK_SUFFIX: '.txt',
+    NAVIGATION_WITH_KEYS: false,
+};
\ No newline at end of file
diff --git a/docs/html/_static/down-pressed.png b/docs/html/_static/down-pressed.png
new file mode 100644
index 0000000..5756c8c
--- /dev/null
+++ b/docs/html/_static/down-pressed.png
Binary files differ
diff --git a/docs/html/_static/down.png b/docs/html/_static/down.png
new file mode 100644
index 0000000..1b3bdad
--- /dev/null
+++ b/docs/html/_static/down.png
Binary files differ
diff --git a/docs/html/_static/file.png b/docs/html/_static/file.png
new file mode 100644
index 0000000..a858a41
--- /dev/null
+++ b/docs/html/_static/file.png
Binary files differ
diff --git a/docs/html/_static/jquery-3.2.1.js b/docs/html/_static/jquery-3.2.1.js
new file mode 100644
index 0000000..d2d8ca4
--- /dev/null
+++ b/docs/html/_static/jquery-3.2.1.js
@@ -0,0 +1,10253 @@
+/*!
+ * jQuery JavaScript Library v3.2.1
+ * https://jquery.com/
+ *
+ * Includes Sizzle.js
+ * https://sizzlejs.com/
+ *
+ * Copyright JS Foundation and other contributors
+ * Released under the MIT license
+ * https://jquery.org/license
+ *
+ * Date: 2017-03-20T18:59Z
+ */
+( function( global, factory ) {
+
+	"use strict";
+
+	if ( typeof module === "object" && typeof module.exports === "object" ) {
+
+		// For CommonJS and CommonJS-like environments where a proper `window`
+		// is present, execute the factory and get jQuery.
+		// For environments that do not have a `window` with a `document`
+		// (such as Node.js), expose a factory as module.exports.
+		// This accentuates the need for the creation of a real `window`.
+		// e.g. var jQuery = require("jquery")(window);
+		// See ticket #14549 for more info.
+		module.exports = global.document ?
+			factory( global, true ) :
+			function( w ) {
+				if ( !w.document ) {
+					throw new Error( "jQuery requires a window with a document" );
+				}
+				return factory( w );
+			};
+	} else {
+		factory( global );
+	}
+
+// Pass this if window is not defined yet
+} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) {
+
+// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1
+// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode
+// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common
+// enough that all such attempts are guarded in a try block.
+"use strict";
+
+var arr = [];
+
+var document = window.document;
+
+var getProto = Object.getPrototypeOf;
+
+var slice = arr.slice;
+
+var concat = arr.concat;
+
+var push = arr.push;
+
+var indexOf = arr.indexOf;
+
+var class2type = {};
+
+var toString = class2type.toString;
+
+var hasOwn = class2type.hasOwnProperty;
+
+var fnToString = hasOwn.toString;
+
+var ObjectFunctionString = fnToString.call( Object );
+
+var support = {};
+
+
+
+	function DOMEval( code, doc ) {
+		doc = doc || document;
+
+		var script = doc.createElement( "script" );
+
+		script.text = code;
+		doc.head.appendChild( script ).parentNode.removeChild( script );
+	}
+/* global Symbol */
+// Defining this global in .eslintrc.json would create a danger of using the global
+// unguarded in another place, it seems safer to define global only for this module
+
+
+
+var
+	version = "3.2.1",
+
+	// Define a local copy of jQuery
+	jQuery = function( selector, context ) {
+
+		// The jQuery object is actually just the init constructor 'enhanced'
+		// Need init if jQuery is called (just allow error to be thrown if not included)
+		return new jQuery.fn.init( selector, context );
+	},
+
+	// Support: Android <=4.0 only
+	// Make sure we trim BOM and NBSP
+	rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,
+
+	// Matches dashed string for camelizing
+	rmsPrefix = /^-ms-/,
+	rdashAlpha = /-([a-z])/g,
+
+	// Used by jQuery.camelCase as callback to replace()
+	fcamelCase = function( all, letter ) {
+		return letter.toUpperCase();
+	};
+
+jQuery.fn = jQuery.prototype = {
+
+	// The current version of jQuery being used
+	jquery: version,
+
+	constructor: jQuery,
+
+	// The default length of a jQuery object is 0
+	length: 0,
+
+	toArray: function() {
+		return slice.call( this );
+	},
+
+	// Get the Nth element in the matched element set OR
+	// Get the whole matched element set as a clean array
+	get: function( num ) {
+
+		// Return all the elements in a clean array
+		if ( num == null ) {
+			return slice.call( this );
+		}
+
+		// Return just the one element from the set
+		return num < 0 ? this[ num + this.length ] : this[ num ];
+	},
+
+	// Take an array of elements and push it onto the stack
+	// (returning the new matched element set)
+	pushStack: function( elems ) {
+
+		// Build a new jQuery matched element set
+		var ret = jQuery.merge( this.constructor(), elems );
+
+		// Add the old object onto the stack (as a reference)
+		ret.prevObject = this;
+
+		// Return the newly-formed element set
+		return ret;
+	},
+
+	// Execute a callback for every element in the matched set.
+	each: function( callback ) {
+		return jQuery.each( this, callback );
+	},
+
+	map: function( callback ) {
+		return this.pushStack( jQuery.map( this, function( elem, i ) {
+			return callback.call( elem, i, elem );
+		} ) );
+	},
+
+	slice: function() {
+		return this.pushStack( slice.apply( this, arguments ) );
+	},
+
+	first: function() {
+		return this.eq( 0 );
+	},
+
+	last: function() {
+		return this.eq( -1 );
+	},
+
+	eq: function( i ) {
+		var len = this.length,
+			j = +i + ( i < 0 ? len : 0 );
+		return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] );
+	},
+
+	end: function() {
+		return this.prevObject || this.constructor();
+	},
+
+	// For internal use only.
+	// Behaves like an Array's method, not like a jQuery method.
+	push: push,
+	sort: arr.sort,
+	splice: arr.splice
+};
+
+jQuery.extend = jQuery.fn.extend = function() {
+	var options, name, src, copy, copyIsArray, clone,
+		target = arguments[ 0 ] || {},
+		i = 1,
+		length = arguments.length,
+		deep = false;
+
+	// Handle a deep copy situation
+	if ( typeof target === "boolean" ) {
+		deep = target;
+
+		// Skip the boolean and the target
+		target = arguments[ i ] || {};
+		i++;
+	}
+
+	// Handle case when target is a string or something (possible in deep copy)
+	if ( typeof target !== "object" && !jQuery.isFunction( target ) ) {
+		target = {};
+	}
+
+	// Extend jQuery itself if only one argument is passed
+	if ( i === length ) {
+		target = this;
+		i--;
+	}
+
+	for ( ; i < length; i++ ) {
+
+		// Only deal with non-null/undefined values
+		if ( ( options = arguments[ i ] ) != null ) {
+
+			// Extend the base object
+			for ( name in options ) {
+				src = target[ name ];
+				copy = options[ name ];
+
+				// Prevent never-ending loop
+				if ( target === copy ) {
+					continue;
+				}
+
+				// Recurse if we're merging plain objects or arrays
+				if ( deep && copy && ( jQuery.isPlainObject( copy ) ||
+					( copyIsArray = Array.isArray( copy ) ) ) ) {
+
+					if ( copyIsArray ) {
+						copyIsArray = false;
+						clone = src && Array.isArray( src ) ? src : [];
+
+					} else {
+						clone = src && jQuery.isPlainObject( src ) ? src : {};
+					}
+
+					// Never move original objects, clone them
+					target[ name ] = jQuery.extend( deep, clone, copy );
+
+				// Don't bring in undefined values
+				} else if ( copy !== undefined ) {
+					target[ name ] = copy;
+				}
+			}
+		}
+	}
+
+	// Return the modified object
+	return target;
+};
+
+jQuery.extend( {
+
+	// Unique for each copy of jQuery on the page
+	expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ),
+
+	// Assume jQuery is ready without the ready module
+	isReady: true,
+
+	error: function( msg ) {
+		throw new Error( msg );
+	},
+
+	noop: function() {},
+
+	isFunction: function( obj ) {
+		return jQuery.type( obj ) === "function";
+	},
+
+	isWindow: function( obj ) {
+		return obj != null && obj === obj.window;
+	},
+
+	isNumeric: function( obj ) {
+
+		// As of jQuery 3.0, isNumeric is limited to
+		// strings and numbers (primitives or objects)
+		// that can be coerced to finite numbers (gh-2662)
+		var type = jQuery.type( obj );
+		return ( type === "number" || type === "string" ) &&
+
+			// parseFloat NaNs numeric-cast false positives ("")
+			// ...but misinterprets leading-number strings, particularly hex literals ("0x...")
+			// subtraction forces infinities to NaN
+			!isNaN( obj - parseFloat( obj ) );
+	},
+
+	isPlainObject: function( obj ) {
+		var proto, Ctor;
+
+		// Detect obvious negatives
+		// Use toString instead of jQuery.type to catch host objects
+		if ( !obj || toString.call( obj ) !== "[object Object]" ) {
+			return false;
+		}
+
+		proto = getProto( obj );
+
+		// Objects with no prototype (e.g., `Object.create( null )`) are plain
+		if ( !proto ) {
+			return true;
+		}
+
+		// Objects with prototype are plain iff they were constructed by a global Object function
+		Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor;
+		return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString;
+	},
+
+	isEmptyObject: function( obj ) {
+
+		/* eslint-disable no-unused-vars */
+		// See https://github.com/eslint/eslint/issues/6125
+		var name;
+
+		for ( name in obj ) {
+			return false;
+		}
+		return true;
+	},
+
+	type: function( obj ) {
+		if ( obj == null ) {
+			return obj + "";
+		}
+
+		// Support: Android <=2.3 only (functionish RegExp)
+		return typeof obj === "object" || typeof obj === "function" ?
+			class2type[ toString.call( obj ) ] || "object" :
+			typeof obj;
+	},
+
+	// Evaluates a script in a global context
+	globalEval: function( code ) {
+		DOMEval( code );
+	},
+
+	// Convert dashed to camelCase; used by the css and data modules
+	// Support: IE <=9 - 11, Edge 12 - 13
+	// Microsoft forgot to hump their vendor prefix (#9572)
+	camelCase: function( string ) {
+		return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase );
+	},
+
+	each: function( obj, callback ) {
+		var length, i = 0;
+
+		if ( isArrayLike( obj ) ) {
+			length = obj.length;
+			for ( ; i < length; i++ ) {
+				if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {
+					break;
+				}
+			}
+		} else {
+			for ( i in obj ) {
+				if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {
+					break;
+				}
+			}
+		}
+
+		return obj;
+	},
+
+	// Support: Android <=4.0 only
+	trim: function( text ) {
+		return text == null ?
+			"" :
+			( text + "" ).replace( rtrim, "" );
+	},
+
+	// results is for internal usage only
+	makeArray: function( arr, results ) {
+		var ret = results || [];
+
+		if ( arr != null ) {
+			if ( isArrayLike( Object( arr ) ) ) {
+				jQuery.merge( ret,
+					typeof arr === "string" ?
+					[ arr ] : arr
+				);
+			} else {
+				push.call( ret, arr );
+			}
+		}
+
+		return ret;
+	},
+
+	inArray: function( elem, arr, i ) {
+		return arr == null ? -1 : indexOf.call( arr, elem, i );
+	},
+
+	// Support: Android <=4.0 only, PhantomJS 1 only
+	// push.apply(_, arraylike) throws on ancient WebKit
+	merge: function( first, second ) {
+		var len = +second.length,
+			j = 0,
+			i = first.length;
+
+		for ( ; j < len; j++ ) {
+			first[ i++ ] = second[ j ];
+		}
+
+		first.length = i;
+
+		return first;
+	},
+
+	grep: function( elems, callback, invert ) {
+		var callbackInverse,
+			matches = [],
+			i = 0,
+			length = elems.length,
+			callbackExpect = !invert;
+
+		// Go through the array, only saving the items
+		// that pass the validator function
+		for ( ; i < length; i++ ) {
+			callbackInverse = !callback( elems[ i ], i );
+			if ( callbackInverse !== callbackExpect ) {
+				matches.push( elems[ i ] );
+			}
+		}
+
+		return matches;
+	},
+
+	// arg is for internal usage only
+	map: function( elems, callback, arg ) {
+		var length, value,
+			i = 0,
+			ret = [];
+
+		// Go through the array, translating each of the items to their new values
+		if ( isArrayLike( elems ) ) {
+			length = elems.length;
+			for ( ; i < length; i++ ) {
+				value = callback( elems[ i ], i, arg );
+
+				if ( value != null ) {
+					ret.push( value );
+				}
+			}
+
+		// Go through every key on the object,
+		} else {
+			for ( i in elems ) {
+				value = callback( elems[ i ], i, arg );
+
+				if ( value != null ) {
+					ret.push( value );
+				}
+			}
+		}
+
+		// Flatten any nested arrays
+		return concat.apply( [], ret );
+	},
+
+	// A global GUID counter for objects
+	guid: 1,
+
+	// Bind a function to a context, optionally partially applying any
+	// arguments.
+	proxy: function( fn, context ) {
+		var tmp, args, proxy;
+
+		if ( typeof context === "string" ) {
+			tmp = fn[ context ];
+			context = fn;
+			fn = tmp;
+		}
+
+		// Quick check to determine if target is callable, in the spec
+		// this throws a TypeError, but we will just return undefined.
+		if ( !jQuery.isFunction( fn ) ) {
+			return undefined;
+		}
+
+		// Simulated bind
+		args = slice.call( arguments, 2 );
+		proxy = function() {
+			return fn.apply( context || this, args.concat( slice.call( arguments ) ) );
+		};
+
+		// Set the guid of unique handler to the same of original handler, so it can be removed
+		proxy.guid = fn.guid = fn.guid || jQuery.guid++;
+
+		return proxy;
+	},
+
+	now: Date.now,
+
+	// jQuery.support is not used in Core but other projects attach their
+	// properties to it so it needs to exist.
+	support: support
+} );
+
+if ( typeof Symbol === "function" ) {
+	jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ];
+}
+
+// Populate the class2type map
+jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ),
+function( i, name ) {
+	class2type[ "[object " + name + "]" ] = name.toLowerCase();
+} );
+
+function isArrayLike( obj ) {
+
+	// Support: real iOS 8.2 only (not reproducible in simulator)
+	// `in` check used to prevent JIT error (gh-2145)
+	// hasOwn isn't used here due to false negatives
+	// regarding Nodelist length in IE
+	var length = !!obj && "length" in obj && obj.length,
+		type = jQuery.type( obj );
+
+	if ( type === "function" || jQuery.isWindow( obj ) ) {
+		return false;
+	}
+
+	return type === "array" || length === 0 ||
+		typeof length === "number" && length > 0 && ( length - 1 ) in obj;
+}
+var Sizzle =
+/*!
+ * Sizzle CSS Selector Engine v2.3.3
+ * https://sizzlejs.com/
+ *
+ * Copyright jQuery Foundation and other contributors
+ * Released under the MIT license
+ * http://jquery.org/license
+ *
+ * Date: 2016-08-08
+ */
+(function( window ) {
+
+var i,
+	support,
+	Expr,
+	getText,
+	isXML,
+	tokenize,
+	compile,
+	select,
+	outermostContext,
+	sortInput,
+	hasDuplicate,
+
+	// Local document vars
+	setDocument,
+	document,
+	docElem,
+	documentIsHTML,
+	rbuggyQSA,
+	rbuggyMatches,
+	matches,
+	contains,
+
+	// Instance-specific data
+	expando = "sizzle" + 1 * new Date(),
+	preferredDoc = window.document,
+	dirruns = 0,
+	done = 0,
+	classCache = createCache(),
+	tokenCache = createCache(),
+	compilerCache = createCache(),
+	sortOrder = function( a, b ) {
+		if ( a === b ) {
+			hasDuplicate = true;
+		}
+		return 0;
+	},
+
+	// Instance methods
+	hasOwn = ({}).hasOwnProperty,
+	arr = [],
+	pop = arr.pop,
+	push_native = arr.push,
+	push = arr.push,
+	slice = arr.slice,
+	// Use a stripped-down indexOf as it's faster than native
+	// https://jsperf.com/thor-indexof-vs-for/5
+	indexOf = function( list, elem ) {
+		var i = 0,
+			len = list.length;
+		for ( ; i < len; i++ ) {
+			if ( list[i] === elem ) {
+				return i;
+			}
+		}
+		return -1;
+	},
+
+	booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",
+
+	// Regular expressions
+
+	// http://www.w3.org/TR/css3-selectors/#whitespace
+	whitespace = "[\\x20\\t\\r\\n\\f]",
+
+	// http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
+	identifier = "(?:\\\\.|[\\w-]|[^\0-\\xa0])+",
+
+	// Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors
+	attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace +
+		// Operator (capture 2)
+		"*([*^$|!~]?=)" + whitespace +
+		// "Attribute values must be CSS identifiers [capture 5] or strings [capture 3 or capture 4]"
+		"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + whitespace +
+		"*\\]",
+
+	pseudos = ":(" + identifier + ")(?:\\((" +
+		// To reduce the number of selectors needing tokenize in the preFilter, prefer arguments:
+		// 1. quoted (capture 3; capture 4 or capture 5)
+		"('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" +
+		// 2. simple (capture 6)
+		"((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" +
+		// 3. anything else (capture 2)
+		".*" +
+		")\\)|)",
+
+	// Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter
+	rwhitespace = new RegExp( whitespace + "+", "g" ),
+	rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),
+
+	rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),
+	rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ),
+
+	rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ),
+
+	rpseudo = new RegExp( pseudos ),
+	ridentifier = new RegExp( "^" + identifier + "$" ),
+
+	matchExpr = {
+		"ID": new RegExp( "^#(" + identifier + ")" ),
+		"CLASS": new RegExp( "^\\.(" + identifier + ")" ),
+		"TAG": new RegExp( "^(" + identifier + "|[*])" ),
+		"ATTR": new RegExp( "^" + attributes ),
+		"PSEUDO": new RegExp( "^" + pseudos ),
+		"CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace +
+			"*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + whitespace +
+			"*(\\d+)|))" + whitespace + "*\\)|)", "i" ),
+		"bool": new RegExp( "^(?:" + booleans + ")$", "i" ),
+		// For use in libraries implementing .is()
+		// We use this for POS matching in `select`
+		"needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" +
+			whitespace + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" )
+	},
+
+	rinputs = /^(?:input|select|textarea|button)$/i,
+	rheader = /^h\d$/i,
+
+	rnative = /^[^{]+\{\s*\[native \w/,
+
+	// Easily-parseable/retrievable ID or TAG or CLASS selectors
+	rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,
+
+	rsibling = /[+~]/,
+
+	// CSS escapes
+	// http://www.w3.org/TR/CSS21/syndata.html#escaped-characters
+	runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ),
+	funescape = function( _, escaped, escapedWhitespace ) {
+		var high = "0x" + escaped - 0x10000;
+		// NaN means non-codepoint
+		// Support: Firefox<24
+		// Workaround erroneous numeric interpretation of +"0x"
+		return high !== high || escapedWhitespace ?
+			escaped :
+			high < 0 ?
+				// BMP codepoint
+				String.fromCharCode( high + 0x10000 ) :
+				// Supplemental Plane codepoint (surrogate pair)
+				String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 );
+	},
+
+	// CSS string/identifier serialization
+	// https://drafts.csswg.org/cssom/#common-serializing-idioms
+	rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,
+	fcssescape = function( ch, asCodePoint ) {
+		if ( asCodePoint ) {
+
+			// U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER
+			if ( ch === "\0" ) {
+				return "\uFFFD";
+			}
+
+			// Control characters and (dependent upon position) numbers get escaped as code points
+			return ch.slice( 0, -1 ) + "\\" + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " ";
+		}
+
+		// Other potentially-special ASCII characters get backslash-escaped
+		return "\\" + ch;
+	},
+
+	// Used for iframes
+	// See setDocument()
+	// Removing the function wrapper causes a "Permission Denied"
+	// error in IE
+	unloadHandler = function() {
+		setDocument();
+	},
+
+	disabledAncestor = addCombinator(
+		function( elem ) {
+			return elem.disabled === true && ("form" in elem || "label" in elem);
+		},
+		{ dir: "parentNode", next: "legend" }
+	);
+
+// Optimize for push.apply( _, NodeList )
+try {
+	push.apply(
+		(arr = slice.call( preferredDoc.childNodes )),
+		preferredDoc.childNodes
+	);
+	// Support: Android<4.0
+	// Detect silently failing push.apply
+	arr[ preferredDoc.childNodes.length ].nodeType;
+} catch ( e ) {
+	push = { apply: arr.length ?
+
+		// Leverage slice if possible
+		function( target, els ) {
+			push_native.apply( target, slice.call(els) );
+		} :
+
+		// Support: IE<9
+		// Otherwise append directly
+		function( target, els ) {
+			var j = target.length,
+				i = 0;
+			// Can't trust NodeList.length
+			while ( (target[j++] = els[i++]) ) {}
+			target.length = j - 1;
+		}
+	};
+}
+
+function Sizzle( selector, context, results, seed ) {
+	var m, i, elem, nid, match, groups, newSelector,
+		newContext = context && context.ownerDocument,
+
+		// nodeType defaults to 9, since context defaults to document
+		nodeType = context ? context.nodeType : 9;
+
+	results = results || [];
+
+	// Return early from calls with invalid selector or context
+	if ( typeof selector !== "string" || !selector ||
+		nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) {
+
+		return results;
+	}
+
+	// Try to shortcut find operations (as opposed to filters) in HTML documents
+	if ( !seed ) {
+
+		if ( ( context ? context.ownerDocument || context : preferredDoc ) !== document ) {
+			setDocument( context );
+		}
+		context = context || document;
+
+		if ( documentIsHTML ) {
+
+			// If the selector is sufficiently simple, try using a "get*By*" DOM method
+			// (excepting DocumentFragment context, where the methods don't exist)
+			if ( nodeType !== 11 && (match = rquickExpr.exec( selector )) ) {
+
+				// ID selector
+				if ( (m = match[1]) ) {
+
+					// Document context
+					if ( nodeType === 9 ) {
+						if ( (elem = context.getElementById( m )) ) {
+
+							// Support: IE, Opera, Webkit
+							// TODO: identify versions
+							// getElementById can match elements by name instead of ID
+							if ( elem.id === m ) {
+								results.push( elem );
+								return results;
+							}
+						} else {
+							return results;
+						}
+
+					// Element context
+					} else {
+
+						// Support: IE, Opera, Webkit
+						// TODO: identify versions
+						// getElementById can match elements by name instead of ID
+						if ( newContext && (elem = newContext.getElementById( m )) &&
+							contains( context, elem ) &&
+							elem.id === m ) {
+
+							results.push( elem );
+							return results;
+						}
+					}
+
+				// Type selector
+				} else if ( match[2] ) {
+					push.apply( results, context.getElementsByTagName( selector ) );
+					return results;
+
+				// Class selector
+				} else if ( (m = match[3]) && support.getElementsByClassName &&
+					context.getElementsByClassName ) {
+
+					push.apply( results, context.getElementsByClassName( m ) );
+					return results;
+				}
+			}
+
+			// Take advantage of querySelectorAll
+			if ( support.qsa &&
+				!compilerCache[ selector + " " ] &&
+				(!rbuggyQSA || !rbuggyQSA.test( selector )) ) {
+
+				if ( nodeType !== 1 ) {
+					newContext = context;
+					newSelector = selector;
+
+				// qSA looks outside Element context, which is not what we want
+				// Thanks to Andrew Dupont for this workaround technique
+				// Support: IE <=8
+				// Exclude object elements
+				} else if ( context.nodeName.toLowerCase() !== "object" ) {
+
+					// Capture the context ID, setting it first if necessary
+					if ( (nid = context.getAttribute( "id" )) ) {
+						nid = nid.replace( rcssescape, fcssescape );
+					} else {
+						context.setAttribute( "id", (nid = expando) );
+					}
+
+					// Prefix every selector in the list
+					groups = tokenize( selector );
+					i = groups.length;
+					while ( i-- ) {
+						groups[i] = "#" + nid + " " + toSelector( groups[i] );
+					}
+					newSelector = groups.join( "," );
+
+					// Expand context for sibling selectors
+					newContext = rsibling.test( selector ) && testContext( context.parentNode ) ||
+						context;
+				}
+
+				if ( newSelector ) {
+					try {
+						push.apply( results,
+							newContext.querySelectorAll( newSelector )
+						);
+						return results;
+					} catch ( qsaError ) {
+					} finally {
+						if ( nid === expando ) {
+							context.removeAttribute( "id" );
+						}
+					}
+				}
+			}
+		}
+	}
+
+	// All others
+	return select( selector.replace( rtrim, "$1" ), context, results, seed );
+}
+
+/**
+ * Create key-value caches of limited size
+ * @returns {function(string, object)} Returns the Object data after storing it on itself with
+ *	property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength)
+ *	deleting the oldest entry
+ */
+function createCache() {
+	var keys = [];
+
+	function cache( key, value ) {
+		// Use (key + " ") to avoid collision with native prototype properties (see Issue #157)
+		if ( keys.push( key + " " ) > Expr.cacheLength ) {
+			// Only keep the most recent entries
+			delete cache[ keys.shift() ];
+		}
+		return (cache[ key + " " ] = value);
+	}
+	return cache;
+}
+
+/**
+ * Mark a function for special use by Sizzle
+ * @param {Function} fn The function to mark
+ */
+function markFunction( fn ) {
+	fn[ expando ] = true;
+	return fn;
+}
+
+/**
+ * Support testing using an element
+ * @param {Function} fn Passed the created element and returns a boolean result
+ */
+function assert( fn ) {
+	var el = document.createElement("fieldset");
+
+	try {
+		return !!fn( el );
+	} catch (e) {
+		return false;
+	} finally {
+		// Remove from its parent by default
+		if ( el.parentNode ) {
+			el.parentNode.removeChild( el );
+		}
+		// release memory in IE
+		el = null;
+	}
+}
+
+/**
+ * Adds the same handler for all of the specified attrs
+ * @param {String} attrs Pipe-separated list of attributes
+ * @param {Function} handler The method that will be applied
+ */
+function addHandle( attrs, handler ) {
+	var arr = attrs.split("|"),
+		i = arr.length;
+
+	while ( i-- ) {
+		Expr.attrHandle[ arr[i] ] = handler;
+	}
+}
+
+/**
+ * Checks document order of two siblings
+ * @param {Element} a
+ * @param {Element} b
+ * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b
+ */
+function siblingCheck( a, b ) {
+	var cur = b && a,
+		diff = cur && a.nodeType === 1 && b.nodeType === 1 &&
+			a.sourceIndex - b.sourceIndex;
+
+	// Use IE sourceIndex if available on both nodes
+	if ( diff ) {
+		return diff;
+	}
+
+	// Check if b follows a
+	if ( cur ) {
+		while ( (cur = cur.nextSibling) ) {
+			if ( cur === b ) {
+				return -1;
+			}
+		}
+	}
+
+	return a ? 1 : -1;
+}
+
+/**
+ * Returns a function to use in pseudos for input types
+ * @param {String} type
+ */
+function createInputPseudo( type ) {
+	return function( elem ) {
+		var name = elem.nodeName.toLowerCase();
+		return name === "input" && elem.type === type;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for buttons
+ * @param {String} type
+ */
+function createButtonPseudo( type ) {
+	return function( elem ) {
+		var name = elem.nodeName.toLowerCase();
+		return (name === "input" || name === "button") && elem.type === type;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for :enabled/:disabled
+ * @param {Boolean} disabled true for :disabled; false for :enabled
+ */
+function createDisabledPseudo( disabled ) {
+
+	// Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable
+	return function( elem ) {
+
+		// Only certain elements can match :enabled or :disabled
+		// https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
+		// https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
+		if ( "form" in elem ) {
+
+			// Check for inherited disabledness on relevant non-disabled elements:
+			// * listed form-associated elements in a disabled fieldset
+			//   https://html.spec.whatwg.org/multipage/forms.html#category-listed
+			//   https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
+			// * option elements in a disabled optgroup
+			//   https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
+			// All such elements have a "form" property.
+			if ( elem.parentNode && elem.disabled === false ) {
+
+				// Option elements defer to a parent optgroup if present
+				if ( "label" in elem ) {
+					if ( "label" in elem.parentNode ) {
+						return elem.parentNode.disabled === disabled;
+					} else {
+						return elem.disabled === disabled;
+					}
+				}
+
+				// Support: IE 6 - 11
+				// Use the isDisabled shortcut property to check for disabled fieldset ancestors
+				return elem.isDisabled === disabled ||
+
+					// Where there is no isDisabled, check manually
+					/* jshint -W018 */
+					elem.isDisabled !== !disabled &&
+						disabledAncestor( elem ) === disabled;
+			}
+
+			return elem.disabled === disabled;
+
+		// Try to winnow out elements that can't be disabled before trusting the disabled property.
+		// Some victims get caught in our net (label, legend, menu, track), but it shouldn't
+		// even exist on them, let alone have a boolean value.
+		} else if ( "label" in elem ) {
+			return elem.disabled === disabled;
+		}
+
+		// Remaining elements are neither :enabled nor :disabled
+		return false;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for positionals
+ * @param {Function} fn
+ */
+function createPositionalPseudo( fn ) {
+	return markFunction(function( argument ) {
+		argument = +argument;
+		return markFunction(function( seed, matches ) {
+			var j,
+				matchIndexes = fn( [], seed.length, argument ),
+				i = matchIndexes.length;
+
+			// Match elements found at the specified indexes
+			while ( i-- ) {
+				if ( seed[ (j = matchIndexes[i]) ] ) {
+					seed[j] = !(matches[j] = seed[j]);
+				}
+			}
+		});
+	});
+}
+
+/**
+ * Checks a node for validity as a Sizzle context
+ * @param {Element|Object=} context
+ * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value
+ */
+function testContext( context ) {
+	return context && typeof context.getElementsByTagName !== "undefined" && context;
+}
+
+// Expose support vars for convenience
+support = Sizzle.support = {};
+
+/**
+ * Detects XML nodes
+ * @param {Element|Object} elem An element or a document
+ * @returns {Boolean} True iff elem is a non-HTML XML node
+ */
+isXML = Sizzle.isXML = function( elem ) {
+	// documentElement is verified for cases where it doesn't yet exist
+	// (such as loading iframes in IE - #4833)
+	var documentElement = elem && (elem.ownerDocument || elem).documentElement;
+	return documentElement ? documentElement.nodeName !== "HTML" : false;
+};
+
+/**
+ * Sets document-related variables once based on the current document
+ * @param {Element|Object} [doc] An element or document object to use to set the document
+ * @returns {Object} Returns the current document
+ */
+setDocument = Sizzle.setDocument = function( node ) {
+	var hasCompare, subWindow,
+		doc = node ? node.ownerDocument || node : preferredDoc;
+
+	// Return early if doc is invalid or already selected
+	if ( doc === document || doc.nodeType !== 9 || !doc.documentElement ) {
+		return document;
+	}
+
+	// Update global variables
+	document = doc;
+	docElem = document.documentElement;
+	documentIsHTML = !isXML( document );
+
+	// Support: IE 9-11, Edge
+	// Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936)
+	if ( preferredDoc !== document &&
+		(subWindow = document.defaultView) && subWindow.top !== subWindow ) {
+
+		// Support: IE 11, Edge
+		if ( subWindow.addEventListener ) {
+			subWindow.addEventListener( "unload", unloadHandler, false );
+
+		// Support: IE 9 - 10 only
+		} else if ( subWindow.attachEvent ) {
+			subWindow.attachEvent( "onunload", unloadHandler );
+		}
+	}
+
+	/* Attributes
+	---------------------------------------------------------------------- */
+
+	// Support: IE<8
+	// Verify that getAttribute really returns attributes and not properties
+	// (excepting IE8 booleans)
+	support.attributes = assert(function( el ) {
+		el.className = "i";
+		return !el.getAttribute("className");
+	});
+
+	/* getElement(s)By*
+	---------------------------------------------------------------------- */
+
+	// Check if getElementsByTagName("*") returns only elements
+	support.getElementsByTagName = assert(function( el ) {
+		el.appendChild( document.createComment("") );
+		return !el.getElementsByTagName("*").length;
+	});
+
+	// Support: IE<9
+	support.getElementsByClassName = rnative.test( document.getElementsByClassName );
+
+	// Support: IE<10
+	// Check if getElementById returns elements by name
+	// The broken getElementById methods don't pick up programmatically-set names,
+	// so use a roundabout getElementsByName test
+	support.getById = assert(function( el ) {
+		docElem.appendChild( el ).id = expando;
+		return !document.getElementsByName || !document.getElementsByName( expando ).length;
+	});
+
+	// ID filter and find
+	if ( support.getById ) {
+		Expr.filter["ID"] = function( id ) {
+			var attrId = id.replace( runescape, funescape );
+			return function( elem ) {
+				return elem.getAttribute("id") === attrId;
+			};
+		};
+		Expr.find["ID"] = function( id, context ) {
+			if ( typeof context.getElementById !== "undefined" && documentIsHTML ) {
+				var elem = context.getElementById( id );
+				return elem ? [ elem ] : [];
+			}
+		};
+	} else {
+		Expr.filter["ID"] =  function( id ) {
+			var attrId = id.replace( runescape, funescape );
+			return function( elem ) {
+				var node = typeof elem.getAttributeNode !== "undefined" &&
+					elem.getAttributeNode("id");
+				return node && node.value === attrId;
+			};
+		};
+
+		// Support: IE 6 - 7 only
+		// getElementById is not reliable as a find shortcut
+		Expr.find["ID"] = function( id, context ) {
+			if ( typeof context.getElementById !== "undefined" && documentIsHTML ) {
+				var node, i, elems,
+					elem = context.getElementById( id );
+
+				if ( elem ) {
+
+					// Verify the id attribute
+					node = elem.getAttributeNode("id");
+					if ( node && node.value === id ) {
+						return [ elem ];
+					}
+
+					// Fall back on getElementsByName
+					elems = context.getElementsByName( id );
+					i = 0;
+					while ( (elem = elems[i++]) ) {
+						node = elem.getAttributeNode("id");
+						if ( node && node.value === id ) {
+							return [ elem ];
+						}
+					}
+				}
+
+				return [];
+			}
+		};
+	}
+
+	// Tag
+	Expr.find["TAG"] = support.getElementsByTagName ?
+		function( tag, context ) {
+			if ( typeof context.getElementsByTagName !== "undefined" ) {
+				return context.getElementsByTagName( tag );
+
+			// DocumentFragment nodes don't have gEBTN
+			} else if ( support.qsa ) {
+				return context.querySelectorAll( tag );
+			}
+		} :
+
+		function( tag, context ) {
+			var elem,
+				tmp = [],
+				i = 0,
+				// By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too
+				results = context.getElementsByTagName( tag );
+
+			// Filter out possible comments
+			if ( tag === "*" ) {
+				while ( (elem = results[i++]) ) {
+					if ( elem.nodeType === 1 ) {
+						tmp.push( elem );
+					}
+				}
+
+				return tmp;
+			}
+			return results;
+		};
+
+	// Class
+	Expr.find["CLASS"] = support.getElementsByClassName && function( className, context ) {
+		if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) {
+			return context.getElementsByClassName( className );
+		}
+	};
+
+	/* QSA/matchesSelector
+	---------------------------------------------------------------------- */
+
+	// QSA and matchesSelector support
+
+	// matchesSelector(:active) reports false when true (IE9/Opera 11.5)
+	rbuggyMatches = [];
+
+	// qSa(:focus) reports false when true (Chrome 21)
+	// We allow this because of a bug in IE8/9 that throws an error
+	// whenever `document.activeElement` is accessed on an iframe
+	// So, we allow :focus to pass through QSA all the time to avoid the IE error
+	// See https://bugs.jquery.com/ticket/13378
+	rbuggyQSA = [];
+
+	if ( (support.qsa = rnative.test( document.querySelectorAll )) ) {
+		// Build QSA regex
+		// Regex strategy adopted from Diego Perini
+		assert(function( el ) {
+			// Select is set to empty string on purpose
+			// This is to test IE's treatment of not explicitly
+			// setting a boolean content attribute,
+			// since its presence should be enough
+			// https://bugs.jquery.com/ticket/12359
+			docElem.appendChild( el ).innerHTML = "<a id='" + expando + "'></a>" +
+				"<select id='" + expando + "-\r\\' msallowcapture=''>" +
+				"<option selected=''></option></select>";
+
+			// Support: IE8, Opera 11-12.16
+			// Nothing should be selected when empty strings follow ^= or $= or *=
+			// The test attribute must be unknown in Opera but "safe" for WinRT
+			// https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section
+			if ( el.querySelectorAll("[msallowcapture^='']").length ) {
+				rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" );
+			}
+
+			// Support: IE8
+			// Boolean attributes and "value" are not treated correctly
+			if ( !el.querySelectorAll("[selected]").length ) {
+				rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" );
+			}
+
+			// Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+
+			if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) {
+				rbuggyQSA.push("~=");
+			}
+
+			// Webkit/Opera - :checked should return selected option elements
+			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			// IE8 throws error here and will not see later tests
+			if ( !el.querySelectorAll(":checked").length ) {
+				rbuggyQSA.push(":checked");
+			}
+
+			// Support: Safari 8+, iOS 8+
+			// https://bugs.webkit.org/show_bug.cgi?id=136851
+			// In-page `selector#id sibling-combinator selector` fails
+			if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) {
+				rbuggyQSA.push(".#.+[+~]");
+			}
+		});
+
+		assert(function( el ) {
+			el.innerHTML = "<a href='' disabled='disabled'></a>" +
+				"<select disabled='disabled'><option/></select>";
+
+			// Support: Windows 8 Native Apps
+			// The type and name attributes are restricted during .innerHTML assignment
+			var input = document.createElement("input");
+			input.setAttribute( "type", "hidden" );
+			el.appendChild( input ).setAttribute( "name", "D" );
+
+			// Support: IE8
+			// Enforce case-sensitivity of name attribute
+			if ( el.querySelectorAll("[name=d]").length ) {
+				rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" );
+			}
+
+			// FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled)
+			// IE8 throws error here and will not see later tests
+			if ( el.querySelectorAll(":enabled").length !== 2 ) {
+				rbuggyQSA.push( ":enabled", ":disabled" );
+			}
+
+			// Support: IE9-11+
+			// IE's :disabled selector does not pick up the children of disabled fieldsets
+			docElem.appendChild( el ).disabled = true;
+			if ( el.querySelectorAll(":disabled").length !== 2 ) {
+				rbuggyQSA.push( ":enabled", ":disabled" );
+			}
+
+			// Opera 10-11 does not throw on post-comma invalid pseudos
+			el.querySelectorAll("*,:x");
+			rbuggyQSA.push(",.*:");
+		});
+	}
+
+	if ( (support.matchesSelector = rnative.test( (matches = docElem.matches ||
+		docElem.webkitMatchesSelector ||
+		docElem.mozMatchesSelector ||
+		docElem.oMatchesSelector ||
+		docElem.msMatchesSelector) )) ) {
+
+		assert(function( el ) {
+			// Check to see if it's possible to do matchesSelector
+			// on a disconnected node (IE 9)
+			support.disconnectedMatch = matches.call( el, "*" );
+
+			// This should fail with an exception
+			// Gecko does not error, returns false instead
+			matches.call( el, "[s!='']:x" );
+			rbuggyMatches.push( "!=", pseudos );
+		});
+	}
+
+	rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") );
+	rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") );
+
+	/* Contains
+	---------------------------------------------------------------------- */
+	hasCompare = rnative.test( docElem.compareDocumentPosition );
+
+	// Element contains another
+	// Purposefully self-exclusive
+	// As in, an element does not contain itself
+	contains = hasCompare || rnative.test( docElem.contains ) ?
+		function( a, b ) {
+			var adown = a.nodeType === 9 ? a.documentElement : a,
+				bup = b && b.parentNode;
+			return a === bup || !!( bup && bup.nodeType === 1 && (
+				adown.contains ?
+					adown.contains( bup ) :
+					a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16
+			));
+		} :
+		function( a, b ) {
+			if ( b ) {
+				while ( (b = b.parentNode) ) {
+					if ( b === a ) {
+						return true;
+					}
+				}
+			}
+			return false;
+		};
+
+	/* Sorting
+	---------------------------------------------------------------------- */
+
+	// Document order sorting
+	sortOrder = hasCompare ?
+	function( a, b ) {
+
+		// Flag for duplicate removal
+		if ( a === b ) {
+			hasDuplicate = true;
+			return 0;
+		}
+
+		// Sort on method existence if only one input has compareDocumentPosition
+		var compare = !a.compareDocumentPosition - !b.compareDocumentPosition;
+		if ( compare ) {
+			return compare;
+		}
+
+		// Calculate position if both inputs belong to the same document
+		compare = ( a.ownerDocument || a ) === ( b.ownerDocument || b ) ?
+			a.compareDocumentPosition( b ) :
+
+			// Otherwise we know they are disconnected
+			1;
+
+		// Disconnected nodes
+		if ( compare & 1 ||
+			(!support.sortDetached && b.compareDocumentPosition( a ) === compare) ) {
+
+			// Choose the first element that is related to our preferred document
+			if ( a === document || a.ownerDocument === preferredDoc && contains(preferredDoc, a) ) {
+				return -1;
+			}
+			if ( b === document || b.ownerDocument === preferredDoc && contains(preferredDoc, b) ) {
+				return 1;
+			}
+
+			// Maintain original order
+			return sortInput ?
+				( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) :
+				0;
+		}
+
+		return compare & 4 ? -1 : 1;
+	} :
+	function( a, b ) {
+		// Exit early if the nodes are identical
+		if ( a === b ) {
+			hasDuplicate = true;
+			return 0;
+		}
+
+		var cur,
+			i = 0,
+			aup = a.parentNode,
+			bup = b.parentNode,
+			ap = [ a ],
+			bp = [ b ];
+
+		// Parentless nodes are either documents or disconnected
+		if ( !aup || !bup ) {
+			return a === document ? -1 :
+				b === document ? 1 :
+				aup ? -1 :
+				bup ? 1 :
+				sortInput ?
+				( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) :
+				0;
+
+		// If the nodes are siblings, we can do a quick check
+		} else if ( aup === bup ) {
+			return siblingCheck( a, b );
+		}
+
+		// Otherwise we need full lists of their ancestors for comparison
+		cur = a;
+		while ( (cur = cur.parentNode) ) {
+			ap.unshift( cur );
+		}
+		cur = b;
+		while ( (cur = cur.parentNode) ) {
+			bp.unshift( cur );
+		}
+
+		// Walk down the tree looking for a discrepancy
+		while ( ap[i] === bp[i] ) {
+			i++;
+		}
+
+		return i ?
+			// Do a sibling check if the nodes have a common ancestor
+			siblingCheck( ap[i], bp[i] ) :
+
+			// Otherwise nodes in our document sort first
+			ap[i] === preferredDoc ? -1 :
+			bp[i] === preferredDoc ? 1 :
+			0;
+	};
+
+	return document;
+};
+
+Sizzle.matches = function( expr, elements ) {
+	return Sizzle( expr, null, null, elements );
+};
+
+Sizzle.matchesSelector = function( elem, expr ) {
+	// Set document vars if needed
+	if ( ( elem.ownerDocument || elem ) !== document ) {
+		setDocument( elem );
+	}
+
+	// Make sure that attribute selectors are quoted
+	expr = expr.replace( rattributeQuotes, "='$1']" );
+
+	if ( support.matchesSelector && documentIsHTML &&
+		!compilerCache[ expr + " " ] &&
+		( !rbuggyMatches || !rbuggyMatches.test( expr ) ) &&
+		( !rbuggyQSA     || !rbuggyQSA.test( expr ) ) ) {
+
+		try {
+			var ret = matches.call( elem, expr );
+
+			// IE 9's matchesSelector returns false on disconnected nodes
+			if ( ret || support.disconnectedMatch ||
+					// As well, disconnected nodes are said to be in a document
+					// fragment in IE 9
+					elem.document && elem.document.nodeType !== 11 ) {
+				return ret;
+			}
+		} catch (e) {}
+	}
+
+	return Sizzle( expr, document, null, [ elem ] ).length > 0;
+};
+
+Sizzle.contains = function( context, elem ) {
+	// Set document vars if needed
+	if ( ( context.ownerDocument || context ) !== document ) {
+		setDocument( context );
+	}
+	return contains( context, elem );
+};
+
+Sizzle.attr = function( elem, name ) {
+	// Set document vars if needed
+	if ( ( elem.ownerDocument || elem ) !== document ) {
+		setDocument( elem );
+	}
+
+	var fn = Expr.attrHandle[ name.toLowerCase() ],
+		// Don't get fooled by Object.prototype properties (jQuery #13807)
+		val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ?
+			fn( elem, name, !documentIsHTML ) :
+			undefined;
+
+	return val !== undefined ?
+		val :
+		support.attributes || !documentIsHTML ?
+			elem.getAttribute( name ) :
+			(val = elem.getAttributeNode(name)) && val.specified ?
+				val.value :
+				null;
+};
+
+Sizzle.escape = function( sel ) {
+	return (sel + "").replace( rcssescape, fcssescape );
+};
+
+Sizzle.error = function( msg ) {
+	throw new Error( "Syntax error, unrecognized expression: " + msg );
+};
+
+/**
+ * Document sorting and removing duplicates
+ * @param {ArrayLike} results
+ */
+Sizzle.uniqueSort = function( results ) {
+	var elem,
+		duplicates = [],
+		j = 0,
+		i = 0;
+
+	// Unless we *know* we can detect duplicates, assume their presence
+	hasDuplicate = !support.detectDuplicates;
+	sortInput = !support.sortStable && results.slice( 0 );
+	results.sort( sortOrder );
+
+	if ( hasDuplicate ) {
+		while ( (elem = results[i++]) ) {
+			if ( elem === results[ i ] ) {
+				j = duplicates.push( i );
+			}
+		}
+		while ( j-- ) {
+			results.splice( duplicates[ j ], 1 );
+		}
+	}
+
+	// Clear input after sorting to release objects
+	// See https://github.com/jquery/sizzle/pull/225
+	sortInput = null;
+
+	return results;
+};
+
+/**
+ * Utility function for retrieving the text value of an array of DOM nodes
+ * @param {Array|Element} elem
+ */
+getText = Sizzle.getText = function( elem ) {
+	var node,
+		ret = "",
+		i = 0,
+		nodeType = elem.nodeType;
+
+	if ( !nodeType ) {
+		// If no nodeType, this is expected to be an array
+		while ( (node = elem[i++]) ) {
+			// Do not traverse comment nodes
+			ret += getText( node );
+		}
+	} else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) {
+		// Use textContent for elements
+		// innerText usage removed for consistency of new lines (jQuery #11153)
+		if ( typeof elem.textContent === "string" ) {
+			return elem.textContent;
+		} else {
+			// Traverse its children
+			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
+				ret += getText( elem );
+			}
+		}
+	} else if ( nodeType === 3 || nodeType === 4 ) {
+		return elem.nodeValue;
+	}
+	// Do not include comment or processing instruction nodes
+
+	return ret;
+};
+
+Expr = Sizzle.selectors = {
+
+	// Can be adjusted by the user
+	cacheLength: 50,
+
+	createPseudo: markFunction,
+
+	match: matchExpr,
+
+	attrHandle: {},
+
+	find: {},
+
+	relative: {
+		">": { dir: "parentNode", first: true },
+		" ": { dir: "parentNode" },
+		"+": { dir: "previousSibling", first: true },
+		"~": { dir: "previousSibling" }
+	},
+
+	preFilter: {
+		"ATTR": function( match ) {
+			match[1] = match[1].replace( runescape, funescape );
+
+			// Move the given value to match[3] whether quoted or unquoted
+			match[3] = ( match[3] || match[4] || match[5] || "" ).replace( runescape, funescape );
+
+			if ( match[2] === "~=" ) {
+				match[3] = " " + match[3] + " ";
+			}
+
+			return match.slice( 0, 4 );
+		},
+
+		"CHILD": function( match ) {
+			/* matches from matchExpr["CHILD"]
+				1 type (only|nth|...)
+				2 what (child|of-type)
+				3 argument (even|odd|\d*|\d*n([+-]\d+)?|...)
+				4 xn-component of xn+y argument ([+-]?\d*n|)
+				5 sign of xn-component
+				6 x of xn-component
+				7 sign of y-component
+				8 y of y-component
+			*/
+			match[1] = match[1].toLowerCase();
+
+			if ( match[1].slice( 0, 3 ) === "nth" ) {
+				// nth-* requires argument
+				if ( !match[3] ) {
+					Sizzle.error( match[0] );
+				}
+
+				// numeric x and y parameters for Expr.filter.CHILD
+				// remember that false/true cast respectively to 0/1
+				match[4] = +( match[4] ? match[5] + (match[6] || 1) : 2 * ( match[3] === "even" || match[3] === "odd" ) );
+				match[5] = +( ( match[7] + match[8] ) || match[3] === "odd" );
+
+			// other types prohibit arguments
+			} else if ( match[3] ) {
+				Sizzle.error( match[0] );
+			}
+
+			return match;
+		},
+
+		"PSEUDO": function( match ) {
+			var excess,
+				unquoted = !match[6] && match[2];
+
+			if ( matchExpr["CHILD"].test( match[0] ) ) {
+				return null;
+			}
+
+			// Accept quoted arguments as-is
+			if ( match[3] ) {
+				match[2] = match[4] || match[5] || "";
+
+			// Strip excess characters from unquoted arguments
+			} else if ( unquoted && rpseudo.test( unquoted ) &&
+				// Get excess from tokenize (recursively)
+				(excess = tokenize( unquoted, true )) &&
+				// advance to the next closing parenthesis
+				(excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length) ) {
+
+				// excess is a negative index
+				match[0] = match[0].slice( 0, excess );
+				match[2] = unquoted.slice( 0, excess );
+			}
+
+			// Return only captures needed by the pseudo filter method (type and argument)
+			return match.slice( 0, 3 );
+		}
+	},
+
+	filter: {
+
+		"TAG": function( nodeNameSelector ) {
+			var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase();
+			return nodeNameSelector === "*" ?
+				function() { return true; } :
+				function( elem ) {
+					return elem.nodeName && elem.nodeName.toLowerCase() === nodeName;
+				};
+		},
+
+		"CLASS": function( className ) {
+			var pattern = classCache[ className + " " ];
+
+			return pattern ||
+				(pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) &&
+				classCache( className, function( elem ) {
+					return pattern.test( typeof elem.className === "string" && elem.className || typeof elem.getAttribute !== "undefined" && elem.getAttribute("class") || "" );
+				});
+		},
+
+		"ATTR": function( name, operator, check ) {
+			return function( elem ) {
+				var result = Sizzle.attr( elem, name );
+
+				if ( result == null ) {
+					return operator === "!=";
+				}
+				if ( !operator ) {
+					return true;
+				}
+
+				result += "";
+
+				return operator === "=" ? result === check :
+					operator === "!=" ? result !== check :
+					operator === "^=" ? check && result.indexOf( check ) === 0 :
+					operator === "*=" ? check && result.indexOf( check ) > -1 :
+					operator === "$=" ? check && result.slice( -check.length ) === check :
+					operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 :
+					operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" :
+					false;
+			};
+		},
+
+		"CHILD": function( type, what, argument, first, last ) {
+			var simple = type.slice( 0, 3 ) !== "nth",
+				forward = type.slice( -4 ) !== "last",
+				ofType = what === "of-type";
+
+			return first === 1 && last === 0 ?
+
+				// Shortcut for :nth-*(n)
+				function( elem ) {
+					return !!elem.parentNode;
+				} :
+
+				function( elem, context, xml ) {
+					var cache, uniqueCache, outerCache, node, nodeIndex, start,
+						dir = simple !== forward ? "nextSibling" : "previousSibling",
+						parent = elem.parentNode,
+						name = ofType && elem.nodeName.toLowerCase(),
+						useCache = !xml && !ofType,
+						diff = false;
+
+					if ( parent ) {
+
+						// :(first|last|only)-(child|of-type)
+						if ( simple ) {
+							while ( dir ) {
+								node = elem;
+								while ( (node = node[ dir ]) ) {
+									if ( ofType ?
+										node.nodeName.toLowerCase() === name :
+										node.nodeType === 1 ) {
+
+										return false;
+									}
+								}
+								// Reverse direction for :only-* (if we haven't yet done so)
+								start = dir = type === "only" && !start && "nextSibling";
+							}
+							return true;
+						}
+
+						start = [ forward ? parent.firstChild : parent.lastChild ];
+
+						// non-xml :nth-child(...) stores cache data on `parent`
+						if ( forward && useCache ) {
+
+							// Seek `elem` from a previously-cached index
+
+							// ...in a gzip-friendly way
+							node = parent;
+							outerCache = node[ expando ] || (node[ expando ] = {});
+
+							// Support: IE <9 only
+							// Defend against cloned attroperties (jQuery gh-1709)
+							uniqueCache = outerCache[ node.uniqueID ] ||
+								(outerCache[ node.uniqueID ] = {});
+
+							cache = uniqueCache[ type ] || [];
+							nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ];
+							diff = nodeIndex && cache[ 2 ];
+							node = nodeIndex && parent.childNodes[ nodeIndex ];
+
+							while ( (node = ++nodeIndex && node && node[ dir ] ||
+
+								// Fallback to seeking `elem` from the start
+								(diff = nodeIndex = 0) || start.pop()) ) {
+
+								// When found, cache indexes on `parent` and break
+								if ( node.nodeType === 1 && ++diff && node === elem ) {
+									uniqueCache[ type ] = [ dirruns, nodeIndex, diff ];
+									break;
+								}
+							}
+
+						} else {
+							// Use previously-cached element index if available
+							if ( useCache ) {
+								// ...in a gzip-friendly way
+								node = elem;
+								outerCache = node[ expando ] || (node[ expando ] = {});
+
+								// Support: IE <9 only
+								// Defend against cloned attroperties (jQuery gh-1709)
+								uniqueCache = outerCache[ node.uniqueID ] ||
+									(outerCache[ node.uniqueID ] = {});
+
+								cache = uniqueCache[ type ] || [];
+								nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ];
+								diff = nodeIndex;
+							}
+
+							// xml :nth-child(...)
+							// or :nth-last-child(...) or :nth(-last)?-of-type(...)
+							if ( diff === false ) {
+								// Use the same loop as above to seek `elem` from the start
+								while ( (node = ++nodeIndex && node && node[ dir ] ||
+									(diff = nodeIndex = 0) || start.pop()) ) {
+
+									if ( ( ofType ?
+										node.nodeName.toLowerCase() === name :
+										node.nodeType === 1 ) &&
+										++diff ) {
+
+										// Cache the index of each encountered element
+										if ( useCache ) {
+											outerCache = node[ expando ] || (node[ expando ] = {});
+
+											// Support: IE <9 only
+											// Defend against cloned attroperties (jQuery gh-1709)
+											uniqueCache = outerCache[ node.uniqueID ] ||
+												(outerCache[ node.uniqueID ] = {});
+
+											uniqueCache[ type ] = [ dirruns, diff ];
+										}
+
+										if ( node === elem ) {
+											break;
+										}
+									}
+								}
+							}
+						}
+
+						// Incorporate the offset, then check against cycle size
+						diff -= last;
+						return diff === first || ( diff % first === 0 && diff / first >= 0 );
+					}
+				};
+		},
+
+		"PSEUDO": function( pseudo, argument ) {
+			// pseudo-class names are case-insensitive
+			// http://www.w3.org/TR/selectors/#pseudo-classes
+			// Prioritize by case sensitivity in case custom pseudos are added with uppercase letters
+			// Remember that setFilters inherits from pseudos
+			var args,
+				fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] ||
+					Sizzle.error( "unsupported pseudo: " + pseudo );
+
+			// The user may use createPseudo to indicate that
+			// arguments are needed to create the filter function
+			// just as Sizzle does
+			if ( fn[ expando ] ) {
+				return fn( argument );
+			}
+
+			// But maintain support for old signatures
+			if ( fn.length > 1 ) {
+				args = [ pseudo, pseudo, "", argument ];
+				return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ?
+					markFunction(function( seed, matches ) {
+						var idx,
+							matched = fn( seed, argument ),
+							i = matched.length;
+						while ( i-- ) {
+							idx = indexOf( seed, matched[i] );
+							seed[ idx ] = !( matches[ idx ] = matched[i] );
+						}
+					}) :
+					function( elem ) {
+						return fn( elem, 0, args );
+					};
+			}
+
+			return fn;
+		}
+	},
+
+	pseudos: {
+		// Potentially complex pseudos
+		"not": markFunction(function( selector ) {
+			// Trim the selector passed to compile
+			// to avoid treating leading and trailing
+			// spaces as combinators
+			var input = [],
+				results = [],
+				matcher = compile( selector.replace( rtrim, "$1" ) );
+
+			return matcher[ expando ] ?
+				markFunction(function( seed, matches, context, xml ) {
+					var elem,
+						unmatched = matcher( seed, null, xml, [] ),
+						i = seed.length;
+
+					// Match elements unmatched by `matcher`
+					while ( i-- ) {
+						if ( (elem = unmatched[i]) ) {
+							seed[i] = !(matches[i] = elem);
+						}
+					}
+				}) :
+				function( elem, context, xml ) {
+					input[0] = elem;
+					matcher( input, null, xml, results );
+					// Don't keep the element (issue #299)
+					input[0] = null;
+					return !results.pop();
+				};
+		}),
+
+		"has": markFunction(function( selector ) {
+			return function( elem ) {
+				return Sizzle( selector, elem ).length > 0;
+			};
+		}),
+
+		"contains": markFunction(function( text ) {
+			text = text.replace( runescape, funescape );
+			return function( elem ) {
+				return ( elem.textContent || elem.innerText || getText( elem ) ).indexOf( text ) > -1;
+			};
+		}),
+
+		// "Whether an element is represented by a :lang() selector
+		// is based solely on the element's language value
+		// being equal to the identifier C,
+		// or beginning with the identifier C immediately followed by "-".
+		// The matching of C against the element's language value is performed case-insensitively.
+		// The identifier C does not have to be a valid language name."
+		// http://www.w3.org/TR/selectors/#lang-pseudo
+		"lang": markFunction( function( lang ) {
+			// lang value must be a valid identifier
+			if ( !ridentifier.test(lang || "") ) {
+				Sizzle.error( "unsupported lang: " + lang );
+			}
+			lang = lang.replace( runescape, funescape ).toLowerCase();
+			return function( elem ) {
+				var elemLang;
+				do {
+					if ( (elemLang = documentIsHTML ?
+						elem.lang :
+						elem.getAttribute("xml:lang") || elem.getAttribute("lang")) ) {
+
+						elemLang = elemLang.toLowerCase();
+						return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0;
+					}
+				} while ( (elem = elem.parentNode) && elem.nodeType === 1 );
+				return false;
+			};
+		}),
+
+		// Miscellaneous
+		"target": function( elem ) {
+			var hash = window.location && window.location.hash;
+			return hash && hash.slice( 1 ) === elem.id;
+		},
+
+		"root": function( elem ) {
+			return elem === docElem;
+		},
+
+		"focus": function( elem ) {
+			return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) && !!(elem.type || elem.href || ~elem.tabIndex);
+		},
+
+		// Boolean properties
+		"enabled": createDisabledPseudo( false ),
+		"disabled": createDisabledPseudo( true ),
+
+		"checked": function( elem ) {
+			// In CSS3, :checked should return both checked and selected elements
+			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			var nodeName = elem.nodeName.toLowerCase();
+			return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected);
+		},
+
+		"selected": function( elem ) {
+			// Accessing this property makes selected-by-default
+			// options in Safari work properly
+			if ( elem.parentNode ) {
+				elem.parentNode.selectedIndex;
+			}
+
+			return elem.selected === true;
+		},
+
+		// Contents
+		"empty": function( elem ) {
+			// http://www.w3.org/TR/selectors/#empty-pseudo
+			// :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5),
+			//   but not by others (comment: 8; processing instruction: 7; etc.)
+			// nodeType < 6 works because attributes (2) do not appear as children
+			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
+				if ( elem.nodeType < 6 ) {
+					return false;
+				}
+			}
+			return true;
+		},
+
+		"parent": function( elem ) {
+			return !Expr.pseudos["empty"]( elem );
+		},
+
+		// Element/input types
+		"header": function( elem ) {
+			return rheader.test( elem.nodeName );
+		},
+
+		"input": function( elem ) {
+			return rinputs.test( elem.nodeName );
+		},
+
+		"button": function( elem ) {
+			var name = elem.nodeName.toLowerCase();
+			return name === "input" && elem.type === "button" || name === "button";
+		},
+
+		"text": function( elem ) {
+			var attr;
+			return elem.nodeName.toLowerCase() === "input" &&
+				elem.type === "text" &&
+
+				// Support: IE<8
+				// New HTML5 attribute values (e.g., "search") appear with elem.type === "text"
+				( (attr = elem.getAttribute("type")) == null || attr.toLowerCase() === "text" );
+		},
+
+		// Position-in-collection
+		"first": createPositionalPseudo(function() {
+			return [ 0 ];
+		}),
+
+		"last": createPositionalPseudo(function( matchIndexes, length ) {
+			return [ length - 1 ];
+		}),
+
+		"eq": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			return [ argument < 0 ? argument + length : argument ];
+		}),
+
+		"even": createPositionalPseudo(function( matchIndexes, length ) {
+			var i = 0;
+			for ( ; i < length; i += 2 ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"odd": createPositionalPseudo(function( matchIndexes, length ) {
+			var i = 1;
+			for ( ; i < length; i += 2 ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"lt": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			var i = argument < 0 ? argument + length : argument;
+			for ( ; --i >= 0; ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"gt": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			var i = argument < 0 ? argument + length : argument;
+			for ( ; ++i < length; ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		})
+	}
+};
+
+Expr.pseudos["nth"] = Expr.pseudos["eq"];
+
+// Add button/input type pseudos
+for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) {
+	Expr.pseudos[ i ] = createInputPseudo( i );
+}
+for ( i in { submit: true, reset: true } ) {
+	Expr.pseudos[ i ] = createButtonPseudo( i );
+}
+
+// Easy API for creating new setFilters
+function setFilters() {}
+setFilters.prototype = Expr.filters = Expr.pseudos;
+Expr.setFilters = new setFilters();
+
+tokenize = Sizzle.tokenize = function( selector, parseOnly ) {
+	var matched, match, tokens, type,
+		soFar, groups, preFilters,
+		cached = tokenCache[ selector + " " ];
+
+	if ( cached ) {
+		return parseOnly ? 0 : cached.slice( 0 );
+	}
+
+	soFar = selector;
+	groups = [];
+	preFilters = Expr.preFilter;
+
+	while ( soFar ) {
+
+		// Comma and first run
+		if ( !matched || (match = rcomma.exec( soFar )) ) {
+			if ( match ) {
+				// Don't consume trailing commas as valid
+				soFar = soFar.slice( match[0].length ) || soFar;
+			}
+			groups.push( (tokens = []) );
+		}
+
+		matched = false;
+
+		// Combinators
+		if ( (match = rcombinators.exec( soFar )) ) {
+			matched = match.shift();
+			tokens.push({
+				value: matched,
+				// Cast descendant combinators to space
+				type: match[0].replace( rtrim, " " )
+			});
+			soFar = soFar.slice( matched.length );
+		}
+
+		// Filters
+		for ( type in Expr.filter ) {
+			if ( (match = matchExpr[ type ].exec( soFar )) && (!preFilters[ type ] ||
+				(match = preFilters[ type ]( match ))) ) {
+				matched = match.shift();
+				tokens.push({
+					value: matched,
+					type: type,
+					matches: match
+				});
+				soFar = soFar.slice( matched.length );
+			}
+		}
+
+		if ( !matched ) {
+			break;
+		}
+	}
+
+	// Return the length of the invalid excess
+	// if we're just parsing
+	// Otherwise, throw an error or return tokens
+	return parseOnly ?
+		soFar.length :
+		soFar ?
+			Sizzle.error( selector ) :
+			// Cache the tokens
+			tokenCache( selector, groups ).slice( 0 );
+};
+
+function toSelector( tokens ) {
+	var i = 0,
+		len = tokens.length,
+		selector = "";
+	for ( ; i < len; i++ ) {
+		selector += tokens[i].value;
+	}
+	return selector;
+}
+
+function addCombinator( matcher, combinator, base ) {
+	var dir = combinator.dir,
+		skip = combinator.next,
+		key = skip || dir,
+		checkNonElements = base && key === "parentNode",
+		doneName = done++;
+
+	return combinator.first ?
+		// Check against closest ancestor/preceding element
+		function( elem, context, xml ) {
+			while ( (elem = elem[ dir ]) ) {
+				if ( elem.nodeType === 1 || checkNonElements ) {
+					return matcher( elem, context, xml );
+				}
+			}
+			return false;
+		} :
+
+		// Check against all ancestor/preceding elements
+		function( elem, context, xml ) {
+			var oldCache, uniqueCache, outerCache,
+				newCache = [ dirruns, doneName ];
+
+			// We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching
+			if ( xml ) {
+				while ( (elem = elem[ dir ]) ) {
+					if ( elem.nodeType === 1 || checkNonElements ) {
+						if ( matcher( elem, context, xml ) ) {
+							return true;
+						}
+					}
+				}
+			} else {
+				while ( (elem = elem[ dir ]) ) {
+					if ( elem.nodeType === 1 || checkNonElements ) {
+						outerCache = elem[ expando ] || (elem[ expando ] = {});
+
+						// Support: IE <9 only
+						// Defend against cloned attroperties (jQuery gh-1709)
+						uniqueCache = outerCache[ elem.uniqueID ] || (outerCache[ elem.uniqueID ] = {});
+
+						if ( skip && skip === elem.nodeName.toLowerCase() ) {
+							elem = elem[ dir ] || elem;
+						} else if ( (oldCache = uniqueCache[ key ]) &&
+							oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) {
+
+							// Assign to newCache so results back-propagate to previous elements
+							return (newCache[ 2 ] = oldCache[ 2 ]);
+						} else {
+							// Reuse newcache so results back-propagate to previous elements
+							uniqueCache[ key ] = newCache;
+
+							// A match means we're done; a fail means we have to keep checking
+							if ( (newCache[ 2 ] = matcher( elem, context, xml )) ) {
+								return true;
+							}
+						}
+					}
+				}
+			}
+			return false;
+		};
+}
+
+function elementMatcher( matchers ) {
+	return matchers.length > 1 ?
+		function( elem, context, xml ) {
+			var i = matchers.length;
+			while ( i-- ) {
+				if ( !matchers[i]( elem, context, xml ) ) {
+					return false;
+				}
+			}
+			return true;
+		} :
+		matchers[0];
+}
+
+function multipleContexts( selector, contexts, results ) {
+	var i = 0,
+		len = contexts.length;
+	for ( ; i < len; i++ ) {
+		Sizzle( selector, contexts[i], results );
+	}
+	return results;
+}
+
+function condense( unmatched, map, filter, context, xml ) {
+	var elem,
+		newUnmatched = [],
+		i = 0,
+		len = unmatched.length,
+		mapped = map != null;
+
+	for ( ; i < len; i++ ) {
+		if ( (elem = unmatched[i]) ) {
+			if ( !filter || filter( elem, context, xml ) ) {
+				newUnmatched.push( elem );
+				if ( mapped ) {
+					map.push( i );
+				}
+			}
+		}
+	}
+
+	return newUnmatched;
+}
+
+function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) {
+	if ( postFilter && !postFilter[ expando ] ) {
+		postFilter = setMatcher( postFilter );
+	}
+	if ( postFinder && !postFinder[ expando ] ) {
+		postFinder = setMatcher( postFinder, postSelector );
+	}
+	return markFunction(function( seed, results, context, xml ) {
+		var temp, i, elem,
+			preMap = [],
+			postMap = [],
+			preexisting = results.length,
+
+			// Get initial elements from seed or context
+			elems = seed || multipleContexts( selector || "*", context.nodeType ? [ context ] : context, [] ),
+
+			// Prefilter to get matcher input, preserving a map for seed-results synchronization
+			matcherIn = preFilter && ( seed || !selector ) ?
+				condense( elems, preMap, preFilter, context, xml ) :
+				elems,
+
+			matcherOut = matcher ?
+				// If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results,
+				postFinder || ( seed ? preFilter : preexisting || postFilter ) ?
+
+					// ...intermediate processing is necessary
+					[] :
+
+					// ...otherwise use results directly
+					results :
+				matcherIn;
+
+		// Find primary matches
+		if ( matcher ) {
+			matcher( matcherIn, matcherOut, context, xml );
+		}
+
+		// Apply postFilter
+		if ( postFilter ) {
+			temp = condense( matcherOut, postMap );
+			postFilter( temp, [], context, xml );
+
+			// Un-match failing elements by moving them back to matcherIn
+			i = temp.length;
+			while ( i-- ) {
+				if ( (elem = temp[i]) ) {
+					matcherOut[ postMap[i] ] = !(matcherIn[ postMap[i] ] = elem);
+				}
+			}
+		}
+
+		if ( seed ) {
+			if ( postFinder || preFilter ) {
+				if ( postFinder ) {
+					// Get the final matcherOut by condensing this intermediate into postFinder contexts
+					temp = [];
+					i = matcherOut.length;
+					while ( i-- ) {
+						if ( (elem = matcherOut[i]) ) {
+							// Restore matcherIn since elem is not yet a final match
+							temp.push( (matcherIn[i] = elem) );
+						}
+					}
+					postFinder( null, (matcherOut = []), temp, xml );
+				}
+
+				// Move matched elements from seed to results to keep them synchronized
+				i = matcherOut.length;
+				while ( i-- ) {
+					if ( (elem = matcherOut[i]) &&
+						(temp = postFinder ? indexOf( seed, elem ) : preMap[i]) > -1 ) {
+
+						seed[temp] = !(results[temp] = elem);
+					}
+				}
+			}
+
+		// Add elements to results, through postFinder if defined
+		} else {
+			matcherOut = condense(
+				matcherOut === results ?
+					matcherOut.splice( preexisting, matcherOut.length ) :
+					matcherOut
+			);
+			if ( postFinder ) {
+				postFinder( null, results, matcherOut, xml );
+			} else {
+				push.apply( results, matcherOut );
+			}
+		}
+	});
+}
+
+function matcherFromTokens( tokens ) {
+	var checkContext, matcher, j,
+		len = tokens.length,
+		leadingRelative = Expr.relative[ tokens[0].type ],
+		implicitRelative = leadingRelative || Expr.relative[" "],
+		i = leadingRelative ? 1 : 0,
+
+		// The foundational matcher ensures that elements are reachable from top-level context(s)
+		matchContext = addCombinator( function( elem ) {
+			return elem === checkContext;
+		}, implicitRelative, true ),
+		matchAnyContext = addCombinator( function( elem ) {
+			return indexOf( checkContext, elem ) > -1;
+		}, implicitRelative, true ),
+		matchers = [ function( elem, context, xml ) {
+			var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || (
+				(checkContext = context).nodeType ?
+					matchContext( elem, context, xml ) :
+					matchAnyContext( elem, context, xml ) );
+			// Avoid hanging onto element (issue #299)
+			checkContext = null;
+			return ret;
+		} ];
+
+	for ( ; i < len; i++ ) {
+		if ( (matcher = Expr.relative[ tokens[i].type ]) ) {
+			matchers = [ addCombinator(elementMatcher( matchers ), matcher) ];
+		} else {
+			matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches );
+
+			// Return special upon seeing a positional matcher
+			if ( matcher[ expando ] ) {
+				// Find the next relative operator (if any) for proper handling
+				j = ++i;
+				for ( ; j < len; j++ ) {
+					if ( Expr.relative[ tokens[j].type ] ) {
+						break;
+					}
+				}
+				return setMatcher(
+					i > 1 && elementMatcher( matchers ),
+					i > 1 && toSelector(
+						// If the preceding token was a descendant combinator, insert an implicit any-element `*`
+						tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === " " ? "*" : "" })
+					).replace( rtrim, "$1" ),
+					matcher,
+					i < j && matcherFromTokens( tokens.slice( i, j ) ),
+					j < len && matcherFromTokens( (tokens = tokens.slice( j )) ),
+					j < len && toSelector( tokens )
+				);
+			}
+			matchers.push( matcher );
+		}
+	}
+
+	return elementMatcher( matchers );
+}
+
+function matcherFromGroupMatchers( elementMatchers, setMatchers ) {
+	var bySet = setMatchers.length > 0,
+		byElement = elementMatchers.length > 0,
+		superMatcher = function( seed, context, xml, results, outermost ) {
+			var elem, j, matcher,
+				matchedCount = 0,
+				i = "0",
+				unmatched = seed && [],
+				setMatched = [],
+				contextBackup = outermostContext,
+				// We must always have either seed elements or outermost context
+				elems = seed || byElement && Expr.find["TAG"]( "*", outermost ),
+				// Use integer dirruns iff this is the outermost matcher
+				dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1),
+				len = elems.length;
+
+			if ( outermost ) {
+				outermostContext = context === document || context || outermost;
+			}
+
+			// Add elements passing elementMatchers directly to results
+			// Support: IE<9, Safari
+			// Tolerate NodeList properties (IE: "length"; Safari: <number>) matching elements by id
+			for ( ; i !== len && (elem = elems[i]) != null; i++ ) {
+				if ( byElement && elem ) {
+					j = 0;
+					if ( !context && elem.ownerDocument !== document ) {
+						setDocument( elem );
+						xml = !documentIsHTML;
+					}
+					while ( (matcher = elementMatchers[j++]) ) {
+						if ( matcher( elem, context || document, xml) ) {
+							results.push( elem );
+							break;
+						}
+					}
+					if ( outermost ) {
+						dirruns = dirrunsUnique;
+					}
+				}
+
+				// Track unmatched elements for set filters
+				if ( bySet ) {
+					// They will have gone through all possible matchers
+					if ( (elem = !matcher && elem) ) {
+						matchedCount--;
+					}
+
+					// Lengthen the array for every element, matched or not
+					if ( seed ) {
+						unmatched.push( elem );
+					}
+				}
+			}
+
+			// `i` is now the count of elements visited above, and adding it to `matchedCount`
+			// makes the latter nonnegative.
+			matchedCount += i;
+
+			// Apply set filters to unmatched elements
+			// NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount`
+			// equals `i`), unless we didn't visit _any_ elements in the above loop because we have
+			// no element matchers and no seed.
+			// Incrementing an initially-string "0" `i` allows `i` to remain a string only in that
+			// case, which will result in a "00" `matchedCount` that differs from `i` but is also
+			// numerically zero.
+			if ( bySet && i !== matchedCount ) {
+				j = 0;
+				while ( (matcher = setMatchers[j++]) ) {
+					matcher( unmatched, setMatched, context, xml );
+				}
+
+				if ( seed ) {
+					// Reintegrate element matches to eliminate the need for sorting
+					if ( matchedCount > 0 ) {
+						while ( i-- ) {
+							if ( !(unmatched[i] || setMatched[i]) ) {
+								setMatched[i] = pop.call( results );
+							}
+						}
+					}
+
+					// Discard index placeholder values to get only actual matches
+					setMatched = condense( setMatched );
+				}
+
+				// Add matches to results
+				push.apply( results, setMatched );
+
+				// Seedless set matches succeeding multiple successful matchers stipulate sorting
+				if ( outermost && !seed && setMatched.length > 0 &&
+					( matchedCount + setMatchers.length ) > 1 ) {
+
+					Sizzle.uniqueSort( results );
+				}
+			}
+
+			// Override manipulation of globals by nested matchers
+			if ( outermost ) {
+				dirruns = dirrunsUnique;
+				outermostContext = contextBackup;
+			}
+
+			return unmatched;
+		};
+
+	return bySet ?
+		markFunction( superMatcher ) :
+		superMatcher;
+}
+
+compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) {
+	var i,
+		setMatchers = [],
+		elementMatchers = [],
+		cached = compilerCache[ selector + " " ];
+
+	if ( !cached ) {
+		// Generate a function of recursive functions that can be used to check each element
+		if ( !match ) {
+			match = tokenize( selector );
+		}
+		i = match.length;
+		while ( i-- ) {
+			cached = matcherFromTokens( match[i] );
+			if ( cached[ expando ] ) {
+				setMatchers.push( cached );
+			} else {
+				elementMatchers.push( cached );
+			}
+		}
+
+		// Cache the compiled function
+		cached = compilerCache( selector, matcherFromGroupMatchers( elementMatchers, setMatchers ) );
+
+		// Save selector and tokenization
+		cached.selector = selector;
+	}
+	return cached;
+};
+
+/**
+ * A low-level selection function that works with Sizzle's compiled
+ *  selector functions
+ * @param {String|Function} selector A selector or a pre-compiled
+ *  selector function built with Sizzle.compile
+ * @param {Element} context
+ * @param {Array} [results]
+ * @param {Array} [seed] A set of elements to match against
+ */
+select = Sizzle.select = function( selector, context, results, seed ) {
+	var i, tokens, token, type, find,
+		compiled = typeof selector === "function" && selector,
+		match = !seed && tokenize( (selector = compiled.selector || selector) );
+
+	results = results || [];
+
+	// Try to minimize operations if there is only one selector in the list and no seed
+	// (the latter of which guarantees us context)
+	if ( match.length === 1 ) {
+
+		// Reduce context if the leading compound selector is an ID
+		tokens = match[0] = match[0].slice( 0 );
+		if ( tokens.length > 2 && (token = tokens[0]).type === "ID" &&
+				context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[1].type ] ) {
+
+			context = ( Expr.find["ID"]( token.matches[0].replace(runescape, funescape), context ) || [] )[0];
+			if ( !context ) {
+				return results;
+
+			// Precompiled matchers will still verify ancestry, so step up a level
+			} else if ( compiled ) {
+				context = context.parentNode;
+			}
+
+			selector = selector.slice( tokens.shift().value.length );
+		}
+
+		// Fetch a seed set for right-to-left matching
+		i = matchExpr["needsContext"].test( selector ) ? 0 : tokens.length;
+		while ( i-- ) {
+			token = tokens[i];
+
+			// Abort if we hit a combinator
+			if ( Expr.relative[ (type = token.type) ] ) {
+				break;
+			}
+			if ( (find = Expr.find[ type ]) ) {
+				// Search, expanding context for leading sibling combinators
+				if ( (seed = find(
+					token.matches[0].replace( runescape, funescape ),
+					rsibling.test( tokens[0].type ) && testContext( context.parentNode ) || context
+				)) ) {
+
+					// If seed is empty or no tokens remain, we can return early
+					tokens.splice( i, 1 );
+					selector = seed.length && toSelector( tokens );
+					if ( !selector ) {
+						push.apply( results, seed );
+						return results;
+					}
+
+					break;
+				}
+			}
+		}
+	}
+
+	// Compile and execute a filtering function if one is not provided
+	// Provide `match` to avoid retokenization if we modified the selector above
+	( compiled || compile( selector, match ) )(
+		seed,
+		context,
+		!documentIsHTML,
+		results,
+		!context || rsibling.test( selector ) && testContext( context.parentNode ) || context
+	);
+	return results;
+};
+
+// One-time assignments
+
+// Sort stability
+support.sortStable = expando.split("").sort( sortOrder ).join("") === expando;
+
+// Support: Chrome 14-35+
+// Always assume duplicates if they aren't passed to the comparison function
+support.detectDuplicates = !!hasDuplicate;
+
+// Initialize against the default document
+setDocument();
+
+// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27)
+// Detached nodes confoundingly follow *each other*
+support.sortDetached = assert(function( el ) {
+	// Should return 1, but returns 4 (following)
+	return el.compareDocumentPosition( document.createElement("fieldset") ) & 1;
+});
+
+// Support: IE<8
+// Prevent attribute/property "interpolation"
+// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx
+if ( !assert(function( el ) {
+	el.innerHTML = "<a href='#'></a>";
+	return el.firstChild.getAttribute("href") === "#" ;
+}) ) {
+	addHandle( "type|href|height|width", function( elem, name, isXML ) {
+		if ( !isXML ) {
+			return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 );
+		}
+	});
+}
+
+// Support: IE<9
+// Use defaultValue in place of getAttribute("value")
+if ( !support.attributes || !assert(function( el ) {
+	el.innerHTML = "<input/>";
+	el.firstChild.setAttribute( "value", "" );
+	return el.firstChild.getAttribute( "value" ) === "";
+}) ) {
+	addHandle( "value", function( elem, name, isXML ) {
+		if ( !isXML && elem.nodeName.toLowerCase() === "input" ) {
+			return elem.defaultValue;
+		}
+	});
+}
+
+// Support: IE<9
+// Use getAttributeNode to fetch booleans when getAttribute lies
+if ( !assert(function( el ) {
+	return el.getAttribute("disabled") == null;
+}) ) {
+	addHandle( booleans, function( elem, name, isXML ) {
+		var val;
+		if ( !isXML ) {
+			return elem[ name ] === true ? name.toLowerCase() :
+					(val = elem.getAttributeNode( name )) && val.specified ?
+					val.value :
+				null;
+		}
+	});
+}
+
+return Sizzle;
+
+})( window );
+
+
+
+jQuery.find = Sizzle;
+jQuery.expr = Sizzle.selectors;
+
+// Deprecated
+jQuery.expr[ ":" ] = jQuery.expr.pseudos;
+jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort;
+jQuery.text = Sizzle.getText;
+jQuery.isXMLDoc = Sizzle.isXML;
+jQuery.contains = Sizzle.contains;
+jQuery.escapeSelector = Sizzle.escape;
+
+
+
+
+var dir = function( elem, dir, until ) {
+	var matched = [],
+		truncate = until !== undefined;
+
+	while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) {
+		if ( elem.nodeType === 1 ) {
+			if ( truncate && jQuery( elem ).is( until ) ) {
+				break;
+			}
+			matched.push( elem );
+		}
+	}
+	return matched;
+};
+
+
+var siblings = function( n, elem ) {
+	var matched = [];
+
+	for ( ; n; n = n.nextSibling ) {
+		if ( n.nodeType === 1 && n !== elem ) {
+			matched.push( n );
+		}
+	}
+
+	return matched;
+};
+
+
+var rneedsContext = jQuery.expr.match.needsContext;
+
+
+
+function nodeName( elem, name ) {
+
+  return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase();
+
+};
+var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i );
+
+
+
+var risSimple = /^.[^:#\[\.,]*$/;
+
+// Implement the identical functionality for filter and not
+function winnow( elements, qualifier, not ) {
+	if ( jQuery.isFunction( qualifier ) ) {
+		return jQuery.grep( elements, function( elem, i ) {
+			return !!qualifier.call( elem, i, elem ) !== not;
+		} );
+	}
+
+	// Single element
+	if ( qualifier.nodeType ) {
+		return jQuery.grep( elements, function( elem ) {
+			return ( elem === qualifier ) !== not;
+		} );
+	}
+
+	// Arraylike of elements (jQuery, arguments, Array)
+	if ( typeof qualifier !== "string" ) {
+		return jQuery.grep( elements, function( elem ) {
+			return ( indexOf.call( qualifier, elem ) > -1 ) !== not;
+		} );
+	}
+
+	// Simple selector that can be filtered directly, removing non-Elements
+	if ( risSimple.test( qualifier ) ) {
+		return jQuery.filter( qualifier, elements, not );
+	}
+
+	// Complex selector, compare the two sets, removing non-Elements
+	qualifier = jQuery.filter( qualifier, elements );
+	return jQuery.grep( elements, function( elem ) {
+		return ( indexOf.call( qualifier, elem ) > -1 ) !== not && elem.nodeType === 1;
+	} );
+}
+
+jQuery.filter = function( expr, elems, not ) {
+	var elem = elems[ 0 ];
+
+	if ( not ) {
+		expr = ":not(" + expr + ")";
+	}
+
+	if ( elems.length === 1 && elem.nodeType === 1 ) {
+		return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : [];
+	}
+
+	return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) {
+		return elem.nodeType === 1;
+	} ) );
+};
+
+jQuery.fn.extend( {
+	find: function( selector ) {
+		var i, ret,
+			len = this.length,
+			self = this;
+
+		if ( typeof selector !== "string" ) {
+			return this.pushStack( jQuery( selector ).filter( function() {
+				for ( i = 0; i < len; i++ ) {
+					if ( jQuery.contains( self[ i ], this ) ) {
+						return true;
+					}
+				}
+			} ) );
+		}
+
+		ret = this.pushStack( [] );
+
+		for ( i = 0; i < len; i++ ) {
+			jQuery.find( selector, self[ i ], ret );
+		}
+
+		return len > 1 ? jQuery.uniqueSort( ret ) : ret;
+	},
+	filter: function( selector ) {
+		return this.pushStack( winnow( this, selector || [], false ) );
+	},
+	not: function( selector ) {
+		return this.pushStack( winnow( this, selector || [], true ) );
+	},
+	is: function( selector ) {
+		return !!winnow(
+			this,
+
+			// If this is a positional/relative selector, check membership in the returned set
+			// so $("p:first").is("p:last") won't return true for a doc with two "p".
+			typeof selector === "string" && rneedsContext.test( selector ) ?
+				jQuery( selector ) :
+				selector || [],
+			false
+		).length;
+	}
+} );
+
+
+// Initialize a jQuery object
+
+
+// A central reference to the root jQuery(document)
+var rootjQuery,
+
+	// A simple way to check for HTML strings
+	// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
+	// Strict HTML recognition (#11290: must start with <)
+	// Shortcut simple #id case for speed
+	rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/,
+
+	init = jQuery.fn.init = function( selector, context, root ) {
+		var match, elem;
+
+		// HANDLE: $(""), $(null), $(undefined), $(false)
+		if ( !selector ) {
+			return this;
+		}
+
+		// Method init() accepts an alternate rootjQuery
+		// so migrate can support jQuery.sub (gh-2101)
+		root = root || rootjQuery;
+
+		// Handle HTML strings
+		if ( typeof selector === "string" ) {
+			if ( selector[ 0 ] === "<" &&
+				selector[ selector.length - 1 ] === ">" &&
+				selector.length >= 3 ) {
+
+				// Assume that strings that start and end with <> are HTML and skip the regex check
+				match = [ null, selector, null ];
+
+			} else {
+				match = rquickExpr.exec( selector );
+			}
+
+			// Match html or make sure no context is specified for #id
+			if ( match && ( match[ 1 ] || !context ) ) {
+
+				// HANDLE: $(html) -> $(array)
+				if ( match[ 1 ] ) {
+					context = context instanceof jQuery ? context[ 0 ] : context;
+
+					// Option to run scripts is true for back-compat
+					// Intentionally let the error be thrown if parseHTML is not present
+					jQuery.merge( this, jQuery.parseHTML(
+						match[ 1 ],
+						context && context.nodeType ? context.ownerDocument || context : document,
+						true
+					) );
+
+					// HANDLE: $(html, props)
+					if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) {
+						for ( match in context ) {
+
+							// Properties of context are called as methods if possible
+							if ( jQuery.isFunction( this[ match ] ) ) {
+								this[ match ]( context[ match ] );
+
+							// ...and otherwise set as attributes
+							} else {
+								this.attr( match, context[ match ] );
+							}
+						}
+					}
+
+					return this;
+
+				// HANDLE: $(#id)
+				} else {
+					elem = document.getElementById( match[ 2 ] );
+
+					if ( elem ) {
+
+						// Inject the element directly into the jQuery object
+						this[ 0 ] = elem;
+						this.length = 1;
+					}
+					return this;
+				}
+
+			// HANDLE: $(expr, $(...))
+			} else if ( !context || context.jquery ) {
+				return ( context || root ).find( selector );
+
+			// HANDLE: $(expr, context)
+			// (which is just equivalent to: $(context).find(expr)
+			} else {
+				return this.constructor( context ).find( selector );
+			}
+
+		// HANDLE: $(DOMElement)
+		} else if ( selector.nodeType ) {
+			this[ 0 ] = selector;
+			this.length = 1;
+			return this;
+
+		// HANDLE: $(function)
+		// Shortcut for document ready
+		} else if ( jQuery.isFunction( selector ) ) {
+			return root.ready !== undefined ?
+				root.ready( selector ) :
+
+				// Execute immediately if ready is not present
+				selector( jQuery );
+		}
+
+		return jQuery.makeArray( selector, this );
+	};
+
+// Give the init function the jQuery prototype for later instantiation
+init.prototype = jQuery.fn;
+
+// Initialize central reference
+rootjQuery = jQuery( document );
+
+
+var rparentsprev = /^(?:parents|prev(?:Until|All))/,
+
+	// Methods guaranteed to produce a unique set when starting from a unique set
+	guaranteedUnique = {
+		children: true,
+		contents: true,
+		next: true,
+		prev: true
+	};
+
+jQuery.fn.extend( {
+	has: function( target ) {
+		var targets = jQuery( target, this ),
+			l = targets.length;
+
+		return this.filter( function() {
+			var i = 0;
+			for ( ; i < l; i++ ) {
+				if ( jQuery.contains( this, targets[ i ] ) ) {
+					return true;
+				}
+			}
+		} );
+	},
+
+	closest: function( selectors, context ) {
+		var cur,
+			i = 0,
+			l = this.length,
+			matched = [],
+			targets = typeof selectors !== "string" && jQuery( selectors );
+
+		// Positional selectors never match, since there's no _selection_ context
+		if ( !rneedsContext.test( selectors ) ) {
+			for ( ; i < l; i++ ) {
+				for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) {
+
+					// Always skip document fragments
+					if ( cur.nodeType < 11 && ( targets ?
+						targets.index( cur ) > -1 :
+
+						// Don't pass non-elements to Sizzle
+						cur.nodeType === 1 &&
+							jQuery.find.matchesSelector( cur, selectors ) ) ) {
+
+						matched.push( cur );
+						break;
+					}
+				}
+			}
+		}
+
+		return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched );
+	},
+
+	// Determine the position of an element within the set
+	index: function( elem ) {
+
+		// No argument, return index in parent
+		if ( !elem ) {
+			return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1;
+		}
+
+		// Index in selector
+		if ( typeof elem === "string" ) {
+			return indexOf.call( jQuery( elem ), this[ 0 ] );
+		}
+
+		// Locate the position of the desired element
+		return indexOf.call( this,
+
+			// If it receives a jQuery object, the first element is used
+			elem.jquery ? elem[ 0 ] : elem
+		);
+	},
+
+	add: function( selector, context ) {
+		return this.pushStack(
+			jQuery.uniqueSort(
+				jQuery.merge( this.get(), jQuery( selector, context ) )
+			)
+		);
+	},
+
+	addBack: function( selector ) {
+		return this.add( selector == null ?
+			this.prevObject : this.prevObject.filter( selector )
+		);
+	}
+} );
+
+function sibling( cur, dir ) {
+	while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {}
+	return cur;
+}
+
+jQuery.each( {
+	parent: function( elem ) {
+		var parent = elem.parentNode;
+		return parent && parent.nodeType !== 11 ? parent : null;
+	},
+	parents: function( elem ) {
+		return dir( elem, "parentNode" );
+	},
+	parentsUntil: function( elem, i, until ) {
+		return dir( elem, "parentNode", until );
+	},
+	next: function( elem ) {
+		return sibling( elem, "nextSibling" );
+	},
+	prev: function( elem ) {
+		return sibling( elem, "previousSibling" );
+	},
+	nextAll: function( elem ) {
+		return dir( elem, "nextSibling" );
+	},
+	prevAll: function( elem ) {
+		return dir( elem, "previousSibling" );
+	},
+	nextUntil: function( elem, i, until ) {
+		return dir( elem, "nextSibling", until );
+	},
+	prevUntil: function( elem, i, until ) {
+		return dir( elem, "previousSibling", until );
+	},
+	siblings: function( elem ) {
+		return siblings( ( elem.parentNode || {} ).firstChild, elem );
+	},
+	children: function( elem ) {
+		return siblings( elem.firstChild );
+	},
+	contents: function( elem ) {
+        if ( nodeName( elem, "iframe" ) ) {
+            return elem.contentDocument;
+        }
+
+        // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only
+        // Treat the template element as a regular one in browsers that
+        // don't support it.
+        if ( nodeName( elem, "template" ) ) {
+            elem = elem.content || elem;
+        }
+
+        return jQuery.merge( [], elem.childNodes );
+	}
+}, function( name, fn ) {
+	jQuery.fn[ name ] = function( until, selector ) {
+		var matched = jQuery.map( this, fn, until );
+
+		if ( name.slice( -5 ) !== "Until" ) {
+			selector = until;
+		}
+
+		if ( selector && typeof selector === "string" ) {
+			matched = jQuery.filter( selector, matched );
+		}
+
+		if ( this.length > 1 ) {
+
+			// Remove duplicates
+			if ( !guaranteedUnique[ name ] ) {
+				jQuery.uniqueSort( matched );
+			}
+
+			// Reverse order for parents* and prev-derivatives
+			if ( rparentsprev.test( name ) ) {
+				matched.reverse();
+			}
+		}
+
+		return this.pushStack( matched );
+	};
+} );
+var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g );
+
+
+
+// Convert String-formatted options into Object-formatted ones
+function createOptions( options ) {
+	var object = {};
+	jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) {
+		object[ flag ] = true;
+	} );
+	return object;
+}
+
+/*
+ * Create a callback list using the following parameters:
+ *
+ *	options: an optional list of space-separated options that will change how
+ *			the callback list behaves or a more traditional option object
+ *
+ * By default a callback list will act like an event callback list and can be
+ * "fired" multiple times.
+ *
+ * Possible options:
+ *
+ *	once:			will ensure the callback list can only be fired once (like a Deferred)
+ *
+ *	memory:			will keep track of previous values and will call any callback added
+ *					after the list has been fired right away with the latest "memorized"
+ *					values (like a Deferred)
+ *
+ *	unique:			will ensure a callback can only be added once (no duplicate in the list)
+ *
+ *	stopOnFalse:	interrupt callings when a callback returns false
+ *
+ */
+jQuery.Callbacks = function( options ) {
+
+	// Convert options from String-formatted to Object-formatted if needed
+	// (we check in cache first)
+	options = typeof options === "string" ?
+		createOptions( options ) :
+		jQuery.extend( {}, options );
+
+	var // Flag to know if list is currently firing
+		firing,
+
+		// Last fire value for non-forgettable lists
+		memory,
+
+		// Flag to know if list was already fired
+		fired,
+
+		// Flag to prevent firing
+		locked,
+
+		// Actual callback list
+		list = [],
+
+		// Queue of execution data for repeatable lists
+		queue = [],
+
+		// Index of currently firing callback (modified by add/remove as needed)
+		firingIndex = -1,
+
+		// Fire callbacks
+		fire = function() {
+
+			// Enforce single-firing
+			locked = locked || options.once;
+
+			// Execute callbacks for all pending executions,
+			// respecting firingIndex overrides and runtime changes
+			fired = firing = true;
+			for ( ; queue.length; firingIndex = -1 ) {
+				memory = queue.shift();
+				while ( ++firingIndex < list.length ) {
+
+					// Run callback and check for early termination
+					if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false &&
+						options.stopOnFalse ) {
+
+						// Jump to end and forget the data so .add doesn't re-fire
+						firingIndex = list.length;
+						memory = false;
+					}
+				}
+			}
+
+			// Forget the data if we're done with it
+			if ( !options.memory ) {
+				memory = false;
+			}
+
+			firing = false;
+
+			// Clean up if we're done firing for good
+			if ( locked ) {
+
+				// Keep an empty list if we have data for future add calls
+				if ( memory ) {
+					list = [];
+
+				// Otherwise, this object is spent
+				} else {
+					list = "";
+				}
+			}
+		},
+
+		// Actual Callbacks object
+		self = {
+
+			// Add a callback or a collection of callbacks to the list
+			add: function() {
+				if ( list ) {
+
+					// If we have memory from a past run, we should fire after adding
+					if ( memory && !firing ) {
+						firingIndex = list.length - 1;
+						queue.push( memory );
+					}
+
+					( function add( args ) {
+						jQuery.each( args, function( _, arg ) {
+							if ( jQuery.isFunction( arg ) ) {
+								if ( !options.unique || !self.has( arg ) ) {
+									list.push( arg );
+								}
+							} else if ( arg && arg.length && jQuery.type( arg ) !== "string" ) {
+
+								// Inspect recursively
+								add( arg );
+							}
+						} );
+					} )( arguments );
+
+					if ( memory && !firing ) {
+						fire();
+					}
+				}
+				return this;
+			},
+
+			// Remove a callback from the list
+			remove: function() {
+				jQuery.each( arguments, function( _, arg ) {
+					var index;
+					while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) {
+						list.splice( index, 1 );
+
+						// Handle firing indexes
+						if ( index <= firingIndex ) {
+							firingIndex--;
+						}
+					}
+				} );
+				return this;
+			},
+
+			// Check if a given callback is in the list.
+			// If no argument is given, return whether or not list has callbacks attached.
+			has: function( fn ) {
+				return fn ?
+					jQuery.inArray( fn, list ) > -1 :
+					list.length > 0;
+			},
+
+			// Remove all callbacks from the list
+			empty: function() {
+				if ( list ) {
+					list = [];
+				}
+				return this;
+			},
+
+			// Disable .fire and .add
+			// Abort any current/pending executions
+			// Clear all callbacks and values
+			disable: function() {
+				locked = queue = [];
+				list = memory = "";
+				return this;
+			},
+			disabled: function() {
+				return !list;
+			},
+
+			// Disable .fire
+			// Also disable .add unless we have memory (since it would have no effect)
+			// Abort any pending executions
+			lock: function() {
+				locked = queue = [];
+				if ( !memory && !firing ) {
+					list = memory = "";
+				}
+				return this;
+			},
+			locked: function() {
+				return !!locked;
+			},
+
+			// Call all callbacks with the given context and arguments
+			fireWith: function( context, args ) {
+				if ( !locked ) {
+					args = args || [];
+					args = [ context, args.slice ? args.slice() : args ];
+					queue.push( args );
+					if ( !firing ) {
+						fire();
+					}
+				}
+				return this;
+			},
+
+			// Call all the callbacks with the given arguments
+			fire: function() {
+				self.fireWith( this, arguments );
+				return this;
+			},
+
+			// To know if the callbacks have already been called at least once
+			fired: function() {
+				return !!fired;
+			}
+		};
+
+	return self;
+};
+
+
+function Identity( v ) {
+	return v;
+}
+function Thrower( ex ) {
+	throw ex;
+}
+
+function adoptValue( value, resolve, reject, noValue ) {
+	var method;
+
+	try {
+
+		// Check for promise aspect first to privilege synchronous behavior
+		if ( value && jQuery.isFunction( ( method = value.promise ) ) ) {
+			method.call( value ).done( resolve ).fail( reject );
+
+		// Other thenables
+		} else if ( value && jQuery.isFunction( ( method = value.then ) ) ) {
+			method.call( value, resolve, reject );
+
+		// Other non-thenables
+		} else {
+
+			// Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer:
+			// * false: [ value ].slice( 0 ) => resolve( value )
+			// * true: [ value ].slice( 1 ) => resolve()
+			resolve.apply( undefined, [ value ].slice( noValue ) );
+		}
+
+	// For Promises/A+, convert exceptions into rejections
+	// Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in
+	// Deferred#then to conditionally suppress rejection.
+	} catch ( value ) {
+
+		// Support: Android 4.0 only
+		// Strict mode functions invoked without .call/.apply get global-object context
+		reject.apply( undefined, [ value ] );
+	}
+}
+
+jQuery.extend( {
+
+	Deferred: function( func ) {
+		var tuples = [
+
+				// action, add listener, callbacks,
+				// ... .then handlers, argument index, [final state]
+				[ "notify", "progress", jQuery.Callbacks( "memory" ),
+					jQuery.Callbacks( "memory" ), 2 ],
+				[ "resolve", "done", jQuery.Callbacks( "once memory" ),
+					jQuery.Callbacks( "once memory" ), 0, "resolved" ],
+				[ "reject", "fail", jQuery.Callbacks( "once memory" ),
+					jQuery.Callbacks( "once memory" ), 1, "rejected" ]
+			],
+			state = "pending",
+			promise = {
+				state: function() {
+					return state;
+				},
+				always: function() {
+					deferred.done( arguments ).fail( arguments );
+					return this;
+				},
+				"catch": function( fn ) {
+					return promise.then( null, fn );
+				},
+
+				// Keep pipe for back-compat
+				pipe: function( /* fnDone, fnFail, fnProgress */ ) {
+					var fns = arguments;
+
+					return jQuery.Deferred( function( newDefer ) {
+						jQuery.each( tuples, function( i, tuple ) {
+
+							// Map tuples (progress, done, fail) to arguments (done, fail, progress)
+							var fn = jQuery.isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ];
+
+							// deferred.progress(function() { bind to newDefer or newDefer.notify })
+							// deferred.done(function() { bind to newDefer or newDefer.resolve })
+							// deferred.fail(function() { bind to newDefer or newDefer.reject })
+							deferred[ tuple[ 1 ] ]( function() {
+								var returned = fn && fn.apply( this, arguments );
+								if ( returned && jQuery.isFunction( returned.promise ) ) {
+									returned.promise()
+										.progress( newDefer.notify )
+										.done( newDefer.resolve )
+										.fail( newDefer.reject );
+								} else {
+									newDefer[ tuple[ 0 ] + "With" ](
+										this,
+										fn ? [ returned ] : arguments
+									);
+								}
+							} );
+						} );
+						fns = null;
+					} ).promise();
+				},
+				then: function( onFulfilled, onRejected, onProgress ) {
+					var maxDepth = 0;
+					function resolve( depth, deferred, handler, special ) {
+						return function() {
+							var that = this,
+								args = arguments,
+								mightThrow = function() {
+									var returned, then;
+
+									// Support: Promises/A+ section 2.3.3.3.3
+									// https://promisesaplus.com/#point-59
+									// Ignore double-resolution attempts
+									if ( depth < maxDepth ) {
+										return;
+									}
+
+									returned = handler.apply( that, args );
+
+									// Support: Promises/A+ section 2.3.1
+									// https://promisesaplus.com/#point-48
+									if ( returned === deferred.promise() ) {
+										throw new TypeError( "Thenable self-resolution" );
+									}
+
+									// Support: Promises/A+ sections 2.3.3.1, 3.5
+									// https://promisesaplus.com/#point-54
+									// https://promisesaplus.com/#point-75
+									// Retrieve `then` only once
+									then = returned &&
+
+										// Support: Promises/A+ section 2.3.4
+										// https://promisesaplus.com/#point-64
+										// Only check objects and functions for thenability
+										( typeof returned === "object" ||
+											typeof returned === "function" ) &&
+										returned.then;
+
+									// Handle a returned thenable
+									if ( jQuery.isFunction( then ) ) {
+
+										// Special processors (notify) just wait for resolution
+										if ( special ) {
+											then.call(
+												returned,
+												resolve( maxDepth, deferred, Identity, special ),
+												resolve( maxDepth, deferred, Thrower, special )
+											);
+
+										// Normal processors (resolve) also hook into progress
+										} else {
+
+											// ...and disregard older resolution values
+											maxDepth++;
+
+											then.call(
+												returned,
+												resolve( maxDepth, deferred, Identity, special ),
+												resolve( maxDepth, deferred, Thrower, special ),
+												resolve( maxDepth, deferred, Identity,
+													deferred.notifyWith )
+											);
+										}
+
+									// Handle all other returned values
+									} else {
+
+										// Only substitute handlers pass on context
+										// and multiple values (non-spec behavior)
+										if ( handler !== Identity ) {
+											that = undefined;
+											args = [ returned ];
+										}
+
+										// Process the value(s)
+										// Default process is resolve
+										( special || deferred.resolveWith )( that, args );
+									}
+								},
+
+								// Only normal processors (resolve) catch and reject exceptions
+								process = special ?
+									mightThrow :
+									function() {
+										try {
+											mightThrow();
+										} catch ( e ) {
+
+											if ( jQuery.Deferred.exceptionHook ) {
+												jQuery.Deferred.exceptionHook( e,
+													process.stackTrace );
+											}
+
+											// Support: Promises/A+ section 2.3.3.3.4.1
+											// https://promisesaplus.com/#point-61
+											// Ignore post-resolution exceptions
+											if ( depth + 1 >= maxDepth ) {
+
+												// Only substitute handlers pass on context
+												// and multiple values (non-spec behavior)
+												if ( handler !== Thrower ) {
+													that = undefined;
+													args = [ e ];
+												}
+
+												deferred.rejectWith( that, args );
+											}
+										}
+									};
+
+							// Support: Promises/A+ section 2.3.3.3.1
+							// https://promisesaplus.com/#point-57
+							// Re-resolve promises immediately to dodge false rejection from
+							// subsequent errors
+							if ( depth ) {
+								process();
+							} else {
+
+								// Call an optional hook to record the stack, in case of exception
+								// since it's otherwise lost when execution goes async
+								if ( jQuery.Deferred.getStackHook ) {
+									process.stackTrace = jQuery.Deferred.getStackHook();
+								}
+								window.setTimeout( process );
+							}
+						};
+					}
+
+					return jQuery.Deferred( function( newDefer ) {
+
+						// progress_handlers.add( ... )
+						tuples[ 0 ][ 3 ].add(
+							resolve(
+								0,
+								newDefer,
+								jQuery.isFunction( onProgress ) ?
+									onProgress :
+									Identity,
+								newDefer.notifyWith
+							)
+						);
+
+						// fulfilled_handlers.add( ... )
+						tuples[ 1 ][ 3 ].add(
+							resolve(
+								0,
+								newDefer,
+								jQuery.isFunction( onFulfilled ) ?
+									onFulfilled :
+									Identity
+							)
+						);
+
+						// rejected_handlers.add( ... )
+						tuples[ 2 ][ 3 ].add(
+							resolve(
+								0,
+								newDefer,
+								jQuery.isFunction( onRejected ) ?
+									onRejected :
+									Thrower
+							)
+						);
+					} ).promise();
+				},
+
+				// Get a promise for this deferred
+				// If obj is provided, the promise aspect is added to the object
+				promise: function( obj ) {
+					return obj != null ? jQuery.extend( obj, promise ) : promise;
+				}
+			},
+			deferred = {};
+
+		// Add list-specific methods
+		jQuery.each( tuples, function( i, tuple ) {
+			var list = tuple[ 2 ],
+				stateString = tuple[ 5 ];
+
+			// promise.progress = list.add
+			// promise.done = list.add
+			// promise.fail = list.add
+			promise[ tuple[ 1 ] ] = list.add;
+
+			// Handle state
+			if ( stateString ) {
+				list.add(
+					function() {
+
+						// state = "resolved" (i.e., fulfilled)
+						// state = "rejected"
+						state = stateString;
+					},
+
+					// rejected_callbacks.disable
+					// fulfilled_callbacks.disable
+					tuples[ 3 - i ][ 2 ].disable,
+
+					// progress_callbacks.lock
+					tuples[ 0 ][ 2 ].lock
+				);
+			}
+
+			// progress_handlers.fire
+			// fulfilled_handlers.fire
+			// rejected_handlers.fire
+			list.add( tuple[ 3 ].fire );
+
+			// deferred.notify = function() { deferred.notifyWith(...) }
+			// deferred.resolve = function() { deferred.resolveWith(...) }
+			// deferred.reject = function() { deferred.rejectWith(...) }
+			deferred[ tuple[ 0 ] ] = function() {
+				deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments );
+				return this;
+			};
+
+			// deferred.notifyWith = list.fireWith
+			// deferred.resolveWith = list.fireWith
+			// deferred.rejectWith = list.fireWith
+			deferred[ tuple[ 0 ] + "With" ] = list.fireWith;
+		} );
+
+		// Make the deferred a promise
+		promise.promise( deferred );
+
+		// Call given func if any
+		if ( func ) {
+			func.call( deferred, deferred );
+		}
+
+		// All done!
+		return deferred;
+	},
+
+	// Deferred helper
+	when: function( singleValue ) {
+		var
+
+			// count of uncompleted subordinates
+			remaining = arguments.length,
+
+			// count of unprocessed arguments
+			i = remaining,
+
+			// subordinate fulfillment data
+			resolveContexts = Array( i ),
+			resolveValues = slice.call( arguments ),
+
+			// the master Deferred
+			master = jQuery.Deferred(),
+
+			// subordinate callback factory
+			updateFunc = function( i ) {
+				return function( value ) {
+					resolveContexts[ i ] = this;
+					resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value;
+					if ( !( --remaining ) ) {
+						master.resolveWith( resolveContexts, resolveValues );
+					}
+				};
+			};
+
+		// Single- and empty arguments are adopted like Promise.resolve
+		if ( remaining <= 1 ) {
+			adoptValue( singleValue, master.done( updateFunc( i ) ).resolve, master.reject,
+				!remaining );
+
+			// Use .then() to unwrap secondary thenables (cf. gh-3000)
+			if ( master.state() === "pending" ||
+				jQuery.isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) {
+
+				return master.then();
+			}
+		}
+
+		// Multiple arguments are aggregated like Promise.all array elements
+		while ( i-- ) {
+			adoptValue( resolveValues[ i ], updateFunc( i ), master.reject );
+		}
+
+		return master.promise();
+	}
+} );
+
+
+// These usually indicate a programmer mistake during development,
+// warn about them ASAP rather than swallowing them by default.
+var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;
+
+jQuery.Deferred.exceptionHook = function( error, stack ) {
+
+	// Support: IE 8 - 9 only
+	// Console exists when dev tools are open, which can happen at any time
+	if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) {
+		window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack );
+	}
+};
+
+
+
+
+jQuery.readyException = function( error ) {
+	window.setTimeout( function() {
+		throw error;
+	} );
+};
+
+
+
+
+// The deferred used on DOM ready
+var readyList = jQuery.Deferred();
+
+jQuery.fn.ready = function( fn ) {
+
+	readyList
+		.then( fn )
+
+		// Wrap jQuery.readyException in a function so that the lookup
+		// happens at the time of error handling instead of callback
+		// registration.
+		.catch( function( error ) {
+			jQuery.readyException( error );
+		} );
+
+	return this;
+};
+
+jQuery.extend( {
+
+	// Is the DOM ready to be used? Set to true once it occurs.
+	isReady: false,
+
+	// A counter to track how many items to wait for before
+	// the ready event fires. See #6781
+	readyWait: 1,
+
+	// Handle when the DOM is ready
+	ready: function( wait ) {
+
+		// Abort if there are pending holds or we're already ready
+		if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) {
+			return;
+		}
+
+		// Remember that the DOM is ready
+		jQuery.isReady = true;
+
+		// If a normal DOM Ready event fired, decrement, and wait if need be
+		if ( wait !== true && --jQuery.readyWait > 0 ) {
+			return;
+		}
+
+		// If there are functions bound, to execute
+		readyList.resolveWith( document, [ jQuery ] );
+	}
+} );
+
+jQuery.ready.then = readyList.then;
+
+// The ready event handler and self cleanup method
+function completed() {
+	document.removeEventListener( "DOMContentLoaded", completed );
+	window.removeEventListener( "load", completed );
+	jQuery.ready();
+}
+
+// Catch cases where $(document).ready() is called
+// after the browser event has already occurred.
+// Support: IE <=9 - 10 only
+// Older IE sometimes signals "interactive" too soon
+if ( document.readyState === "complete" ||
+	( document.readyState !== "loading" && !document.documentElement.doScroll ) ) {
+
+	// Handle it asynchronously to allow scripts the opportunity to delay ready
+	window.setTimeout( jQuery.ready );
+
+} else {
+
+	// Use the handy event callback
+	document.addEventListener( "DOMContentLoaded", completed );
+
+	// A fallback to window.onload, that will always work
+	window.addEventListener( "load", completed );
+}
+
+
+
+
+// Multifunctional method to get and set values of a collection
+// The value/s can optionally be executed if it's a function
+var access = function( elems, fn, key, value, chainable, emptyGet, raw ) {
+	var i = 0,
+		len = elems.length,
+		bulk = key == null;
+
+	// Sets many values
+	if ( jQuery.type( key ) === "object" ) {
+		chainable = true;
+		for ( i in key ) {
+			access( elems, fn, i, key[ i ], true, emptyGet, raw );
+		}
+
+	// Sets one value
+	} else if ( value !== undefined ) {
+		chainable = true;
+
+		if ( !jQuery.isFunction( value ) ) {
+			raw = true;
+		}
+
+		if ( bulk ) {
+
+			// Bulk operations run against the entire set
+			if ( raw ) {
+				fn.call( elems, value );
+				fn = null;
+
+			// ...except when executing function values
+			} else {
+				bulk = fn;
+				fn = function( elem, key, value ) {
+					return bulk.call( jQuery( elem ), value );
+				};
+			}
+		}
+
+		if ( fn ) {
+			for ( ; i < len; i++ ) {
+				fn(
+					elems[ i ], key, raw ?
+					value :
+					value.call( elems[ i ], i, fn( elems[ i ], key ) )
+				);
+			}
+		}
+	}
+
+	if ( chainable ) {
+		return elems;
+	}
+
+	// Gets
+	if ( bulk ) {
+		return fn.call( elems );
+	}
+
+	return len ? fn( elems[ 0 ], key ) : emptyGet;
+};
+var acceptData = function( owner ) {
+
+	// Accepts only:
+	//  - Node
+	//    - Node.ELEMENT_NODE
+	//    - Node.DOCUMENT_NODE
+	//  - Object
+	//    - Any
+	return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType );
+};
+
+
+
+
+function Data() {
+	this.expando = jQuery.expando + Data.uid++;
+}
+
+Data.uid = 1;
+
+Data.prototype = {
+
+	cache: function( owner ) {
+
+		// Check if the owner object already has a cache
+		var value = owner[ this.expando ];
+
+		// If not, create one
+		if ( !value ) {
+			value = {};
+
+			// We can accept data for non-element nodes in modern browsers,
+			// but we should not, see #8335.
+			// Always return an empty object.
+			if ( acceptData( owner ) ) {
+
+				// If it is a node unlikely to be stringify-ed or looped over
+				// use plain assignment
+				if ( owner.nodeType ) {
+					owner[ this.expando ] = value;
+
+				// Otherwise secure it in a non-enumerable property
+				// configurable must be true to allow the property to be
+				// deleted when data is removed
+				} else {
+					Object.defineProperty( owner, this.expando, {
+						value: value,
+						configurable: true
+					} );
+				}
+			}
+		}
+
+		return value;
+	},
+	set: function( owner, data, value ) {
+		var prop,
+			cache = this.cache( owner );
+
+		// Handle: [ owner, key, value ] args
+		// Always use camelCase key (gh-2257)
+		if ( typeof data === "string" ) {
+			cache[ jQuery.camelCase( data ) ] = value;
+
+		// Handle: [ owner, { properties } ] args
+		} else {
+
+			// Copy the properties one-by-one to the cache object
+			for ( prop in data ) {
+				cache[ jQuery.camelCase( prop ) ] = data[ prop ];
+			}
+		}
+		return cache;
+	},
+	get: function( owner, key ) {
+		return key === undefined ?
+			this.cache( owner ) :
+
+			// Always use camelCase key (gh-2257)
+			owner[ this.expando ] && owner[ this.expando ][ jQuery.camelCase( key ) ];
+	},
+	access: function( owner, key, value ) {
+
+		// In cases where either:
+		//
+		//   1. No key was specified
+		//   2. A string key was specified, but no value provided
+		//
+		// Take the "read" path and allow the get method to determine
+		// which value to return, respectively either:
+		//
+		//   1. The entire cache object
+		//   2. The data stored at the key
+		//
+		if ( key === undefined ||
+				( ( key && typeof key === "string" ) && value === undefined ) ) {
+
+			return this.get( owner, key );
+		}
+
+		// When the key is not a string, or both a key and value
+		// are specified, set or extend (existing objects) with either:
+		//
+		//   1. An object of properties
+		//   2. A key and value
+		//
+		this.set( owner, key, value );
+
+		// Since the "set" path can have two possible entry points
+		// return the expected data based on which path was taken[*]
+		return value !== undefined ? value : key;
+	},
+	remove: function( owner, key ) {
+		var i,
+			cache = owner[ this.expando ];
+
+		if ( cache === undefined ) {
+			return;
+		}
+
+		if ( key !== undefined ) {
+
+			// Support array or space separated string of keys
+			if ( Array.isArray( key ) ) {
+
+				// If key is an array of keys...
+				// We always set camelCase keys, so remove that.
+				key = key.map( jQuery.camelCase );
+			} else {
+				key = jQuery.camelCase( key );
+
+				// If a key with the spaces exists, use it.
+				// Otherwise, create an array by matching non-whitespace
+				key = key in cache ?
+					[ key ] :
+					( key.match( rnothtmlwhite ) || [] );
+			}
+
+			i = key.length;
+
+			while ( i-- ) {
+				delete cache[ key[ i ] ];
+			}
+		}
+
+		// Remove the expando if there's no more data
+		if ( key === undefined || jQuery.isEmptyObject( cache ) ) {
+
+			// Support: Chrome <=35 - 45
+			// Webkit & Blink performance suffers when deleting properties
+			// from DOM nodes, so set to undefined instead
+			// https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted)
+			if ( owner.nodeType ) {
+				owner[ this.expando ] = undefined;
+			} else {
+				delete owner[ this.expando ];
+			}
+		}
+	},
+	hasData: function( owner ) {
+		var cache = owner[ this.expando ];
+		return cache !== undefined && !jQuery.isEmptyObject( cache );
+	}
+};
+var dataPriv = new Data();
+
+var dataUser = new Data();
+
+
+
+//	Implementation Summary
+//
+//	1. Enforce API surface and semantic compatibility with 1.9.x branch
+//	2. Improve the module's maintainability by reducing the storage
+//		paths to a single mechanism.
+//	3. Use the same single mechanism to support "private" and "user" data.
+//	4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData)
+//	5. Avoid exposing implementation details on user objects (eg. expando properties)
+//	6. Provide a clear path for implementation upgrade to WeakMap in 2014
+
+var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,
+	rmultiDash = /[A-Z]/g;
+
+function getData( data ) {
+	if ( data === "true" ) {
+		return true;
+	}
+
+	if ( data === "false" ) {
+		return false;
+	}
+
+	if ( data === "null" ) {
+		return null;
+	}
+
+	// Only convert to a number if it doesn't change the string
+	if ( data === +data + "" ) {
+		return +data;
+	}
+
+	if ( rbrace.test( data ) ) {
+		return JSON.parse( data );
+	}
+
+	return data;
+}
+
+function dataAttr( elem, key, data ) {
+	var name;
+
+	// If nothing was found internally, try to fetch any
+	// data from the HTML5 data-* attribute
+	if ( data === undefined && elem.nodeType === 1 ) {
+		name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase();
+		data = elem.getAttribute( name );
+
+		if ( typeof data === "string" ) {
+			try {
+				data = getData( data );
+			} catch ( e ) {}
+
+			// Make sure we set the data so it isn't changed later
+			dataUser.set( elem, key, data );
+		} else {
+			data = undefined;
+		}
+	}
+	return data;
+}
+
+jQuery.extend( {
+	hasData: function( elem ) {
+		return dataUser.hasData( elem ) || dataPriv.hasData( elem );
+	},
+
+	data: function( elem, name, data ) {
+		return dataUser.access( elem, name, data );
+	},
+
+	removeData: function( elem, name ) {
+		dataUser.remove( elem, name );
+	},
+
+	// TODO: Now that all calls to _data and _removeData have been replaced
+	// with direct calls to dataPriv methods, these can be deprecated.
+	_data: function( elem, name, data ) {
+		return dataPriv.access( elem, name, data );
+	},
+
+	_removeData: function( elem, name ) {
+		dataPriv.remove( elem, name );
+	}
+} );
+
+jQuery.fn.extend( {
+	data: function( key, value ) {
+		var i, name, data,
+			elem = this[ 0 ],
+			attrs = elem && elem.attributes;
+
+		// Gets all values
+		if ( key === undefined ) {
+			if ( this.length ) {
+				data = dataUser.get( elem );
+
+				if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) {
+					i = attrs.length;
+					while ( i-- ) {
+
+						// Support: IE 11 only
+						// The attrs elements can be null (#14894)
+						if ( attrs[ i ] ) {
+							name = attrs[ i ].name;
+							if ( name.indexOf( "data-" ) === 0 ) {
+								name = jQuery.camelCase( name.slice( 5 ) );
+								dataAttr( elem, name, data[ name ] );
+							}
+						}
+					}
+					dataPriv.set( elem, "hasDataAttrs", true );
+				}
+			}
+
+			return data;
+		}
+
+		// Sets multiple values
+		if ( typeof key === "object" ) {
+			return this.each( function() {
+				dataUser.set( this, key );
+			} );
+		}
+
+		return access( this, function( value ) {
+			var data;
+
+			// The calling jQuery object (element matches) is not empty
+			// (and therefore has an element appears at this[ 0 ]) and the
+			// `value` parameter was not undefined. An empty jQuery object
+			// will result in `undefined` for elem = this[ 0 ] which will
+			// throw an exception if an attempt to read a data cache is made.
+			if ( elem && value === undefined ) {
+
+				// Attempt to get data from the cache
+				// The key will always be camelCased in Data
+				data = dataUser.get( elem, key );
+				if ( data !== undefined ) {
+					return data;
+				}
+
+				// Attempt to "discover" the data in
+				// HTML5 custom data-* attrs
+				data = dataAttr( elem, key );
+				if ( data !== undefined ) {
+					return data;
+				}
+
+				// We tried really hard, but the data doesn't exist.
+				return;
+			}
+
+			// Set the data...
+			this.each( function() {
+
+				// We always store the camelCased key
+				dataUser.set( this, key, value );
+			} );
+		}, null, value, arguments.length > 1, null, true );
+	},
+
+	removeData: function( key ) {
+		return this.each( function() {
+			dataUser.remove( this, key );
+		} );
+	}
+} );
+
+
+jQuery.extend( {
+	queue: function( elem, type, data ) {
+		var queue;
+
+		if ( elem ) {
+			type = ( type || "fx" ) + "queue";
+			queue = dataPriv.get( elem, type );
+
+			// Speed up dequeue by getting out quickly if this is just a lookup
+			if ( data ) {
+				if ( !queue || Array.isArray( data ) ) {
+					queue = dataPriv.access( elem, type, jQuery.makeArray( data ) );
+				} else {
+					queue.push( data );
+				}
+			}
+			return queue || [];
+		}
+	},
+
+	dequeue: function( elem, type ) {
+		type = type || "fx";
+
+		var queue = jQuery.queue( elem, type ),
+			startLength = queue.length,
+			fn = queue.shift(),
+			hooks = jQuery._queueHooks( elem, type ),
+			next = function() {
+				jQuery.dequeue( elem, type );
+			};
+
+		// If the fx queue is dequeued, always remove the progress sentinel
+		if ( fn === "inprogress" ) {
+			fn = queue.shift();
+			startLength--;
+		}
+
+		if ( fn ) {
+
+			// Add a progress sentinel to prevent the fx queue from being
+			// automatically dequeued
+			if ( type === "fx" ) {
+				queue.unshift( "inprogress" );
+			}
+
+			// Clear up the last queue stop function
+			delete hooks.stop;
+			fn.call( elem, next, hooks );
+		}
+
+		if ( !startLength && hooks ) {
+			hooks.empty.fire();
+		}
+	},
+
+	// Not public - generate a queueHooks object, or return the current one
+	_queueHooks: function( elem, type ) {
+		var key = type + "queueHooks";
+		return dataPriv.get( elem, key ) || dataPriv.access( elem, key, {
+			empty: jQuery.Callbacks( "once memory" ).add( function() {
+				dataPriv.remove( elem, [ type + "queue", key ] );
+			} )
+		} );
+	}
+} );
+
+jQuery.fn.extend( {
+	queue: function( type, data ) {
+		var setter = 2;
+
+		if ( typeof type !== "string" ) {
+			data = type;
+			type = "fx";
+			setter--;
+		}
+
+		if ( arguments.length < setter ) {
+			return jQuery.queue( this[ 0 ], type );
+		}
+
+		return data === undefined ?
+			this :
+			this.each( function() {
+				var queue = jQuery.queue( this, type, data );
+
+				// Ensure a hooks for this queue
+				jQuery._queueHooks( this, type );
+
+				if ( type === "fx" && queue[ 0 ] !== "inprogress" ) {
+					jQuery.dequeue( this, type );
+				}
+			} );
+	},
+	dequeue: function( type ) {
+		return this.each( function() {
+			jQuery.dequeue( this, type );
+		} );
+	},
+	clearQueue: function( type ) {
+		return this.queue( type || "fx", [] );
+	},
+
+	// Get a promise resolved when queues of a certain type
+	// are emptied (fx is the type by default)
+	promise: function( type, obj ) {
+		var tmp,
+			count = 1,
+			defer = jQuery.Deferred(),
+			elements = this,
+			i = this.length,
+			resolve = function() {
+				if ( !( --count ) ) {
+					defer.resolveWith( elements, [ elements ] );
+				}
+			};
+
+		if ( typeof type !== "string" ) {
+			obj = type;
+			type = undefined;
+		}
+		type = type || "fx";
+
+		while ( i-- ) {
+			tmp = dataPriv.get( elements[ i ], type + "queueHooks" );
+			if ( tmp && tmp.empty ) {
+				count++;
+				tmp.empty.add( resolve );
+			}
+		}
+		resolve();
+		return defer.promise( obj );
+	}
+} );
+var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source;
+
+var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" );
+
+
+var cssExpand = [ "Top", "Right", "Bottom", "Left" ];
+
+var isHiddenWithinTree = function( elem, el ) {
+
+		// isHiddenWithinTree might be called from jQuery#filter function;
+		// in that case, element will be second argument
+		elem = el || elem;
+
+		// Inline style trumps all
+		return elem.style.display === "none" ||
+			elem.style.display === "" &&
+
+			// Otherwise, check computed style
+			// Support: Firefox <=43 - 45
+			// Disconnected elements can have computed display: none, so first confirm that elem is
+			// in the document.
+			jQuery.contains( elem.ownerDocument, elem ) &&
+
+			jQuery.css( elem, "display" ) === "none";
+	};
+
+var swap = function( elem, options, callback, args ) {
+	var ret, name,
+		old = {};
+
+	// Remember the old values, and insert the new ones
+	for ( name in options ) {
+		old[ name ] = elem.style[ name ];
+		elem.style[ name ] = options[ name ];
+	}
+
+	ret = callback.apply( elem, args || [] );
+
+	// Revert the old values
+	for ( name in options ) {
+		elem.style[ name ] = old[ name ];
+	}
+
+	return ret;
+};
+
+
+
+
+function adjustCSS( elem, prop, valueParts, tween ) {
+	var adjusted,
+		scale = 1,
+		maxIterations = 20,
+		currentValue = tween ?
+			function() {
+				return tween.cur();
+			} :
+			function() {
+				return jQuery.css( elem, prop, "" );
+			},
+		initial = currentValue(),
+		unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ),
+
+		// Starting value computation is required for potential unit mismatches
+		initialInUnit = ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) &&
+			rcssNum.exec( jQuery.css( elem, prop ) );
+
+	if ( initialInUnit && initialInUnit[ 3 ] !== unit ) {
+
+		// Trust units reported by jQuery.css
+		unit = unit || initialInUnit[ 3 ];
+
+		// Make sure we update the tween properties later on
+		valueParts = valueParts || [];
+
+		// Iteratively approximate from a nonzero starting point
+		initialInUnit = +initial || 1;
+
+		do {
+
+			// If previous iteration zeroed out, double until we get *something*.
+			// Use string for doubling so we don't accidentally see scale as unchanged below
+			scale = scale || ".5";
+
+			// Adjust and apply
+			initialInUnit = initialInUnit / scale;
+			jQuery.style( elem, prop, initialInUnit + unit );
+
+		// Update scale, tolerating zero or NaN from tween.cur()
+		// Break the loop if scale is unchanged or perfect, or if we've just had enough.
+		} while (
+			scale !== ( scale = currentValue() / initial ) && scale !== 1 && --maxIterations
+		);
+	}
+
+	if ( valueParts ) {
+		initialInUnit = +initialInUnit || +initial || 0;
+
+		// Apply relative offset (+=/-=) if specified
+		adjusted = valueParts[ 1 ] ?
+			initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] :
+			+valueParts[ 2 ];
+		if ( tween ) {
+			tween.unit = unit;
+			tween.start = initialInUnit;
+			tween.end = adjusted;
+		}
+	}
+	return adjusted;
+}
+
+
+var defaultDisplayMap = {};
+
+function getDefaultDisplay( elem ) {
+	var temp,
+		doc = elem.ownerDocument,
+		nodeName = elem.nodeName,
+		display = defaultDisplayMap[ nodeName ];
+
+	if ( display ) {
+		return display;
+	}
+
+	temp = doc.body.appendChild( doc.createElement( nodeName ) );
+	display = jQuery.css( temp, "display" );
+
+	temp.parentNode.removeChild( temp );
+
+	if ( display === "none" ) {
+		display = "block";
+	}
+	defaultDisplayMap[ nodeName ] = display;
+
+	return display;
+}
+
+function showHide( elements, show ) {
+	var display, elem,
+		values = [],
+		index = 0,
+		length = elements.length;
+
+	// Determine new display value for elements that need to change
+	for ( ; index < length; index++ ) {
+		elem = elements[ index ];
+		if ( !elem.style ) {
+			continue;
+		}
+
+		display = elem.style.display;
+		if ( show ) {
+
+			// Since we force visibility upon cascade-hidden elements, an immediate (and slow)
+			// check is required in this first loop unless we have a nonempty display value (either
+			// inline or about-to-be-restored)
+			if ( display === "none" ) {
+				values[ index ] = dataPriv.get( elem, "display" ) || null;
+				if ( !values[ index ] ) {
+					elem.style.display = "";
+				}
+			}
+			if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) {
+				values[ index ] = getDefaultDisplay( elem );
+			}
+		} else {
+			if ( display !== "none" ) {
+				values[ index ] = "none";
+
+				// Remember what we're overwriting
+				dataPriv.set( elem, "display", display );
+			}
+		}
+	}
+
+	// Set the display of the elements in a second loop to avoid constant reflow
+	for ( index = 0; index < length; index++ ) {
+		if ( values[ index ] != null ) {
+			elements[ index ].style.display = values[ index ];
+		}
+	}
+
+	return elements;
+}
+
+jQuery.fn.extend( {
+	show: function() {
+		return showHide( this, true );
+	},
+	hide: function() {
+		return showHide( this );
+	},
+	toggle: function( state ) {
+		if ( typeof state === "boolean" ) {
+			return state ? this.show() : this.hide();
+		}
+
+		return this.each( function() {
+			if ( isHiddenWithinTree( this ) ) {
+				jQuery( this ).show();
+			} else {
+				jQuery( this ).hide();
+			}
+		} );
+	}
+} );
+var rcheckableType = ( /^(?:checkbox|radio)$/i );
+
+var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]+)/i );
+
+var rscriptType = ( /^$|\/(?:java|ecma)script/i );
+
+
+
+// We have to close these tags to support XHTML (#13200)
+var wrapMap = {
+
+	// Support: IE <=9 only
+	option: [ 1, "<select multiple='multiple'>", "</select>" ],
+
+	// XHTML parsers do not magically insert elements in the
+	// same way that tag soup parsers do. So we cannot shorten
+	// this by omitting <tbody> or other required elements.
+	thead: [ 1, "<table>", "</table>" ],
+	col: [ 2, "<table><colgroup>", "</colgroup></table>" ],
+	tr: [ 2, "<table><tbody>", "</tbody></table>" ],
+	td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ],
+
+	_default: [ 0, "", "" ]
+};
+
+// Support: IE <=9 only
+wrapMap.optgroup = wrapMap.option;
+
+wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
+wrapMap.th = wrapMap.td;
+
+
+function getAll( context, tag ) {
+
+	// Support: IE <=9 - 11 only
+	// Use typeof to avoid zero-argument method invocation on host objects (#15151)
+	var ret;
+
+	if ( typeof context.getElementsByTagName !== "undefined" ) {
+		ret = context.getElementsByTagName( tag || "*" );
+
+	} else if ( typeof context.querySelectorAll !== "undefined" ) {
+		ret = context.querySelectorAll( tag || "*" );
+
+	} else {
+		ret = [];
+	}
+
+	if ( tag === undefined || tag && nodeName( context, tag ) ) {
+		return jQuery.merge( [ context ], ret );
+	}
+
+	return ret;
+}
+
+
+// Mark scripts as having already been evaluated
+function setGlobalEval( elems, refElements ) {
+	var i = 0,
+		l = elems.length;
+
+	for ( ; i < l; i++ ) {
+		dataPriv.set(
+			elems[ i ],
+			"globalEval",
+			!refElements || dataPriv.get( refElements[ i ], "globalEval" )
+		);
+	}
+}
+
+
+var rhtml = /<|&#?\w+;/;
+
+function buildFragment( elems, context, scripts, selection, ignored ) {
+	var elem, tmp, tag, wrap, contains, j,
+		fragment = context.createDocumentFragment(),
+		nodes = [],
+		i = 0,
+		l = elems.length;
+
+	for ( ; i < l; i++ ) {
+		elem = elems[ i ];
+
+		if ( elem || elem === 0 ) {
+
+			// Add nodes directly
+			if ( jQuery.type( elem ) === "object" ) {
+
+				// Support: Android <=4.0 only, PhantomJS 1 only
+				// push.apply(_, arraylike) throws on ancient WebKit
+				jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem );
+
+			// Convert non-html into a text node
+			} else if ( !rhtml.test( elem ) ) {
+				nodes.push( context.createTextNode( elem ) );
+
+			// Convert html into DOM nodes
+			} else {
+				tmp = tmp || fragment.appendChild( context.createElement( "div" ) );
+
+				// Deserialize a standard representation
+				tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase();
+				wrap = wrapMap[ tag ] || wrapMap._default;
+				tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ];
+
+				// Descend through wrappers to the right content
+				j = wrap[ 0 ];
+				while ( j-- ) {
+					tmp = tmp.lastChild;
+				}
+
+				// Support: Android <=4.0 only, PhantomJS 1 only
+				// push.apply(_, arraylike) throws on ancient WebKit
+				jQuery.merge( nodes, tmp.childNodes );
+
+				// Remember the top-level container
+				tmp = fragment.firstChild;
+
+				// Ensure the created nodes are orphaned (#12392)
+				tmp.textContent = "";
+			}
+		}
+	}
+
+	// Remove wrapper from fragment
+	fragment.textContent = "";
+
+	i = 0;
+	while ( ( elem = nodes[ i++ ] ) ) {
+
+		// Skip elements already in the context collection (trac-4087)
+		if ( selection && jQuery.inArray( elem, selection ) > -1 ) {
+			if ( ignored ) {
+				ignored.push( elem );
+			}
+			continue;
+		}
+
+		contains = jQuery.contains( elem.ownerDocument, elem );
+
+		// Append to fragment
+		tmp = getAll( fragment.appendChild( elem ), "script" );
+
+		// Preserve script evaluation history
+		if ( contains ) {
+			setGlobalEval( tmp );
+		}
+
+		// Capture executables
+		if ( scripts ) {
+			j = 0;
+			while ( ( elem = tmp[ j++ ] ) ) {
+				if ( rscriptType.test( elem.type || "" ) ) {
+					scripts.push( elem );
+				}
+			}
+		}
+	}
+
+	return fragment;
+}
+
+
+( function() {
+	var fragment = document.createDocumentFragment(),
+		div = fragment.appendChild( document.createElement( "div" ) ),
+		input = document.createElement( "input" );
+
+	// Support: Android 4.0 - 4.3 only
+	// Check state lost if the name is set (#11217)
+	// Support: Windows Web Apps (WWA)
+	// `name` and `type` must use .setAttribute for WWA (#14901)
+	input.setAttribute( "type", "radio" );
+	input.setAttribute( "checked", "checked" );
+	input.setAttribute( "name", "t" );
+
+	div.appendChild( input );
+
+	// Support: Android <=4.1 only
+	// Older WebKit doesn't clone checked state correctly in fragments
+	support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked;
+
+	// Support: IE <=11 only
+	// Make sure textarea (and checkbox) defaultValue is properly cloned
+	div.innerHTML = "<textarea>x</textarea>";
+	support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue;
+} )();
+var documentElement = document.documentElement;
+
+
+
+var
+	rkeyEvent = /^key/,
+	rmouseEvent = /^(?:mouse|pointer|contextmenu|drag|drop)|click/,
+	rtypenamespace = /^([^.]*)(?:\.(.+)|)/;
+
+function returnTrue() {
+	return true;
+}
+
+function returnFalse() {
+	return false;
+}
+
+// Support: IE <=9 only
+// See #13393 for more info
+function safeActiveElement() {
+	try {
+		return document.activeElement;
+	} catch ( err ) { }
+}
+
+function on( elem, types, selector, data, fn, one ) {
+	var origFn, type;
+
+	// Types can be a map of types/handlers
+	if ( typeof types === "object" ) {
+
+		// ( types-Object, selector, data )
+		if ( typeof selector !== "string" ) {
+
+			// ( types-Object, data )
+			data = data || selector;
+			selector = undefined;
+		}
+		for ( type in types ) {
+			on( elem, type, selector, data, types[ type ], one );
+		}
+		return elem;
+	}
+
+	if ( data == null && fn == null ) {
+
+		// ( types, fn )
+		fn = selector;
+		data = selector = undefined;
+	} else if ( fn == null ) {
+		if ( typeof selector === "string" ) {
+
+			// ( types, selector, fn )
+			fn = data;
+			data = undefined;
+		} else {
+
+			// ( types, data, fn )
+			fn = data;
+			data = selector;
+			selector = undefined;
+		}
+	}
+	if ( fn === false ) {
+		fn = returnFalse;
+	} else if ( !fn ) {
+		return elem;
+	}
+
+	if ( one === 1 ) {
+		origFn = fn;
+		fn = function( event ) {
+
+			// Can use an empty set, since event contains the info
+			jQuery().off( event );
+			return origFn.apply( this, arguments );
+		};
+
+		// Use same guid so caller can remove using origFn
+		fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ );
+	}
+	return elem.each( function() {
+		jQuery.event.add( this, types, fn, data, selector );
+	} );
+}
+
+/*
+ * Helper functions for managing events -- not part of the public interface.
+ * Props to Dean Edwards' addEvent library for many of the ideas.
+ */
+jQuery.event = {
+
+	global: {},
+
+	add: function( elem, types, handler, data, selector ) {
+
+		var handleObjIn, eventHandle, tmp,
+			events, t, handleObj,
+			special, handlers, type, namespaces, origType,
+			elemData = dataPriv.get( elem );
+
+		// Don't attach events to noData or text/comment nodes (but allow plain objects)
+		if ( !elemData ) {
+			return;
+		}
+
+		// Caller can pass in an object of custom data in lieu of the handler
+		if ( handler.handler ) {
+			handleObjIn = handler;
+			handler = handleObjIn.handler;
+			selector = handleObjIn.selector;
+		}
+
+		// Ensure that invalid selectors throw exceptions at attach time
+		// Evaluate against documentElement in case elem is a non-element node (e.g., document)
+		if ( selector ) {
+			jQuery.find.matchesSelector( documentElement, selector );
+		}
+
+		// Make sure that the handler has a unique ID, used to find/remove it later
+		if ( !handler.guid ) {
+			handler.guid = jQuery.guid++;
+		}
+
+		// Init the element's event structure and main handler, if this is the first
+		if ( !( events = elemData.events ) ) {
+			events = elemData.events = {};
+		}
+		if ( !( eventHandle = elemData.handle ) ) {
+			eventHandle = elemData.handle = function( e ) {
+
+				// Discard the second event of a jQuery.event.trigger() and
+				// when an event is called after a page has unloaded
+				return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ?
+					jQuery.event.dispatch.apply( elem, arguments ) : undefined;
+			};
+		}
+
+		// Handle multiple events separated by a space
+		types = ( types || "" ).match( rnothtmlwhite ) || [ "" ];
+		t = types.length;
+		while ( t-- ) {
+			tmp = rtypenamespace.exec( types[ t ] ) || [];
+			type = origType = tmp[ 1 ];
+			namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort();
+
+			// There *must* be a type, no attaching namespace-only handlers
+			if ( !type ) {
+				continue;
+			}
+
+			// If event changes its type, use the special event handlers for the changed type
+			special = jQuery.event.special[ type ] || {};
+
+			// If selector defined, determine special event api type, otherwise given type
+			type = ( selector ? special.delegateType : special.bindType ) || type;
+
+			// Update special based on newly reset type
+			special = jQuery.event.special[ type ] || {};
+
+			// handleObj is passed to all event handlers
+			handleObj = jQuery.extend( {
+				type: type,
+				origType: origType,
+				data: data,
+				handler: handler,
+				guid: handler.guid,
+				selector: selector,
+				needsContext: selector && jQuery.expr.match.needsContext.test( selector ),
+				namespace: namespaces.join( "." )
+			}, handleObjIn );
+
+			// Init the event handler queue if we're the first
+			if ( !( handlers = events[ type ] ) ) {
+				handlers = events[ type ] = [];
+				handlers.delegateCount = 0;
+
+				// Only use addEventListener if the special events handler returns false
+				if ( !special.setup ||
+					special.setup.call( elem, data, namespaces, eventHandle ) === false ) {
+
+					if ( elem.addEventListener ) {
+						elem.addEventListener( type, eventHandle );
+					}
+				}
+			}
+
+			if ( special.add ) {
+				special.add.call( elem, handleObj );
+
+				if ( !handleObj.handler.guid ) {
+					handleObj.handler.guid = handler.guid;
+				}
+			}
+
+			// Add to the element's handler list, delegates in front
+			if ( selector ) {
+				handlers.splice( handlers.delegateCount++, 0, handleObj );
+			} else {
+				handlers.push( handleObj );
+			}
+
+			// Keep track of which events have ever been used, for event optimization
+			jQuery.event.global[ type ] = true;
+		}
+
+	},
+
+	// Detach an event or set of events from an element
+	remove: function( elem, types, handler, selector, mappedTypes ) {
+
+		var j, origCount, tmp,
+			events, t, handleObj,
+			special, handlers, type, namespaces, origType,
+			elemData = dataPriv.hasData( elem ) && dataPriv.get( elem );
+
+		if ( !elemData || !( events = elemData.events ) ) {
+			return;
+		}
+
+		// Once for each type.namespace in types; type may be omitted
+		types = ( types || "" ).match( rnothtmlwhite ) || [ "" ];
+		t = types.length;
+		while ( t-- ) {
+			tmp = rtypenamespace.exec( types[ t ] ) || [];
+			type = origType = tmp[ 1 ];
+			namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort();
+
+			// Unbind all events (on this namespace, if provided) for the element
+			if ( !type ) {
+				for ( type in events ) {
+					jQuery.event.remove( elem, type + types[ t ], handler, selector, true );
+				}
+				continue;
+			}
+
+			special = jQuery.event.special[ type ] || {};
+			type = ( selector ? special.delegateType : special.bindType ) || type;
+			handlers = events[ type ] || [];
+			tmp = tmp[ 2 ] &&
+				new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" );
+
+			// Remove matching events
+			origCount = j = handlers.length;
+			while ( j-- ) {
+				handleObj = handlers[ j ];
+
+				if ( ( mappedTypes || origType === handleObj.origType ) &&
+					( !handler || handler.guid === handleObj.guid ) &&
+					( !tmp || tmp.test( handleObj.namespace ) ) &&
+					( !selector || selector === handleObj.selector ||
+						selector === "**" && handleObj.selector ) ) {
+					handlers.splice( j, 1 );
+
+					if ( handleObj.selector ) {
+						handlers.delegateCount--;
+					}
+					if ( special.remove ) {
+						special.remove.call( elem, handleObj );
+					}
+				}
+			}
+
+			// Remove generic event handler if we removed something and no more handlers exist
+			// (avoids potential for endless recursion during removal of special event handlers)
+			if ( origCount && !handlers.length ) {
+				if ( !special.teardown ||
+					special.teardown.call( elem, namespaces, elemData.handle ) === false ) {
+
+					jQuery.removeEvent( elem, type, elemData.handle );
+				}
+
+				delete events[ type ];
+			}
+		}
+
+		// Remove data and the expando if it's no longer used
+		if ( jQuery.isEmptyObject( events ) ) {
+			dataPriv.remove( elem, "handle events" );
+		}
+	},
+
+	dispatch: function( nativeEvent ) {
+
+		// Make a writable jQuery.Event from the native event object
+		var event = jQuery.event.fix( nativeEvent );
+
+		var i, j, ret, matched, handleObj, handlerQueue,
+			args = new Array( arguments.length ),
+			handlers = ( dataPriv.get( this, "events" ) || {} )[ event.type ] || [],
+			special = jQuery.event.special[ event.type ] || {};
+
+		// Use the fix-ed jQuery.Event rather than the (read-only) native event
+		args[ 0 ] = event;
+
+		for ( i = 1; i < arguments.length; i++ ) {
+			args[ i ] = arguments[ i ];
+		}
+
+		event.delegateTarget = this;
+
+		// Call the preDispatch hook for the mapped type, and let it bail if desired
+		if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) {
+			return;
+		}
+
+		// Determine handlers
+		handlerQueue = jQuery.event.handlers.call( this, event, handlers );
+
+		// Run delegates first; they may want to stop propagation beneath us
+		i = 0;
+		while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) {
+			event.currentTarget = matched.elem;
+
+			j = 0;
+			while ( ( handleObj = matched.handlers[ j++ ] ) &&
+				!event.isImmediatePropagationStopped() ) {
+
+				// Triggered event must either 1) have no namespace, or 2) have namespace(s)
+				// a subset or equal to those in the bound event (both can have no namespace).
+				if ( !event.rnamespace || event.rnamespace.test( handleObj.namespace ) ) {
+
+					event.handleObj = handleObj;
+					event.data = handleObj.data;
+
+					ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle ||
+						handleObj.handler ).apply( matched.elem, args );
+
+					if ( ret !== undefined ) {
+						if ( ( event.result = ret ) === false ) {
+							event.preventDefault();
+							event.stopPropagation();
+						}
+					}
+				}
+			}
+		}
+
+		// Call the postDispatch hook for the mapped type
+		if ( special.postDispatch ) {
+			special.postDispatch.call( this, event );
+		}
+
+		return event.result;
+	},
+
+	handlers: function( event, handlers ) {
+		var i, handleObj, sel, matchedHandlers, matchedSelectors,
+			handlerQueue = [],
+			delegateCount = handlers.delegateCount,
+			cur = event.target;
+
+		// Find delegate handlers
+		if ( delegateCount &&
+
+			// Support: IE <=9
+			// Black-hole SVG <use> instance trees (trac-13180)
+			cur.nodeType &&
+
+			// Support: Firefox <=42
+			// Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861)
+			// https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click
+			// Support: IE 11 only
+			// ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343)
+			!( event.type === "click" && event.button >= 1 ) ) {
+
+			for ( ; cur !== this; cur = cur.parentNode || this ) {
+
+				// Don't check non-elements (#13208)
+				// Don't process clicks on disabled elements (#6911, #8165, #11382, #11764)
+				if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) {
+					matchedHandlers = [];
+					matchedSelectors = {};
+					for ( i = 0; i < delegateCount; i++ ) {
+						handleObj = handlers[ i ];
+
+						// Don't conflict with Object.prototype properties (#13203)
+						sel = handleObj.selector + " ";
+
+						if ( matchedSelectors[ sel ] === undefined ) {
+							matchedSelectors[ sel ] = handleObj.needsContext ?
+								jQuery( sel, this ).index( cur ) > -1 :
+								jQuery.find( sel, this, null, [ cur ] ).length;
+						}
+						if ( matchedSelectors[ sel ] ) {
+							matchedHandlers.push( handleObj );
+						}
+					}
+					if ( matchedHandlers.length ) {
+						handlerQueue.push( { elem: cur, handlers: matchedHandlers } );
+					}
+				}
+			}
+		}
+
+		// Add the remaining (directly-bound) handlers
+		cur = this;
+		if ( delegateCount < handlers.length ) {
+			handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } );
+		}
+
+		return handlerQueue;
+	},
+
+	addProp: function( name, hook ) {
+		Object.defineProperty( jQuery.Event.prototype, name, {
+			enumerable: true,
+			configurable: true,
+
+			get: jQuery.isFunction( hook ) ?
+				function() {
+					if ( this.originalEvent ) {
+							return hook( this.originalEvent );
+					}
+				} :
+				function() {
+					if ( this.originalEvent ) {
+							return this.originalEvent[ name ];
+					}
+				},
+
+			set: function( value ) {
+				Object.defineProperty( this, name, {
+					enumerable: true,
+					configurable: true,
+					writable: true,
+					value: value
+				} );
+			}
+		} );
+	},
+
+	fix: function( originalEvent ) {
+		return originalEvent[ jQuery.expando ] ?
+			originalEvent :
+			new jQuery.Event( originalEvent );
+	},
+
+	special: {
+		load: {
+
+			// Prevent triggered image.load events from bubbling to window.load
+			noBubble: true
+		},
+		focus: {
+
+			// Fire native event if possible so blur/focus sequence is correct
+			trigger: function() {
+				if ( this !== safeActiveElement() && this.focus ) {
+					this.focus();
+					return false;
+				}
+			},
+			delegateType: "focusin"
+		},
+		blur: {
+			trigger: function() {
+				if ( this === safeActiveElement() && this.blur ) {
+					this.blur();
+					return false;
+				}
+			},
+			delegateType: "focusout"
+		},
+		click: {
+
+			// For checkbox, fire native event so checked state will be right
+			trigger: function() {
+				if ( this.type === "checkbox" && this.click && nodeName( this, "input" ) ) {
+					this.click();
+					return false;
+				}
+			},
+
+			// For cross-browser consistency, don't fire native .click() on links
+			_default: function( event ) {
+				return nodeName( event.target, "a" );
+			}
+		},
+
+		beforeunload: {
+			postDispatch: function( event ) {
+
+				// Support: Firefox 20+
+				// Firefox doesn't alert if the returnValue field is not set.
+				if ( event.result !== undefined && event.originalEvent ) {
+					event.originalEvent.returnValue = event.result;
+				}
+			}
+		}
+	}
+};
+
+jQuery.removeEvent = function( elem, type, handle ) {
+
+	// This "if" is needed for plain objects
+	if ( elem.removeEventListener ) {
+		elem.removeEventListener( type, handle );
+	}
+};
+
+jQuery.Event = function( src, props ) {
+
+	// Allow instantiation without the 'new' keyword
+	if ( !( this instanceof jQuery.Event ) ) {
+		return new jQuery.Event( src, props );
+	}
+
+	// Event object
+	if ( src && src.type ) {
+		this.originalEvent = src;
+		this.type = src.type;
+
+		// Events bubbling up the document may have been marked as prevented
+		// by a handler lower down the tree; reflect the correct value.
+		this.isDefaultPrevented = src.defaultPrevented ||
+				src.defaultPrevented === undefined &&
+
+				// Support: Android <=2.3 only
+				src.returnValue === false ?
+			returnTrue :
+			returnFalse;
+
+		// Create target properties
+		// Support: Safari <=6 - 7 only
+		// Target should not be a text node (#504, #13143)
+		this.target = ( src.target && src.target.nodeType === 3 ) ?
+			src.target.parentNode :
+			src.target;
+
+		this.currentTarget = src.currentTarget;
+		this.relatedTarget = src.relatedTarget;
+
+	// Event type
+	} else {
+		this.type = src;
+	}
+
+	// Put explicitly provided properties onto the event object
+	if ( props ) {
+		jQuery.extend( this, props );
+	}
+
+	// Create a timestamp if incoming event doesn't have one
+	this.timeStamp = src && src.timeStamp || jQuery.now();
+
+	// Mark it as fixed
+	this[ jQuery.expando ] = true;
+};
+
+// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding
+// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
+jQuery.Event.prototype = {
+	constructor: jQuery.Event,
+	isDefaultPrevented: returnFalse,
+	isPropagationStopped: returnFalse,
+	isImmediatePropagationStopped: returnFalse,
+	isSimulated: false,
+
+	preventDefault: function() {
+		var e = this.originalEvent;
+
+		this.isDefaultPrevented = returnTrue;
+
+		if ( e && !this.isSimulated ) {
+			e.preventDefault();
+		}
+	},
+	stopPropagation: function() {
+		var e = this.originalEvent;
+
+		this.isPropagationStopped = returnTrue;
+
+		if ( e && !this.isSimulated ) {
+			e.stopPropagation();
+		}
+	},
+	stopImmediatePropagation: function() {
+		var e = this.originalEvent;
+
+		this.isImmediatePropagationStopped = returnTrue;
+
+		if ( e && !this.isSimulated ) {
+			e.stopImmediatePropagation();
+		}
+
+		this.stopPropagation();
+	}
+};
+
+// Includes all common event props including KeyEvent and MouseEvent specific props
+jQuery.each( {
+	altKey: true,
+	bubbles: true,
+	cancelable: true,
+	changedTouches: true,
+	ctrlKey: true,
+	detail: true,
+	eventPhase: true,
+	metaKey: true,
+	pageX: true,
+	pageY: true,
+	shiftKey: true,
+	view: true,
+	"char": true,
+	charCode: true,
+	key: true,
+	keyCode: true,
+	button: true,
+	buttons: true,
+	clientX: true,
+	clientY: true,
+	offsetX: true,
+	offsetY: true,
+	pointerId: true,
+	pointerType: true,
+	screenX: true,
+	screenY: true,
+	targetTouches: true,
+	toElement: true,
+	touches: true,
+
+	which: function( event ) {
+		var button = event.button;
+
+		// Add which for key events
+		if ( event.which == null && rkeyEvent.test( event.type ) ) {
+			return event.charCode != null ? event.charCode : event.keyCode;
+		}
+
+		// Add which for click: 1 === left; 2 === middle; 3 === right
+		if ( !event.which && button !== undefined && rmouseEvent.test( event.type ) ) {
+			if ( button & 1 ) {
+				return 1;
+			}
+
+			if ( button & 2 ) {
+				return 3;
+			}
+
+			if ( button & 4 ) {
+				return 2;
+			}
+
+			return 0;
+		}
+
+		return event.which;
+	}
+}, jQuery.event.addProp );
+
+// Create mouseenter/leave events using mouseover/out and event-time checks
+// so that event delegation works in jQuery.
+// Do the same for pointerenter/pointerleave and pointerover/pointerout
+//
+// Support: Safari 7 only
+// Safari sends mouseenter too often; see:
+// https://bugs.chromium.org/p/chromium/issues/detail?id=470258
+// for the description of the bug (it existed in older Chrome versions as well).
+jQuery.each( {
+	mouseenter: "mouseover",
+	mouseleave: "mouseout",
+	pointerenter: "pointerover",
+	pointerleave: "pointerout"
+}, function( orig, fix ) {
+	jQuery.event.special[ orig ] = {
+		delegateType: fix,
+		bindType: fix,
+
+		handle: function( event ) {
+			var ret,
+				target = this,
+				related = event.relatedTarget,
+				handleObj = event.handleObj;
+
+			// For mouseenter/leave call the handler if related is outside the target.
+			// NB: No relatedTarget if the mouse left/entered the browser window
+			if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) {
+				event.type = handleObj.origType;
+				ret = handleObj.handler.apply( this, arguments );
+				event.type = fix;
+			}
+			return ret;
+		}
+	};
+} );
+
+jQuery.fn.extend( {
+
+	on: function( types, selector, data, fn ) {
+		return on( this, types, selector, data, fn );
+	},
+	one: function( types, selector, data, fn ) {
+		return on( this, types, selector, data, fn, 1 );
+	},
+	off: function( types, selector, fn ) {
+		var handleObj, type;
+		if ( types && types.preventDefault && types.handleObj ) {
+
+			// ( event )  dispatched jQuery.Event
+			handleObj = types.handleObj;
+			jQuery( types.delegateTarget ).off(
+				handleObj.namespace ?
+					handleObj.origType + "." + handleObj.namespace :
+					handleObj.origType,
+				handleObj.selector,
+				handleObj.handler
+			);
+			return this;
+		}
+		if ( typeof types === "object" ) {
+
+			// ( types-object [, selector] )
+			for ( type in types ) {
+				this.off( type, selector, types[ type ] );
+			}
+			return this;
+		}
+		if ( selector === false || typeof selector === "function" ) {
+
+			// ( types [, fn] )
+			fn = selector;
+			selector = undefined;
+		}
+		if ( fn === false ) {
+			fn = returnFalse;
+		}
+		return this.each( function() {
+			jQuery.event.remove( this, types, fn, selector );
+		} );
+	}
+} );
+
+
+var
+
+	/* eslint-disable max-len */
+
+	// See https://github.com/eslint/eslint/issues/3229
+	rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,
+
+	/* eslint-enable */
+
+	// Support: IE <=10 - 11, Edge 12 - 13
+	// In IE/Edge using regex groups here causes severe slowdowns.
+	// See https://connect.microsoft.com/IE/feedback/details/1736512/
+	rnoInnerhtml = /<script|<style|<link/i,
+
+	// checked="checked" or checked
+	rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i,
+	rscriptTypeMasked = /^true\/(.*)/,
+	rcleanScript = /^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;
+
+// Prefer a tbody over its parent table for containing new rows
+function manipulationTarget( elem, content ) {
+	if ( nodeName( elem, "table" ) &&
+		nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) {
+
+		return jQuery( ">tbody", elem )[ 0 ] || elem;
+	}
+
+	return elem;
+}
+
+// Replace/restore the type attribute of script elements for safe DOM manipulation
+function disableScript( elem ) {
+	elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type;
+	return elem;
+}
+function restoreScript( elem ) {
+	var match = rscriptTypeMasked.exec( elem.type );
+
+	if ( match ) {
+		elem.type = match[ 1 ];
+	} else {
+		elem.removeAttribute( "type" );
+	}
+
+	return elem;
+}
+
+function cloneCopyEvent( src, dest ) {
+	var i, l, type, pdataOld, pdataCur, udataOld, udataCur, events;
+
+	if ( dest.nodeType !== 1 ) {
+		return;
+	}
+
+	// 1. Copy private data: events, handlers, etc.
+	if ( dataPriv.hasData( src ) ) {
+		pdataOld = dataPriv.access( src );
+		pdataCur = dataPriv.set( dest, pdataOld );
+		events = pdataOld.events;
+
+		if ( events ) {
+			delete pdataCur.handle;
+			pdataCur.events = {};
+
+			for ( type in events ) {
+				for ( i = 0, l = events[ type ].length; i < l; i++ ) {
+					jQuery.event.add( dest, type, events[ type ][ i ] );
+				}
+			}
+		}
+	}
+
+	// 2. Copy user data
+	if ( dataUser.hasData( src ) ) {
+		udataOld = dataUser.access( src );
+		udataCur = jQuery.extend( {}, udataOld );
+
+		dataUser.set( dest, udataCur );
+	}
+}
+
+// Fix IE bugs, see support tests
+function fixInput( src, dest ) {
+	var nodeName = dest.nodeName.toLowerCase();
+
+	// Fails to persist the checked state of a cloned checkbox or radio button.
+	if ( nodeName === "input" && rcheckableType.test( src.type ) ) {
+		dest.checked = src.checked;
+
+	// Fails to return the selected option to the default selected state when cloning options
+	} else if ( nodeName === "input" || nodeName === "textarea" ) {
+		dest.defaultValue = src.defaultValue;
+	}
+}
+
+function domManip( collection, args, callback, ignored ) {
+
+	// Flatten any nested arrays
+	args = concat.apply( [], args );
+
+	var fragment, first, scripts, hasScripts, node, doc,
+		i = 0,
+		l = collection.length,
+		iNoClone = l - 1,
+		value = args[ 0 ],
+		isFunction = jQuery.isFunction( value );
+
+	// We can't cloneNode fragments that contain checked, in WebKit
+	if ( isFunction ||
+			( l > 1 && typeof value === "string" &&
+				!support.checkClone && rchecked.test( value ) ) ) {
+		return collection.each( function( index ) {
+			var self = collection.eq( index );
+			if ( isFunction ) {
+				args[ 0 ] = value.call( this, index, self.html() );
+			}
+			domManip( self, args, callback, ignored );
+		} );
+	}
+
+	if ( l ) {
+		fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored );
+		first = fragment.firstChild;
+
+		if ( fragment.childNodes.length === 1 ) {
+			fragment = first;
+		}
+
+		// Require either new content or an interest in ignored elements to invoke the callback
+		if ( first || ignored ) {
+			scripts = jQuery.map( getAll( fragment, "script" ), disableScript );
+			hasScripts = scripts.length;
+
+			// Use the original fragment for the last item
+			// instead of the first because it can end up
+			// being emptied incorrectly in certain situations (#8070).
+			for ( ; i < l; i++ ) {
+				node = fragment;
+
+				if ( i !== iNoClone ) {
+					node = jQuery.clone( node, true, true );
+
+					// Keep references to cloned scripts for later restoration
+					if ( hasScripts ) {
+
+						// Support: Android <=4.0 only, PhantomJS 1 only
+						// push.apply(_, arraylike) throws on ancient WebKit
+						jQuery.merge( scripts, getAll( node, "script" ) );
+					}
+				}
+
+				callback.call( collection[ i ], node, i );
+			}
+
+			if ( hasScripts ) {
+				doc = scripts[ scripts.length - 1 ].ownerDocument;
+
+				// Reenable scripts
+				jQuery.map( scripts, restoreScript );
+
+				// Evaluate executable scripts on first document insertion
+				for ( i = 0; i < hasScripts; i++ ) {
+					node = scripts[ i ];
+					if ( rscriptType.test( node.type || "" ) &&
+						!dataPriv.access( node, "globalEval" ) &&
+						jQuery.contains( doc, node ) ) {
+
+						if ( node.src ) {
+
+							// Optional AJAX dependency, but won't run scripts if not present
+							if ( jQuery._evalUrl ) {
+								jQuery._evalUrl( node.src );
+							}
+						} else {
+							DOMEval( node.textContent.replace( rcleanScript, "" ), doc );
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return collection;
+}
+
+function remove( elem, selector, keepData ) {
+	var node,
+		nodes = selector ? jQuery.filter( selector, elem ) : elem,
+		i = 0;
+
+	for ( ; ( node = nodes[ i ] ) != null; i++ ) {
+		if ( !keepData && node.nodeType === 1 ) {
+			jQuery.cleanData( getAll( node ) );
+		}
+
+		if ( node.parentNode ) {
+			if ( keepData && jQuery.contains( node.ownerDocument, node ) ) {
+				setGlobalEval( getAll( node, "script" ) );
+			}
+			node.parentNode.removeChild( node );
+		}
+	}
+
+	return elem;
+}
+
+jQuery.extend( {
+	htmlPrefilter: function( html ) {
+		return html.replace( rxhtmlTag, "<$1></$2>" );
+	},
+
+	clone: function( elem, dataAndEvents, deepDataAndEvents ) {
+		var i, l, srcElements, destElements,
+			clone = elem.cloneNode( true ),
+			inPage = jQuery.contains( elem.ownerDocument, elem );
+
+		// Fix IE cloning issues
+		if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) &&
+				!jQuery.isXMLDoc( elem ) ) {
+
+			// We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2
+			destElements = getAll( clone );
+			srcElements = getAll( elem );
+
+			for ( i = 0, l = srcElements.length; i < l; i++ ) {
+				fixInput( srcElements[ i ], destElements[ i ] );
+			}
+		}
+
+		// Copy the events from the original to the clone
+		if ( dataAndEvents ) {
+			if ( deepDataAndEvents ) {
+				srcElements = srcElements || getAll( elem );
+				destElements = destElements || getAll( clone );
+
+				for ( i = 0, l = srcElements.length; i < l; i++ ) {
+					cloneCopyEvent( srcElements[ i ], destElements[ i ] );
+				}
+			} else {
+				cloneCopyEvent( elem, clone );
+			}
+		}
+
+		// Preserve script evaluation history
+		destElements = getAll( clone, "script" );
+		if ( destElements.length > 0 ) {
+			setGlobalEval( destElements, !inPage && getAll( elem, "script" ) );
+		}
+
+		// Return the cloned set
+		return clone;
+	},
+
+	cleanData: function( elems ) {
+		var data, elem, type,
+			special = jQuery.event.special,
+			i = 0;
+
+		for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) {
+			if ( acceptData( elem ) ) {
+				if ( ( data = elem[ dataPriv.expando ] ) ) {
+					if ( data.events ) {
+						for ( type in data.events ) {
+							if ( special[ type ] ) {
+								jQuery.event.remove( elem, type );
+
+							// This is a shortcut to avoid jQuery.event.remove's overhead
+							} else {
+								jQuery.removeEvent( elem, type, data.handle );
+							}
+						}
+					}
+
+					// Support: Chrome <=35 - 45+
+					// Assign undefined instead of using delete, see Data#remove
+					elem[ dataPriv.expando ] = undefined;
+				}
+				if ( elem[ dataUser.expando ] ) {
+
+					// Support: Chrome <=35 - 45+
+					// Assign undefined instead of using delete, see Data#remove
+					elem[ dataUser.expando ] = undefined;
+				}
+			}
+		}
+	}
+} );
+
+jQuery.fn.extend( {
+	detach: function( selector ) {
+		return remove( this, selector, true );
+	},
+
+	remove: function( selector ) {
+		return remove( this, selector );
+	},
+
+	text: function( value ) {
+		return access( this, function( value ) {
+			return value === undefined ?
+				jQuery.text( this ) :
+				this.empty().each( function() {
+					if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+						this.textContent = value;
+					}
+				} );
+		}, null, value, arguments.length );
+	},
+
+	append: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+				var target = manipulationTarget( this, elem );
+				target.appendChild( elem );
+			}
+		} );
+	},
+
+	prepend: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+				var target = manipulationTarget( this, elem );
+				target.insertBefore( elem, target.firstChild );
+			}
+		} );
+	},
+
+	before: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.parentNode ) {
+				this.parentNode.insertBefore( elem, this );
+			}
+		} );
+	},
+
+	after: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.parentNode ) {
+				this.parentNode.insertBefore( elem, this.nextSibling );
+			}
+		} );
+	},
+
+	empty: function() {
+		var elem,
+			i = 0;
+
+		for ( ; ( elem = this[ i ] ) != null; i++ ) {
+			if ( elem.nodeType === 1 ) {
+
+				// Prevent memory leaks
+				jQuery.cleanData( getAll( elem, false ) );
+
+				// Remove any remaining nodes
+				elem.textContent = "";
+			}
+		}
+
+		return this;
+	},
+
+	clone: function( dataAndEvents, deepDataAndEvents ) {
+		dataAndEvents = dataAndEvents == null ? false : dataAndEvents;
+		deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents;
+
+		return this.map( function() {
+			return jQuery.clone( this, dataAndEvents, deepDataAndEvents );
+		} );
+	},
+
+	html: function( value ) {
+		return access( this, function( value ) {
+			var elem = this[ 0 ] || {},
+				i = 0,
+				l = this.length;
+
+			if ( value === undefined && elem.nodeType === 1 ) {
+				return elem.innerHTML;
+			}
+
+			// See if we can take a shortcut and just use innerHTML
+			if ( typeof value === "string" && !rnoInnerhtml.test( value ) &&
+				!wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) {
+
+				value = jQuery.htmlPrefilter( value );
+
+				try {
+					for ( ; i < l; i++ ) {
+						elem = this[ i ] || {};
+
+						// Remove element nodes and prevent memory leaks
+						if ( elem.nodeType === 1 ) {
+							jQuery.cleanData( getAll( elem, false ) );
+							elem.innerHTML = value;
+						}
+					}
+
+					elem = 0;
+
+				// If using innerHTML throws an exception, use the fallback method
+				} catch ( e ) {}
+			}
+
+			if ( elem ) {
+				this.empty().append( value );
+			}
+		}, null, value, arguments.length );
+	},
+
+	replaceWith: function() {
+		var ignored = [];
+
+		// Make the changes, replacing each non-ignored context element with the new content
+		return domManip( this, arguments, function( elem ) {
+			var parent = this.parentNode;
+
+			if ( jQuery.inArray( this, ignored ) < 0 ) {
+				jQuery.cleanData( getAll( this ) );
+				if ( parent ) {
+					parent.replaceChild( elem, this );
+				}
+			}
+
+		// Force callback invocation
+		}, ignored );
+	}
+} );
+
+jQuery.each( {
+	appendTo: "append",
+	prependTo: "prepend",
+	insertBefore: "before",
+	insertAfter: "after",
+	replaceAll: "replaceWith"
+}, function( name, original ) {
+	jQuery.fn[ name ] = function( selector ) {
+		var elems,
+			ret = [],
+			insert = jQuery( selector ),
+			last = insert.length - 1,
+			i = 0;
+
+		for ( ; i <= last; i++ ) {
+			elems = i === last ? this : this.clone( true );
+			jQuery( insert[ i ] )[ original ]( elems );
+
+			// Support: Android <=4.0 only, PhantomJS 1 only
+			// .get() because push.apply(_, arraylike) throws on ancient WebKit
+			push.apply( ret, elems.get() );
+		}
+
+		return this.pushStack( ret );
+	};
+} );
+var rmargin = ( /^margin/ );
+
+var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" );
+
+var getStyles = function( elem ) {
+
+		// Support: IE <=11 only, Firefox <=30 (#15098, #14150)
+		// IE throws on elements created in popups
+		// FF meanwhile throws on frame elements through "defaultView.getComputedStyle"
+		var view = elem.ownerDocument.defaultView;
+
+		if ( !view || !view.opener ) {
+			view = window;
+		}
+
+		return view.getComputedStyle( elem );
+	};
+
+
+
+( function() {
+
+	// Executing both pixelPosition & boxSizingReliable tests require only one layout
+	// so they're executed at the same time to save the second computation.
+	function computeStyleTests() {
+
+		// This is a singleton, we need to execute it only once
+		if ( !div ) {
+			return;
+		}
+
+		div.style.cssText =
+			"box-sizing:border-box;" +
+			"position:relative;display:block;" +
+			"margin:auto;border:1px;padding:1px;" +
+			"top:1%;width:50%";
+		div.innerHTML = "";
+		documentElement.appendChild( container );
+
+		var divStyle = window.getComputedStyle( div );
+		pixelPositionVal = divStyle.top !== "1%";
+
+		// Support: Android 4.0 - 4.3 only, Firefox <=3 - 44
+		reliableMarginLeftVal = divStyle.marginLeft === "2px";
+		boxSizingReliableVal = divStyle.width === "4px";
+
+		// Support: Android 4.0 - 4.3 only
+		// Some styles come back with percentage values, even though they shouldn't
+		div.style.marginRight = "50%";
+		pixelMarginRightVal = divStyle.marginRight === "4px";
+
+		documentElement.removeChild( container );
+
+		// Nullify the div so it wouldn't be stored in the memory and
+		// it will also be a sign that checks already performed
+		div = null;
+	}
+
+	var pixelPositionVal, boxSizingReliableVal, pixelMarginRightVal, reliableMarginLeftVal,
+		container = document.createElement( "div" ),
+		div = document.createElement( "div" );
+
+	// Finish early in limited (non-browser) environments
+	if ( !div.style ) {
+		return;
+	}
+
+	// Support: IE <=9 - 11 only
+	// Style of cloned element affects source element cloned (#8908)
+	div.style.backgroundClip = "content-box";
+	div.cloneNode( true ).style.backgroundClip = "";
+	support.clearCloneStyle = div.style.backgroundClip === "content-box";
+
+	container.style.cssText = "border:0;width:8px;height:0;top:0;left:-9999px;" +
+		"padding:0;margin-top:1px;position:absolute";
+	container.appendChild( div );
+
+	jQuery.extend( support, {
+		pixelPosition: function() {
+			computeStyleTests();
+			return pixelPositionVal;
+		},
+		boxSizingReliable: function() {
+			computeStyleTests();
+			return boxSizingReliableVal;
+		},
+		pixelMarginRight: function() {
+			computeStyleTests();
+			return pixelMarginRightVal;
+		},
+		reliableMarginLeft: function() {
+			computeStyleTests();
+			return reliableMarginLeftVal;
+		}
+	} );
+} )();
+
+
+function curCSS( elem, name, computed ) {
+	var width, minWidth, maxWidth, ret,
+
+		// Support: Firefox 51+
+		// Retrieving style before computed somehow
+		// fixes an issue with getting wrong values
+		// on detached elements
+		style = elem.style;
+
+	computed = computed || getStyles( elem );
+
+	// getPropertyValue is needed for:
+	//   .css('filter') (IE 9 only, #12537)
+	//   .css('--customProperty) (#3144)
+	if ( computed ) {
+		ret = computed.getPropertyValue( name ) || computed[ name ];
+
+		if ( ret === "" && !jQuery.contains( elem.ownerDocument, elem ) ) {
+			ret = jQuery.style( elem, name );
+		}
+
+		// A tribute to the "awesome hack by Dean Edwards"
+		// Android Browser returns percentage for some values,
+		// but width seems to be reliably pixels.
+		// This is against the CSSOM draft spec:
+		// https://drafts.csswg.org/cssom/#resolved-values
+		if ( !support.pixelMarginRight() && rnumnonpx.test( ret ) && rmargin.test( name ) ) {
+
+			// Remember the original values
+			width = style.width;
+			minWidth = style.minWidth;
+			maxWidth = style.maxWidth;
+
+			// Put in the new values to get a computed value out
+			style.minWidth = style.maxWidth = style.width = ret;
+			ret = computed.width;
+
+			// Revert the changed values
+			style.width = width;
+			style.minWidth = minWidth;
+			style.maxWidth = maxWidth;
+		}
+	}
+
+	return ret !== undefined ?
+
+		// Support: IE <=9 - 11 only
+		// IE returns zIndex value as an integer.
+		ret + "" :
+		ret;
+}
+
+
+function addGetHookIf( conditionFn, hookFn ) {
+
+	// Define the hook, we'll check on the first run if it's really needed.
+	return {
+		get: function() {
+			if ( conditionFn() ) {
+
+				// Hook not needed (or it's not possible to use it due
+				// to missing dependency), remove it.
+				delete this.get;
+				return;
+			}
+
+			// Hook needed; redefine it so that the support test is not executed again.
+			return ( this.get = hookFn ).apply( this, arguments );
+		}
+	};
+}
+
+
+var
+
+	// Swappable if display is none or starts with table
+	// except "table", "table-cell", or "table-caption"
+	// See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display
+	rdisplayswap = /^(none|table(?!-c[ea]).+)/,
+	rcustomProp = /^--/,
+	cssShow = { position: "absolute", visibility: "hidden", display: "block" },
+	cssNormalTransform = {
+		letterSpacing: "0",
+		fontWeight: "400"
+	},
+
+	cssPrefixes = [ "Webkit", "Moz", "ms" ],
+	emptyStyle = document.createElement( "div" ).style;
+
+// Return a css property mapped to a potentially vendor prefixed property
+function vendorPropName( name ) {
+
+	// Shortcut for names that are not vendor prefixed
+	if ( name in emptyStyle ) {
+		return name;
+	}
+
+	// Check for vendor prefixed names
+	var capName = name[ 0 ].toUpperCase() + name.slice( 1 ),
+		i = cssPrefixes.length;
+
+	while ( i-- ) {
+		name = cssPrefixes[ i ] + capName;
+		if ( name in emptyStyle ) {
+			return name;
+		}
+	}
+}
+
+// Return a property mapped along what jQuery.cssProps suggests or to
+// a vendor prefixed property.
+function finalPropName( name ) {
+	var ret = jQuery.cssProps[ name ];
+	if ( !ret ) {
+		ret = jQuery.cssProps[ name ] = vendorPropName( name ) || name;
+	}
+	return ret;
+}
+
+function setPositiveNumber( elem, value, subtract ) {
+
+	// Any relative (+/-) values have already been
+	// normalized at this point
+	var matches = rcssNum.exec( value );
+	return matches ?
+
+		// Guard against undefined "subtract", e.g., when used as in cssHooks
+		Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) :
+		value;
+}
+
+function augmentWidthOrHeight( elem, name, extra, isBorderBox, styles ) {
+	var i,
+		val = 0;
+
+	// If we already have the right measurement, avoid augmentation
+	if ( extra === ( isBorderBox ? "border" : "content" ) ) {
+		i = 4;
+
+	// Otherwise initialize for horizontal or vertical properties
+	} else {
+		i = name === "width" ? 1 : 0;
+	}
+
+	for ( ; i < 4; i += 2 ) {
+
+		// Both box models exclude margin, so add it if we want it
+		if ( extra === "margin" ) {
+			val += jQuery.css( elem, extra + cssExpand[ i ], true, styles );
+		}
+
+		if ( isBorderBox ) {
+
+			// border-box includes padding, so remove it if we want content
+			if ( extra === "content" ) {
+				val -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
+			}
+
+			// At this point, extra isn't border nor margin, so remove border
+			if ( extra !== "margin" ) {
+				val -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
+			}
+		} else {
+
+			// At this point, extra isn't content, so add padding
+			val += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
+
+			// At this point, extra isn't content nor padding, so add border
+			if ( extra !== "padding" ) {
+				val += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
+			}
+		}
+	}
+
+	return val;
+}
+
+function getWidthOrHeight( elem, name, extra ) {
+
+	// Start with computed style
+	var valueIsBorderBox,
+		styles = getStyles( elem ),
+		val = curCSS( elem, name, styles ),
+		isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box";
+
+	// Computed unit is not pixels. Stop here and return.
+	if ( rnumnonpx.test( val ) ) {
+		return val;
+	}
+
+	// Check for style in case a browser which returns unreliable values
+	// for getComputedStyle silently falls back to the reliable elem.style
+	valueIsBorderBox = isBorderBox &&
+		( support.boxSizingReliable() || val === elem.style[ name ] );
+
+	// Fall back to offsetWidth/Height when value is "auto"
+	// This happens for inline elements with no explicit setting (gh-3571)
+	if ( val === "auto" ) {
+		val = elem[ "offset" + name[ 0 ].toUpperCase() + name.slice( 1 ) ];
+	}
+
+	// Normalize "", auto, and prepare for extra
+	val = parseFloat( val ) || 0;
+
+	// Use the active box-sizing model to add/subtract irrelevant styles
+	return ( val +
+		augmentWidthOrHeight(
+			elem,
+			name,
+			extra || ( isBorderBox ? "border" : "content" ),
+			valueIsBorderBox,
+			styles
+		)
+	) + "px";
+}
+
+jQuery.extend( {
+
+	// Add in style property hooks for overriding the default
+	// behavior of getting and setting a style property
+	cssHooks: {
+		opacity: {
+			get: function( elem, computed ) {
+				if ( computed ) {
+
+					// We should always get a number back from opacity
+					var ret = curCSS( elem, "opacity" );
+					return ret === "" ? "1" : ret;
+				}
+			}
+		}
+	},
+
+	// Don't automatically add "px" to these possibly-unitless properties
+	cssNumber: {
+		"animationIterationCount": true,
+		"columnCount": true,
+		"fillOpacity": true,
+		"flexGrow": true,
+		"flexShrink": true,
+		"fontWeight": true,
+		"lineHeight": true,
+		"opacity": true,
+		"order": true,
+		"orphans": true,
+		"widows": true,
+		"zIndex": true,
+		"zoom": true
+	},
+
+	// Add in properties whose names you wish to fix before
+	// setting or getting the value
+	cssProps: {
+		"float": "cssFloat"
+	},
+
+	// Get and set the style property on a DOM Node
+	style: function( elem, name, value, extra ) {
+
+		// Don't set styles on text and comment nodes
+		if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) {
+			return;
+		}
+
+		// Make sure that we're working with the right name
+		var ret, type, hooks,
+			origName = jQuery.camelCase( name ),
+			isCustomProp = rcustomProp.test( name ),
+			style = elem.style;
+
+		// Make sure that we're working with the right name. We don't
+		// want to query the value if it is a CSS custom property
+		// since they are user-defined.
+		if ( !isCustomProp ) {
+			name = finalPropName( origName );
+		}
+
+		// Gets hook for the prefixed version, then unprefixed version
+		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
+
+		// Check if we're setting a value
+		if ( value !== undefined ) {
+			type = typeof value;
+
+			// Convert "+=" or "-=" to relative numbers (#7345)
+			if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) {
+				value = adjustCSS( elem, name, ret );
+
+				// Fixes bug #9237
+				type = "number";
+			}
+
+			// Make sure that null and NaN values aren't set (#7116)
+			if ( value == null || value !== value ) {
+				return;
+			}
+
+			// If a number was passed in, add the unit (except for certain CSS properties)
+			if ( type === "number" ) {
+				value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" );
+			}
+
+			// background-* props affect original clone's values
+			if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) {
+				style[ name ] = "inherit";
+			}
+
+			// If a hook was provided, use that value, otherwise just set the specified value
+			if ( !hooks || !( "set" in hooks ) ||
+				( value = hooks.set( elem, value, extra ) ) !== undefined ) {
+
+				if ( isCustomProp ) {
+					style.setProperty( name, value );
+				} else {
+					style[ name ] = value;
+				}
+			}
+
+		} else {
+
+			// If a hook was provided get the non-computed value from there
+			if ( hooks && "get" in hooks &&
+				( ret = hooks.get( elem, false, extra ) ) !== undefined ) {
+
+				return ret;
+			}
+
+			// Otherwise just get the value from the style object
+			return style[ name ];
+		}
+	},
+
+	css: function( elem, name, extra, styles ) {
+		var val, num, hooks,
+			origName = jQuery.camelCase( name ),
+			isCustomProp = rcustomProp.test( name );
+
+		// Make sure that we're working with the right name. We don't
+		// want to modify the value if it is a CSS custom property
+		// since they are user-defined.
+		if ( !isCustomProp ) {
+			name = finalPropName( origName );
+		}
+
+		// Try prefixed name followed by the unprefixed name
+		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
+
+		// If a hook was provided get the computed value from there
+		if ( hooks && "get" in hooks ) {
+			val = hooks.get( elem, true, extra );
+		}
+
+		// Otherwise, if a way to get the computed value exists, use that
+		if ( val === undefined ) {
+			val = curCSS( elem, name, styles );
+		}
+
+		// Convert "normal" to computed value
+		if ( val === "normal" && name in cssNormalTransform ) {
+			val = cssNormalTransform[ name ];
+		}
+
+		// Make numeric if forced or a qualifier was provided and val looks numeric
+		if ( extra === "" || extra ) {
+			num = parseFloat( val );
+			return extra === true || isFinite( num ) ? num || 0 : val;
+		}
+
+		return val;
+	}
+} );
+
+jQuery.each( [ "height", "width" ], function( i, name ) {
+	jQuery.cssHooks[ name ] = {
+		get: function( elem, computed, extra ) {
+			if ( computed ) {
+
+				// Certain elements can have dimension info if we invisibly show them
+				// but it must have a current display style that would benefit
+				return rdisplayswap.test( jQuery.css( elem, "display" ) ) &&
+
+					// Support: Safari 8+
+					// Table columns in Safari have non-zero offsetWidth & zero
+					// getBoundingClientRect().width unless display is changed.
+					// Support: IE <=11 only
+					// Running getBoundingClientRect on a disconnected node
+					// in IE throws an error.
+					( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ?
+						swap( elem, cssShow, function() {
+							return getWidthOrHeight( elem, name, extra );
+						} ) :
+						getWidthOrHeight( elem, name, extra );
+			}
+		},
+
+		set: function( elem, value, extra ) {
+			var matches,
+				styles = extra && getStyles( elem ),
+				subtract = extra && augmentWidthOrHeight(
+					elem,
+					name,
+					extra,
+					jQuery.css( elem, "boxSizing", false, styles ) === "border-box",
+					styles
+				);
+
+			// Convert to pixels if value adjustment is needed
+			if ( subtract && ( matches = rcssNum.exec( value ) ) &&
+				( matches[ 3 ] || "px" ) !== "px" ) {
+
+				elem.style[ name ] = value;
+				value = jQuery.css( elem, name );
+			}
+
+			return setPositiveNumber( elem, value, subtract );
+		}
+	};
+} );
+
+jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft,
+	function( elem, computed ) {
+		if ( computed ) {
+			return ( parseFloat( curCSS( elem, "marginLeft" ) ) ||
+				elem.getBoundingClientRect().left -
+					swap( elem, { marginLeft: 0 }, function() {
+						return elem.getBoundingClientRect().left;
+					} )
+				) + "px";
+		}
+	}
+);
+
+// These hooks are used by animate to expand properties
+jQuery.each( {
+	margin: "",
+	padding: "",
+	border: "Width"
+}, function( prefix, suffix ) {
+	jQuery.cssHooks[ prefix + suffix ] = {
+		expand: function( value ) {
+			var i = 0,
+				expanded = {},
+
+				// Assumes a single number if not a string
+				parts = typeof value === "string" ? value.split( " " ) : [ value ];
+
+			for ( ; i < 4; i++ ) {
+				expanded[ prefix + cssExpand[ i ] + suffix ] =
+					parts[ i ] || parts[ i - 2 ] || parts[ 0 ];
+			}
+
+			return expanded;
+		}
+	};
+
+	if ( !rmargin.test( prefix ) ) {
+		jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber;
+	}
+} );
+
+jQuery.fn.extend( {
+	css: function( name, value ) {
+		return access( this, function( elem, name, value ) {
+			var styles, len,
+				map = {},
+				i = 0;
+
+			if ( Array.isArray( name ) ) {
+				styles = getStyles( elem );
+				len = name.length;
+
+				for ( ; i < len; i++ ) {
+					map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles );
+				}
+
+				return map;
+			}
+
+			return value !== undefined ?
+				jQuery.style( elem, name, value ) :
+				jQuery.css( elem, name );
+		}, name, value, arguments.length > 1 );
+	}
+} );
+
+
+function Tween( elem, options, prop, end, easing ) {
+	return new Tween.prototype.init( elem, options, prop, end, easing );
+}
+jQuery.Tween = Tween;
+
+Tween.prototype = {
+	constructor: Tween,
+	init: function( elem, options, prop, end, easing, unit ) {
+		this.elem = elem;
+		this.prop = prop;
+		this.easing = easing || jQuery.easing._default;
+		this.options = options;
+		this.start = this.now = this.cur();
+		this.end = end;
+		this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" );
+	},
+	cur: function() {
+		var hooks = Tween.propHooks[ this.prop ];
+
+		return hooks && hooks.get ?
+			hooks.get( this ) :
+			Tween.propHooks._default.get( this );
+	},
+	run: function( percent ) {
+		var eased,
+			hooks = Tween.propHooks[ this.prop ];
+
+		if ( this.options.duration ) {
+			this.pos = eased = jQuery.easing[ this.easing ](
+				percent, this.options.duration * percent, 0, 1, this.options.duration
+			);
+		} else {
+			this.pos = eased = percent;
+		}
+		this.now = ( this.end - this.start ) * eased + this.start;
+
+		if ( this.options.step ) {
+			this.options.step.call( this.elem, this.now, this );
+		}
+
+		if ( hooks && hooks.set ) {
+			hooks.set( this );
+		} else {
+			Tween.propHooks._default.set( this );
+		}
+		return this;
+	}
+};
+
+Tween.prototype.init.prototype = Tween.prototype;
+
+Tween.propHooks = {
+	_default: {
+		get: function( tween ) {
+			var result;
+
+			// Use a property on the element directly when it is not a DOM element,
+			// or when there is no matching style property that exists.
+			if ( tween.elem.nodeType !== 1 ||
+				tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) {
+				return tween.elem[ tween.prop ];
+			}
+
+			// Passing an empty string as a 3rd parameter to .css will automatically
+			// attempt a parseFloat and fallback to a string if the parse fails.
+			// Simple values such as "10px" are parsed to Float;
+			// complex values such as "rotate(1rad)" are returned as-is.
+			result = jQuery.css( tween.elem, tween.prop, "" );
+
+			// Empty strings, null, undefined and "auto" are converted to 0.
+			return !result || result === "auto" ? 0 : result;
+		},
+		set: function( tween ) {
+
+			// Use step hook for back compat.
+			// Use cssHook if its there.
+			// Use .style if available and use plain properties where available.
+			if ( jQuery.fx.step[ tween.prop ] ) {
+				jQuery.fx.step[ tween.prop ]( tween );
+			} else if ( tween.elem.nodeType === 1 &&
+				( tween.elem.style[ jQuery.cssProps[ tween.prop ] ] != null ||
+					jQuery.cssHooks[ tween.prop ] ) ) {
+				jQuery.style( tween.elem, tween.prop, tween.now + tween.unit );
+			} else {
+				tween.elem[ tween.prop ] = tween.now;
+			}
+		}
+	}
+};
+
+// Support: IE <=9 only
+// Panic based approach to setting things on disconnected nodes
+Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = {
+	set: function( tween ) {
+		if ( tween.elem.nodeType && tween.elem.parentNode ) {
+			tween.elem[ tween.prop ] = tween.now;
+		}
+	}
+};
+
+jQuery.easing = {
+	linear: function( p ) {
+		return p;
+	},
+	swing: function( p ) {
+		return 0.5 - Math.cos( p * Math.PI ) / 2;
+	},
+	_default: "swing"
+};
+
+jQuery.fx = Tween.prototype.init;
+
+// Back compat <1.8 extension point
+jQuery.fx.step = {};
+
+
+
+
+var
+	fxNow, inProgress,
+	rfxtypes = /^(?:toggle|show|hide)$/,
+	rrun = /queueHooks$/;
+
+function schedule() {
+	if ( inProgress ) {
+		if ( document.hidden === false && window.requestAnimationFrame ) {
+			window.requestAnimationFrame( schedule );
+		} else {
+			window.setTimeout( schedule, jQuery.fx.interval );
+		}
+
+		jQuery.fx.tick();
+	}
+}
+
+// Animations created synchronously will run synchronously
+function createFxNow() {
+	window.setTimeout( function() {
+		fxNow = undefined;
+	} );
+	return ( fxNow = jQuery.now() );
+}
+
+// Generate parameters to create a standard animation
+function genFx( type, includeWidth ) {
+	var which,
+		i = 0,
+		attrs = { height: type };
+
+	// If we include width, step value is 1 to do all cssExpand values,
+	// otherwise step value is 2 to skip over Left and Right
+	includeWidth = includeWidth ? 1 : 0;
+	for ( ; i < 4; i += 2 - includeWidth ) {
+		which = cssExpand[ i ];
+		attrs[ "margin" + which ] = attrs[ "padding" + which ] = type;
+	}
+
+	if ( includeWidth ) {
+		attrs.opacity = attrs.width = type;
+	}
+
+	return attrs;
+}
+
+function createTween( value, prop, animation ) {
+	var tween,
+		collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ),
+		index = 0,
+		length = collection.length;
+	for ( ; index < length; index++ ) {
+		if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) {
+
+			// We're done with this property
+			return tween;
+		}
+	}
+}
+
+function defaultPrefilter( elem, props, opts ) {
+	var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display,
+		isBox = "width" in props || "height" in props,
+		anim = this,
+		orig = {},
+		style = elem.style,
+		hidden = elem.nodeType && isHiddenWithinTree( elem ),
+		dataShow = dataPriv.get( elem, "fxshow" );
+
+	// Queue-skipping animations hijack the fx hooks
+	if ( !opts.queue ) {
+		hooks = jQuery._queueHooks( elem, "fx" );
+		if ( hooks.unqueued == null ) {
+			hooks.unqueued = 0;
+			oldfire = hooks.empty.fire;
+			hooks.empty.fire = function() {
+				if ( !hooks.unqueued ) {
+					oldfire();
+				}
+			};
+		}
+		hooks.unqueued++;
+
+		anim.always( function() {
+
+			// Ensure the complete handler is called before this completes
+			anim.always( function() {
+				hooks.unqueued--;
+				if ( !jQuery.queue( elem, "fx" ).length ) {
+					hooks.empty.fire();
+				}
+			} );
+		} );
+	}
+
+	// Detect show/hide animations
+	for ( prop in props ) {
+		value = props[ prop ];
+		if ( rfxtypes.test( value ) ) {
+			delete props[ prop ];
+			toggle = toggle || value === "toggle";
+			if ( value === ( hidden ? "hide" : "show" ) ) {
+
+				// Pretend to be hidden if this is a "show" and
+				// there is still data from a stopped show/hide
+				if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) {
+					hidden = true;
+
+				// Ignore all other no-op show/hide data
+				} else {
+					continue;
+				}
+			}
+			orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop );
+		}
+	}
+
+	// Bail out if this is a no-op like .hide().hide()
+	propTween = !jQuery.isEmptyObject( props );
+	if ( !propTween && jQuery.isEmptyObject( orig ) ) {
+		return;
+	}
+
+	// Restrict "overflow" and "display" styles during box animations
+	if ( isBox && elem.nodeType === 1 ) {
+
+		// Support: IE <=9 - 11, Edge 12 - 13
+		// Record all 3 overflow attributes because IE does not infer the shorthand
+		// from identically-valued overflowX and overflowY
+		opts.overflow = [ style.overflow, style.overflowX, style.overflowY ];
+
+		// Identify a display type, preferring old show/hide data over the CSS cascade
+		restoreDisplay = dataShow && dataShow.display;
+		if ( restoreDisplay == null ) {
+			restoreDisplay = dataPriv.get( elem, "display" );
+		}
+		display = jQuery.css( elem, "display" );
+		if ( display === "none" ) {
+			if ( restoreDisplay ) {
+				display = restoreDisplay;
+			} else {
+
+				// Get nonempty value(s) by temporarily forcing visibility
+				showHide( [ elem ], true );
+				restoreDisplay = elem.style.display || restoreDisplay;
+				display = jQuery.css( elem, "display" );
+				showHide( [ elem ] );
+			}
+		}
+
+		// Animate inline elements as inline-block
+		if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) {
+			if ( jQuery.css( elem, "float" ) === "none" ) {
+
+				// Restore the original display value at the end of pure show/hide animations
+				if ( !propTween ) {
+					anim.done( function() {
+						style.display = restoreDisplay;
+					} );
+					if ( restoreDisplay == null ) {
+						display = style.display;
+						restoreDisplay = display === "none" ? "" : display;
+					}
+				}
+				style.display = "inline-block";
+			}
+		}
+	}
+
+	if ( opts.overflow ) {
+		style.overflow = "hidden";
+		anim.always( function() {
+			style.overflow = opts.overflow[ 0 ];
+			style.overflowX = opts.overflow[ 1 ];
+			style.overflowY = opts.overflow[ 2 ];
+		} );
+	}
+
+	// Implement show/hide animations
+	propTween = false;
+	for ( prop in orig ) {
+
+		// General show/hide setup for this element animation
+		if ( !propTween ) {
+			if ( dataShow ) {
+				if ( "hidden" in dataShow ) {
+					hidden = dataShow.hidden;
+				}
+			} else {
+				dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } );
+			}
+
+			// Store hidden/visible for toggle so `.stop().toggle()` "reverses"
+			if ( toggle ) {
+				dataShow.hidden = !hidden;
+			}
+
+			// Show elements before animating them
+			if ( hidden ) {
+				showHide( [ elem ], true );
+			}
+
+			/* eslint-disable no-loop-func */
+
+			anim.done( function() {
+
+			/* eslint-enable no-loop-func */
+
+				// The final step of a "hide" animation is actually hiding the element
+				if ( !hidden ) {
+					showHide( [ elem ] );
+				}
+				dataPriv.remove( elem, "fxshow" );
+				for ( prop in orig ) {
+					jQuery.style( elem, prop, orig[ prop ] );
+				}
+			} );
+		}
+
+		// Per-property setup
+		propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim );
+		if ( !( prop in dataShow ) ) {
+			dataShow[ prop ] = propTween.start;
+			if ( hidden ) {
+				propTween.end = propTween.start;
+				propTween.start = 0;
+			}
+		}
+	}
+}
+
+function propFilter( props, specialEasing ) {
+	var index, name, easing, value, hooks;
+
+	// camelCase, specialEasing and expand cssHook pass
+	for ( index in props ) {
+		name = jQuery.camelCase( index );
+		easing = specialEasing[ name ];
+		value = props[ index ];
+		if ( Array.isArray( value ) ) {
+			easing = value[ 1 ];
+			value = props[ index ] = value[ 0 ];
+		}
+
+		if ( index !== name ) {
+			props[ name ] = value;
+			delete props[ index ];
+		}
+
+		hooks = jQuery.cssHooks[ name ];
+		if ( hooks && "expand" in hooks ) {
+			value = hooks.expand( value );
+			delete props[ name ];
+
+			// Not quite $.extend, this won't overwrite existing keys.
+			// Reusing 'index' because we have the correct "name"
+			for ( index in value ) {
+				if ( !( index in props ) ) {
+					props[ index ] = value[ index ];
+					specialEasing[ index ] = easing;
+				}
+			}
+		} else {
+			specialEasing[ name ] = easing;
+		}
+	}
+}
+
+function Animation( elem, properties, options ) {
+	var result,
+		stopped,
+		index = 0,
+		length = Animation.prefilters.length,
+		deferred = jQuery.Deferred().always( function() {
+
+			// Don't match elem in the :animated selector
+			delete tick.elem;
+		} ),
+		tick = function() {
+			if ( stopped ) {
+				return false;
+			}
+			var currentTime = fxNow || createFxNow(),
+				remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ),
+
+				// Support: Android 2.3 only
+				// Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497)
+				temp = remaining / animation.duration || 0,
+				percent = 1 - temp,
+				index = 0,
+				length = animation.tweens.length;
+
+			for ( ; index < length; index++ ) {
+				animation.tweens[ index ].run( percent );
+			}
+
+			deferred.notifyWith( elem, [ animation, percent, remaining ] );
+
+			// If there's more to do, yield
+			if ( percent < 1 && length ) {
+				return remaining;
+			}
+
+			// If this was an empty animation, synthesize a final progress notification
+			if ( !length ) {
+				deferred.notifyWith( elem, [ animation, 1, 0 ] );
+			}
+
+			// Resolve the animation and report its conclusion
+			deferred.resolveWith( elem, [ animation ] );
+			return false;
+		},
+		animation = deferred.promise( {
+			elem: elem,
+			props: jQuery.extend( {}, properties ),
+			opts: jQuery.extend( true, {
+				specialEasing: {},
+				easing: jQuery.easing._default
+			}, options ),
+			originalProperties: properties,
+			originalOptions: options,
+			startTime: fxNow || createFxNow(),
+			duration: options.duration,
+			tweens: [],
+			createTween: function( prop, end ) {
+				var tween = jQuery.Tween( elem, animation.opts, prop, end,
+						animation.opts.specialEasing[ prop ] || animation.opts.easing );
+				animation.tweens.push( tween );
+				return tween;
+			},
+			stop: function( gotoEnd ) {
+				var index = 0,
+
+					// If we are going to the end, we want to run all the tweens
+					// otherwise we skip this part
+					length = gotoEnd ? animation.tweens.length : 0;
+				if ( stopped ) {
+					return this;
+				}
+				stopped = true;
+				for ( ; index < length; index++ ) {
+					animation.tweens[ index ].run( 1 );
+				}
+
+				// Resolve when we played the last frame; otherwise, reject
+				if ( gotoEnd ) {
+					deferred.notifyWith( elem, [ animation, 1, 0 ] );
+					deferred.resolveWith( elem, [ animation, gotoEnd ] );
+				} else {
+					deferred.rejectWith( elem, [ animation, gotoEnd ] );
+				}
+				return this;
+			}
+		} ),
+		props = animation.props;
+
+	propFilter( props, animation.opts.specialEasing );
+
+	for ( ; index < length; index++ ) {
+		result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts );
+		if ( result ) {
+			if ( jQuery.isFunction( result.stop ) ) {
+				jQuery._queueHooks( animation.elem, animation.opts.queue ).stop =
+					jQuery.proxy( result.stop, result );
+			}
+			return result;
+		}
+	}
+
+	jQuery.map( props, createTween, animation );
+
+	if ( jQuery.isFunction( animation.opts.start ) ) {
+		animation.opts.start.call( elem, animation );
+	}
+
+	// Attach callbacks from options
+	animation
+		.progress( animation.opts.progress )
+		.done( animation.opts.done, animation.opts.complete )
+		.fail( animation.opts.fail )
+		.always( animation.opts.always );
+
+	jQuery.fx.timer(
+		jQuery.extend( tick, {
+			elem: elem,
+			anim: animation,
+			queue: animation.opts.queue
+		} )
+	);
+
+	return animation;
+}
+
+jQuery.Animation = jQuery.extend( Animation, {
+
+	tweeners: {
+		"*": [ function( prop, value ) {
+			var tween = this.createTween( prop, value );
+			adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween );
+			return tween;
+		} ]
+	},
+
+	tweener: function( props, callback ) {
+		if ( jQuery.isFunction( props ) ) {
+			callback = props;
+			props = [ "*" ];
+		} else {
+			props = props.match( rnothtmlwhite );
+		}
+
+		var prop,
+			index = 0,
+			length = props.length;
+
+		for ( ; index < length; index++ ) {
+			prop = props[ index ];
+			Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || [];
+			Animation.tweeners[ prop ].unshift( callback );
+		}
+	},
+
+	prefilters: [ defaultPrefilter ],
+
+	prefilter: function( callback, prepend ) {
+		if ( prepend ) {
+			Animation.prefilters.unshift( callback );
+		} else {
+			Animation.prefilters.push( callback );
+		}
+	}
+} );
+
+jQuery.speed = function( speed, easing, fn ) {
+	var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : {
+		complete: fn || !fn && easing ||
+			jQuery.isFunction( speed ) && speed,
+		duration: speed,
+		easing: fn && easing || easing && !jQuery.isFunction( easing ) && easing
+	};
+
+	// Go to the end state if fx are off
+	if ( jQuery.fx.off ) {
+		opt.duration = 0;
+
+	} else {
+		if ( typeof opt.duration !== "number" ) {
+			if ( opt.duration in jQuery.fx.speeds ) {
+				opt.duration = jQuery.fx.speeds[ opt.duration ];
+
+			} else {
+				opt.duration = jQuery.fx.speeds._default;
+			}
+		}
+	}
+
+	// Normalize opt.queue - true/undefined/null -> "fx"
+	if ( opt.queue == null || opt.queue === true ) {
+		opt.queue = "fx";
+	}
+
+	// Queueing
+	opt.old = opt.complete;
+
+	opt.complete = function() {
+		if ( jQuery.isFunction( opt.old ) ) {
+			opt.old.call( this );
+		}
+
+		if ( opt.queue ) {
+			jQuery.dequeue( this, opt.queue );
+		}
+	};
+
+	return opt;
+};
+
+jQuery.fn.extend( {
+	fadeTo: function( speed, to, easing, callback ) {
+
+		// Show any hidden elements after setting opacity to 0
+		return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show()
+
+			// Animate to the value specified
+			.end().animate( { opacity: to }, speed, easing, callback );
+	},
+	animate: function( prop, speed, easing, callback ) {
+		var empty = jQuery.isEmptyObject( prop ),
+			optall = jQuery.speed( speed, easing, callback ),
+			doAnimation = function() {
+
+				// Operate on a copy of prop so per-property easing won't be lost
+				var anim = Animation( this, jQuery.extend( {}, prop ), optall );
+
+				// Empty animations, or finishing resolves immediately
+				if ( empty || dataPriv.get( this, "finish" ) ) {
+					anim.stop( true );
+				}
+			};
+			doAnimation.finish = doAnimation;
+
+		return empty || optall.queue === false ?
+			this.each( doAnimation ) :
+			this.queue( optall.queue, doAnimation );
+	},
+	stop: function( type, clearQueue, gotoEnd ) {
+		var stopQueue = function( hooks ) {
+			var stop = hooks.stop;
+			delete hooks.stop;
+			stop( gotoEnd );
+		};
+
+		if ( typeof type !== "string" ) {
+			gotoEnd = clearQueue;
+			clearQueue = type;
+			type = undefined;
+		}
+		if ( clearQueue && type !== false ) {
+			this.queue( type || "fx", [] );
+		}
+
+		return this.each( function() {
+			var dequeue = true,
+				index = type != null && type + "queueHooks",
+				timers = jQuery.timers,
+				data = dataPriv.get( this );
+
+			if ( index ) {
+				if ( data[ index ] && data[ index ].stop ) {
+					stopQueue( data[ index ] );
+				}
+			} else {
+				for ( index in data ) {
+					if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) {
+						stopQueue( data[ index ] );
+					}
+				}
+			}
+
+			for ( index = timers.length; index--; ) {
+				if ( timers[ index ].elem === this &&
+					( type == null || timers[ index ].queue === type ) ) {
+
+					timers[ index ].anim.stop( gotoEnd );
+					dequeue = false;
+					timers.splice( index, 1 );
+				}
+			}
+
+			// Start the next in the queue if the last step wasn't forced.
+			// Timers currently will call their complete callbacks, which
+			// will dequeue but only if they were gotoEnd.
+			if ( dequeue || !gotoEnd ) {
+				jQuery.dequeue( this, type );
+			}
+		} );
+	},
+	finish: function( type ) {
+		if ( type !== false ) {
+			type = type || "fx";
+		}
+		return this.each( function() {
+			var index,
+				data = dataPriv.get( this ),
+				queue = data[ type + "queue" ],
+				hooks = data[ type + "queueHooks" ],
+				timers = jQuery.timers,
+				length = queue ? queue.length : 0;
+
+			// Enable finishing flag on private data
+			data.finish = true;
+
+			// Empty the queue first
+			jQuery.queue( this, type, [] );
+
+			if ( hooks && hooks.stop ) {
+				hooks.stop.call( this, true );
+			}
+
+			// Look for any active animations, and finish them
+			for ( index = timers.length; index--; ) {
+				if ( timers[ index ].elem === this && timers[ index ].queue === type ) {
+					timers[ index ].anim.stop( true );
+					timers.splice( index, 1 );
+				}
+			}
+
+			// Look for any animations in the old queue and finish them
+			for ( index = 0; index < length; index++ ) {
+				if ( queue[ index ] && queue[ index ].finish ) {
+					queue[ index ].finish.call( this );
+				}
+			}
+
+			// Turn off finishing flag
+			delete data.finish;
+		} );
+	}
+} );
+
+jQuery.each( [ "toggle", "show", "hide" ], function( i, name ) {
+	var cssFn = jQuery.fn[ name ];
+	jQuery.fn[ name ] = function( speed, easing, callback ) {
+		return speed == null || typeof speed === "boolean" ?
+			cssFn.apply( this, arguments ) :
+			this.animate( genFx( name, true ), speed, easing, callback );
+	};
+} );
+
+// Generate shortcuts for custom animations
+jQuery.each( {
+	slideDown: genFx( "show" ),
+	slideUp: genFx( "hide" ),
+	slideToggle: genFx( "toggle" ),
+	fadeIn: { opacity: "show" },
+	fadeOut: { opacity: "hide" },
+	fadeToggle: { opacity: "toggle" }
+}, function( name, props ) {
+	jQuery.fn[ name ] = function( speed, easing, callback ) {
+		return this.animate( props, speed, easing, callback );
+	};
+} );
+
+jQuery.timers = [];
+jQuery.fx.tick = function() {
+	var timer,
+		i = 0,
+		timers = jQuery.timers;
+
+	fxNow = jQuery.now();
+
+	for ( ; i < timers.length; i++ ) {
+		timer = timers[ i ];
+
+		// Run the timer and safely remove it when done (allowing for external removal)
+		if ( !timer() && timers[ i ] === timer ) {
+			timers.splice( i--, 1 );
+		}
+	}
+
+	if ( !timers.length ) {
+		jQuery.fx.stop();
+	}
+	fxNow = undefined;
+};
+
+jQuery.fx.timer = function( timer ) {
+	jQuery.timers.push( timer );
+	jQuery.fx.start();
+};
+
+jQuery.fx.interval = 13;
+jQuery.fx.start = function() {
+	if ( inProgress ) {
+		return;
+	}
+
+	inProgress = true;
+	schedule();
+};
+
+jQuery.fx.stop = function() {
+	inProgress = null;
+};
+
+jQuery.fx.speeds = {
+	slow: 600,
+	fast: 200,
+
+	// Default speed
+	_default: 400
+};
+
+
+// Based off of the plugin by Clint Helfers, with permission.
+// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
+jQuery.fn.delay = function( time, type ) {
+	time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
+	type = type || "fx";
+
+	return this.queue( type, function( next, hooks ) {
+		var timeout = window.setTimeout( next, time );
+		hooks.stop = function() {
+			window.clearTimeout( timeout );
+		};
+	} );
+};
+
+
+( function() {
+	var input = document.createElement( "input" ),
+		select = document.createElement( "select" ),
+		opt = select.appendChild( document.createElement( "option" ) );
+
+	input.type = "checkbox";
+
+	// Support: Android <=4.3 only
+	// Default value for a checkbox should be "on"
+	support.checkOn = input.value !== "";
+
+	// Support: IE <=11 only
+	// Must access selectedIndex to make default options select
+	support.optSelected = opt.selected;
+
+	// Support: IE <=11 only
+	// An input loses its value after becoming a radio
+	input = document.createElement( "input" );
+	input.value = "t";
+	input.type = "radio";
+	support.radioValue = input.value === "t";
+} )();
+
+
+var boolHook,
+	attrHandle = jQuery.expr.attrHandle;
+
+jQuery.fn.extend( {
+	attr: function( name, value ) {
+		return access( this, jQuery.attr, name, value, arguments.length > 1 );
+	},
+
+	removeAttr: function( name ) {
+		return this.each( function() {
+			jQuery.removeAttr( this, name );
+		} );
+	}
+} );
+
+jQuery.extend( {
+	attr: function( elem, name, value ) {
+		var ret, hooks,
+			nType = elem.nodeType;
+
+		// Don't get/set attributes on text, comment and attribute nodes
+		if ( nType === 3 || nType === 8 || nType === 2 ) {
+			return;
+		}
+
+		// Fallback to prop when attributes are not supported
+		if ( typeof elem.getAttribute === "undefined" ) {
+			return jQuery.prop( elem, name, value );
+		}
+
+		// Attribute hooks are determined by the lowercase version
+		// Grab necessary hook if one is defined
+		if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) {
+			hooks = jQuery.attrHooks[ name.toLowerCase() ] ||
+				( jQuery.expr.match.bool.test( name ) ? boolHook : undefined );
+		}
+
+		if ( value !== undefined ) {
+			if ( value === null ) {
+				jQuery.removeAttr( elem, name );
+				return;
+			}
+
+			if ( hooks && "set" in hooks &&
+				( ret = hooks.set( elem, value, name ) ) !== undefined ) {
+				return ret;
+			}
+
+			elem.setAttribute( name, value + "" );
+			return value;
+		}
+
+		if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) {
+			return ret;
+		}
+
+		ret = jQuery.find.attr( elem, name );
+
+		// Non-existent attributes return null, we normalize to undefined
+		return ret == null ? undefined : ret;
+	},
+
+	attrHooks: {
+		type: {
+			set: function( elem, value ) {
+				if ( !support.radioValue && value === "radio" &&
+					nodeName( elem, "input" ) ) {
+					var val = elem.value;
+					elem.setAttribute( "type", value );
+					if ( val ) {
+						elem.value = val;
+					}
+					return value;
+				}
+			}
+		}
+	},
+
+	removeAttr: function( elem, value ) {
+		var name,
+			i = 0,
+
+			// Attribute names can contain non-HTML whitespace characters
+			// https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
+			attrNames = value && value.match( rnothtmlwhite );
+
+		if ( attrNames && elem.nodeType === 1 ) {
+			while ( ( name = attrNames[ i++ ] ) ) {
+				elem.removeAttribute( name );
+			}
+		}
+	}
+} );
+
+// Hooks for boolean attributes
+boolHook = {
+	set: function( elem, value, name ) {
+		if ( value === false ) {
+
+			// Remove boolean attributes when set to false
+			jQuery.removeAttr( elem, name );
+		} else {
+			elem.setAttribute( name, name );
+		}
+		return name;
+	}
+};
+
+jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( i, name ) {
+	var getter = attrHandle[ name ] || jQuery.find.attr;
+
+	attrHandle[ name ] = function( elem, name, isXML ) {
+		var ret, handle,
+			lowercaseName = name.toLowerCase();
+
+		if ( !isXML ) {
+
+			// Avoid an infinite loop by temporarily removing this function from the getter
+			handle = attrHandle[ lowercaseName ];
+			attrHandle[ lowercaseName ] = ret;
+			ret = getter( elem, name, isXML ) != null ?
+				lowercaseName :
+				null;
+			attrHandle[ lowercaseName ] = handle;
+		}
+		return ret;
+	};
+} );
+
+
+
+
+var rfocusable = /^(?:input|select|textarea|button)$/i,
+	rclickable = /^(?:a|area)$/i;
+
+jQuery.fn.extend( {
+	prop: function( name, value ) {
+		return access( this, jQuery.prop, name, value, arguments.length > 1 );
+	},
+
+	removeProp: function( name ) {
+		return this.each( function() {
+			delete this[ jQuery.propFix[ name ] || name ];
+		} );
+	}
+} );
+
+jQuery.extend( {
+	prop: function( elem, name, value ) {
+		var ret, hooks,
+			nType = elem.nodeType;
+
+		// Don't get/set properties on text, comment and attribute nodes
+		if ( nType === 3 || nType === 8 || nType === 2 ) {
+			return;
+		}
+
+		if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) {
+
+			// Fix name and attach hooks
+			name = jQuery.propFix[ name ] || name;
+			hooks = jQuery.propHooks[ name ];
+		}
+
+		if ( value !== undefined ) {
+			if ( hooks && "set" in hooks &&
+				( ret = hooks.set( elem, value, name ) ) !== undefined ) {
+				return ret;
+			}
+
+			return ( elem[ name ] = value );
+		}
+
+		if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) {
+			return ret;
+		}
+
+		return elem[ name ];
+	},
+
+	propHooks: {
+		tabIndex: {
+			get: function( elem ) {
+
+				// Support: IE <=9 - 11 only
+				// elem.tabIndex doesn't always return the
+				// correct value when it hasn't been explicitly set
+				// https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/
+				// Use proper attribute retrieval(#12072)
+				var tabindex = jQuery.find.attr( elem, "tabindex" );
+
+				if ( tabindex ) {
+					return parseInt( tabindex, 10 );
+				}
+
+				if (
+					rfocusable.test( elem.nodeName ) ||
+					rclickable.test( elem.nodeName ) &&
+					elem.href
+				) {
+					return 0;
+				}
+
+				return -1;
+			}
+		}
+	},
+
+	propFix: {
+		"for": "htmlFor",
+		"class": "className"
+	}
+} );
+
+// Support: IE <=11 only
+// Accessing the selectedIndex property
+// forces the browser to respect setting selected
+// on the option
+// The getter ensures a default option is selected
+// when in an optgroup
+// eslint rule "no-unused-expressions" is disabled for this code
+// since it considers such accessions noop
+if ( !support.optSelected ) {
+	jQuery.propHooks.selected = {
+		get: function( elem ) {
+
+			/* eslint no-unused-expressions: "off" */
+
+			var parent = elem.parentNode;
+			if ( parent && parent.parentNode ) {
+				parent.parentNode.selectedIndex;
+			}
+			return null;
+		},
+		set: function( elem ) {
+
+			/* eslint no-unused-expressions: "off" */
+
+			var parent = elem.parentNode;
+			if ( parent ) {
+				parent.selectedIndex;
+
+				if ( parent.parentNode ) {
+					parent.parentNode.selectedIndex;
+				}
+			}
+		}
+	};
+}
+
+jQuery.each( [
+	"tabIndex",
+	"readOnly",
+	"maxLength",
+	"cellSpacing",
+	"cellPadding",
+	"rowSpan",
+	"colSpan",
+	"useMap",
+	"frameBorder",
+	"contentEditable"
+], function() {
+	jQuery.propFix[ this.toLowerCase() ] = this;
+} );
+
+
+
+
+	// Strip and collapse whitespace according to HTML spec
+	// https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace
+	function stripAndCollapse( value ) {
+		var tokens = value.match( rnothtmlwhite ) || [];
+		return tokens.join( " " );
+	}
+
+
+function getClass( elem ) {
+	return elem.getAttribute && elem.getAttribute( "class" ) || "";
+}
+
+jQuery.fn.extend( {
+	addClass: function( value ) {
+		var classes, elem, cur, curValue, clazz, j, finalValue,
+			i = 0;
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each( function( j ) {
+				jQuery( this ).addClass( value.call( this, j, getClass( this ) ) );
+			} );
+		}
+
+		if ( typeof value === "string" && value ) {
+			classes = value.match( rnothtmlwhite ) || [];
+
+			while ( ( elem = this[ i++ ] ) ) {
+				curValue = getClass( elem );
+				cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " );
+
+				if ( cur ) {
+					j = 0;
+					while ( ( clazz = classes[ j++ ] ) ) {
+						if ( cur.indexOf( " " + clazz + " " ) < 0 ) {
+							cur += clazz + " ";
+						}
+					}
+
+					// Only assign if different to avoid unneeded rendering.
+					finalValue = stripAndCollapse( cur );
+					if ( curValue !== finalValue ) {
+						elem.setAttribute( "class", finalValue );
+					}
+				}
+			}
+		}
+
+		return this;
+	},
+
+	removeClass: function( value ) {
+		var classes, elem, cur, curValue, clazz, j, finalValue,
+			i = 0;
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each( function( j ) {
+				jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) );
+			} );
+		}
+
+		if ( !arguments.length ) {
+			return this.attr( "class", "" );
+		}
+
+		if ( typeof value === "string" && value ) {
+			classes = value.match( rnothtmlwhite ) || [];
+
+			while ( ( elem = this[ i++ ] ) ) {
+				curValue = getClass( elem );
+
+				// This expression is here for better compressibility (see addClass)
+				cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " );
+
+				if ( cur ) {
+					j = 0;
+					while ( ( clazz = classes[ j++ ] ) ) {
+
+						// Remove *all* instances
+						while ( cur.indexOf( " " + clazz + " " ) > -1 ) {
+							cur = cur.replace( " " + clazz + " ", " " );
+						}
+					}
+
+					// Only assign if different to avoid unneeded rendering.
+					finalValue = stripAndCollapse( cur );
+					if ( curValue !== finalValue ) {
+						elem.setAttribute( "class", finalValue );
+					}
+				}
+			}
+		}
+
+		return this;
+	},
+
+	toggleClass: function( value, stateVal ) {
+		var type = typeof value;
+
+		if ( typeof stateVal === "boolean" && type === "string" ) {
+			return stateVal ? this.addClass( value ) : this.removeClass( value );
+		}
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each( function( i ) {
+				jQuery( this ).toggleClass(
+					value.call( this, i, getClass( this ), stateVal ),
+					stateVal
+				);
+			} );
+		}
+
+		return this.each( function() {
+			var className, i, self, classNames;
+
+			if ( type === "string" ) {
+
+				// Toggle individual class names
+				i = 0;
+				self = jQuery( this );
+				classNames = value.match( rnothtmlwhite ) || [];
+
+				while ( ( className = classNames[ i++ ] ) ) {
+
+					// Check each className given, space separated list
+					if ( self.hasClass( className ) ) {
+						self.removeClass( className );
+					} else {
+						self.addClass( className );
+					}
+				}
+
+			// Toggle whole class name
+			} else if ( value === undefined || type === "boolean" ) {
+				className = getClass( this );
+				if ( className ) {
+
+					// Store className if set
+					dataPriv.set( this, "__className__", className );
+				}
+
+				// If the element has a class name or if we're passed `false`,
+				// then remove the whole classname (if there was one, the above saved it).
+				// Otherwise bring back whatever was previously saved (if anything),
+				// falling back to the empty string if nothing was stored.
+				if ( this.setAttribute ) {
+					this.setAttribute( "class",
+						className || value === false ?
+						"" :
+						dataPriv.get( this, "__className__" ) || ""
+					);
+				}
+			}
+		} );
+	},
+
+	hasClass: function( selector ) {
+		var className, elem,
+			i = 0;
+
+		className = " " + selector + " ";
+		while ( ( elem = this[ i++ ] ) ) {
+			if ( elem.nodeType === 1 &&
+				( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) {
+					return true;
+			}
+		}
+
+		return false;
+	}
+} );
+
+
+
+
+var rreturn = /\r/g;
+
+jQuery.fn.extend( {
+	val: function( value ) {
+		var hooks, ret, isFunction,
+			elem = this[ 0 ];
+
+		if ( !arguments.length ) {
+			if ( elem ) {
+				hooks = jQuery.valHooks[ elem.type ] ||
+					jQuery.valHooks[ elem.nodeName.toLowerCase() ];
+
+				if ( hooks &&
+					"get" in hooks &&
+					( ret = hooks.get( elem, "value" ) ) !== undefined
+				) {
+					return ret;
+				}
+
+				ret = elem.value;
+
+				// Handle most common string cases
+				if ( typeof ret === "string" ) {
+					return ret.replace( rreturn, "" );
+				}
+
+				// Handle cases where value is null/undef or number
+				return ret == null ? "" : ret;
+			}
+
+			return;
+		}
+
+		isFunction = jQuery.isFunction( value );
+
+		return this.each( function( i ) {
+			var val;
+
+			if ( this.nodeType !== 1 ) {
+				return;
+			}
+
+			if ( isFunction ) {
+				val = value.call( this, i, jQuery( this ).val() );
+			} else {
+				val = value;
+			}
+
+			// Treat null/undefined as ""; convert numbers to string
+			if ( val == null ) {
+				val = "";
+
+			} else if ( typeof val === "number" ) {
+				val += "";
+
+			} else if ( Array.isArray( val ) ) {
+				val = jQuery.map( val, function( value ) {
+					return value == null ? "" : value + "";
+				} );
+			}
+
+			hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ];
+
+			// If set returns undefined, fall back to normal setting
+			if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) {
+				this.value = val;
+			}
+		} );
+	}
+} );
+
+jQuery.extend( {
+	valHooks: {
+		option: {
+			get: function( elem ) {
+
+				var val = jQuery.find.attr( elem, "value" );
+				return val != null ?
+					val :
+
+					// Support: IE <=10 - 11 only
+					// option.text throws exceptions (#14686, #14858)
+					// Strip and collapse whitespace
+					// https://html.spec.whatwg.org/#strip-and-collapse-whitespace
+					stripAndCollapse( jQuery.text( elem ) );
+			}
+		},
+		select: {
+			get: function( elem ) {
+				var value, option, i,
+					options = elem.options,
+					index = elem.selectedIndex,
+					one = elem.type === "select-one",
+					values = one ? null : [],
+					max = one ? index + 1 : options.length;
+
+				if ( index < 0 ) {
+					i = max;
+
+				} else {
+					i = one ? index : 0;
+				}
+
+				// Loop through all the selected options
+				for ( ; i < max; i++ ) {
+					option = options[ i ];
+
+					// Support: IE <=9 only
+					// IE8-9 doesn't update selected after form reset (#2551)
+					if ( ( option.selected || i === index ) &&
+
+							// Don't return options that are disabled or in a disabled optgroup
+							!option.disabled &&
+							( !option.parentNode.disabled ||
+								!nodeName( option.parentNode, "optgroup" ) ) ) {
+
+						// Get the specific value for the option
+						value = jQuery( option ).val();
+
+						// We don't need an array for one selects
+						if ( one ) {
+							return value;
+						}
+
+						// Multi-Selects return an array
+						values.push( value );
+					}
+				}
+
+				return values;
+			},
+
+			set: function( elem, value ) {
+				var optionSet, option,
+					options = elem.options,
+					values = jQuery.makeArray( value ),
+					i = options.length;
+
+				while ( i-- ) {
+					option = options[ i ];
+
+					/* eslint-disable no-cond-assign */
+
+					if ( option.selected =
+						jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1
+					) {
+						optionSet = true;
+					}
+
+					/* eslint-enable no-cond-assign */
+				}
+
+				// Force browsers to behave consistently when non-matching value is set
+				if ( !optionSet ) {
+					elem.selectedIndex = -1;
+				}
+				return values;
+			}
+		}
+	}
+} );
+
+// Radios and checkboxes getter/setter
+jQuery.each( [ "radio", "checkbox" ], function() {
+	jQuery.valHooks[ this ] = {
+		set: function( elem, value ) {
+			if ( Array.isArray( value ) ) {
+				return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 );
+			}
+		}
+	};
+	if ( !support.checkOn ) {
+		jQuery.valHooks[ this ].get = function( elem ) {
+			return elem.getAttribute( "value" ) === null ? "on" : elem.value;
+		};
+	}
+} );
+
+
+
+
+// Return jQuery for attributes-only inclusion
+
+
+var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/;
+
+jQuery.extend( jQuery.event, {
+
+	trigger: function( event, data, elem, onlyHandlers ) {
+
+		var i, cur, tmp, bubbleType, ontype, handle, special,
+			eventPath = [ elem || document ],
+			type = hasOwn.call( event, "type" ) ? event.type : event,
+			namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : [];
+
+		cur = tmp = elem = elem || document;
+
+		// Don't do events on text and comment nodes
+		if ( elem.nodeType === 3 || elem.nodeType === 8 ) {
+			return;
+		}
+
+		// focus/blur morphs to focusin/out; ensure we're not firing them right now
+		if ( rfocusMorph.test( type + jQuery.event.triggered ) ) {
+			return;
+		}
+
+		if ( type.indexOf( "." ) > -1 ) {
+
+			// Namespaced trigger; create a regexp to match event type in handle()
+			namespaces = type.split( "." );
+			type = namespaces.shift();
+			namespaces.sort();
+		}
+		ontype = type.indexOf( ":" ) < 0 && "on" + type;
+
+		// Caller can pass in a jQuery.Event object, Object, or just an event type string
+		event = event[ jQuery.expando ] ?
+			event :
+			new jQuery.Event( type, typeof event === "object" && event );
+
+		// Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true)
+		event.isTrigger = onlyHandlers ? 2 : 3;
+		event.namespace = namespaces.join( "." );
+		event.rnamespace = event.namespace ?
+			new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) :
+			null;
+
+		// Clean up the event in case it is being reused
+		event.result = undefined;
+		if ( !event.target ) {
+			event.target = elem;
+		}
+
+		// Clone any incoming data and prepend the event, creating the handler arg list
+		data = data == null ?
+			[ event ] :
+			jQuery.makeArray( data, [ event ] );
+
+		// Allow special events to draw outside the lines
+		special = jQuery.event.special[ type ] || {};
+		if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) {
+			return;
+		}
+
+		// Determine event propagation path in advance, per W3C events spec (#9951)
+		// Bubble up to document, then to window; watch for a global ownerDocument var (#9724)
+		if ( !onlyHandlers && !special.noBubble && !jQuery.isWindow( elem ) ) {
+
+			bubbleType = special.delegateType || type;
+			if ( !rfocusMorph.test( bubbleType + type ) ) {
+				cur = cur.parentNode;
+			}
+			for ( ; cur; cur = cur.parentNode ) {
+				eventPath.push( cur );
+				tmp = cur;
+			}
+
+			// Only add window if we got to document (e.g., not plain obj or detached DOM)
+			if ( tmp === ( elem.ownerDocument || document ) ) {
+				eventPath.push( tmp.defaultView || tmp.parentWindow || window );
+			}
+		}
+
+		// Fire handlers on the event path
+		i = 0;
+		while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) {
+
+			event.type = i > 1 ?
+				bubbleType :
+				special.bindType || type;
+
+			// jQuery handler
+			handle = ( dataPriv.get( cur, "events" ) || {} )[ event.type ] &&
+				dataPriv.get( cur, "handle" );
+			if ( handle ) {
+				handle.apply( cur, data );
+			}
+
+			// Native handler
+			handle = ontype && cur[ ontype ];
+			if ( handle && handle.apply && acceptData( cur ) ) {
+				event.result = handle.apply( cur, data );
+				if ( event.result === false ) {
+					event.preventDefault();
+				}
+			}
+		}
+		event.type = type;
+
+		// If nobody prevented the default action, do it now
+		if ( !onlyHandlers && !event.isDefaultPrevented() ) {
+
+			if ( ( !special._default ||
+				special._default.apply( eventPath.pop(), data ) === false ) &&
+				acceptData( elem ) ) {
+
+				// Call a native DOM method on the target with the same name as the event.
+				// Don't do default actions on window, that's where global variables be (#6170)
+				if ( ontype && jQuery.isFunction( elem[ type ] ) && !jQuery.isWindow( elem ) ) {
+
+					// Don't re-trigger an onFOO event when we call its FOO() method
+					tmp = elem[ ontype ];
+
+					if ( tmp ) {
+						elem[ ontype ] = null;
+					}
+
+					// Prevent re-triggering of the same event, since we already bubbled it above
+					jQuery.event.triggered = type;
+					elem[ type ]();
+					jQuery.event.triggered = undefined;
+
+					if ( tmp ) {
+						elem[ ontype ] = tmp;
+					}
+				}
+			}
+		}
+
+		return event.result;
+	},
+
+	// Piggyback on a donor event to simulate a different one
+	// Used only for `focus(in | out)` events
+	simulate: function( type, elem, event ) {
+		var e = jQuery.extend(
+			new jQuery.Event(),
+			event,
+			{
+				type: type,
+				isSimulated: true
+			}
+		);
+
+		jQuery.event.trigger( e, null, elem );
+	}
+
+} );
+
+jQuery.fn.extend( {
+
+	trigger: function( type, data ) {
+		return this.each( function() {
+			jQuery.event.trigger( type, data, this );
+		} );
+	},
+	triggerHandler: function( type, data ) {
+		var elem = this[ 0 ];
+		if ( elem ) {
+			return jQuery.event.trigger( type, data, elem, true );
+		}
+	}
+} );
+
+
+jQuery.each( ( "blur focus focusin focusout resize scroll click dblclick " +
+	"mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " +
+	"change select submit keydown keypress keyup contextmenu" ).split( " " ),
+	function( i, name ) {
+
+	// Handle event binding
+	jQuery.fn[ name ] = function( data, fn ) {
+		return arguments.length > 0 ?
+			this.on( name, null, data, fn ) :
+			this.trigger( name );
+	};
+} );
+
+jQuery.fn.extend( {
+	hover: function( fnOver, fnOut ) {
+		return this.mouseenter( fnOver ).mouseleave( fnOut || fnOver );
+	}
+} );
+
+
+
+
+support.focusin = "onfocusin" in window;
+
+
+// Support: Firefox <=44
+// Firefox doesn't have focus(in | out) events
+// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787
+//
+// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1
+// focus(in | out) events fire after focus & blur events,
+// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order
+// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857
+if ( !support.focusin ) {
+	jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) {
+
+		// Attach a single capturing handler on the document while someone wants focusin/focusout
+		var handler = function( event ) {
+			jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) );
+		};
+
+		jQuery.event.special[ fix ] = {
+			setup: function() {
+				var doc = this.ownerDocument || this,
+					attaches = dataPriv.access( doc, fix );
+
+				if ( !attaches ) {
+					doc.addEventListener( orig, handler, true );
+				}
+				dataPriv.access( doc, fix, ( attaches || 0 ) + 1 );
+			},
+			teardown: function() {
+				var doc = this.ownerDocument || this,
+					attaches = dataPriv.access( doc, fix ) - 1;
+
+				if ( !attaches ) {
+					doc.removeEventListener( orig, handler, true );
+					dataPriv.remove( doc, fix );
+
+				} else {
+					dataPriv.access( doc, fix, attaches );
+				}
+			}
+		};
+	} );
+}
+var location = window.location;
+
+var nonce = jQuery.now();
+
+var rquery = ( /\?/ );
+
+
+
+// Cross-browser xml parsing
+jQuery.parseXML = function( data ) {
+	var xml;
+	if ( !data || typeof data !== "string" ) {
+		return null;
+	}
+
+	// Support: IE 9 - 11 only
+	// IE throws on parseFromString with invalid input.
+	try {
+		xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" );
+	} catch ( e ) {
+		xml = undefined;
+	}
+
+	if ( !xml || xml.getElementsByTagName( "parsererror" ).length ) {
+		jQuery.error( "Invalid XML: " + data );
+	}
+	return xml;
+};
+
+
+var
+	rbracket = /\[\]$/,
+	rCRLF = /\r?\n/g,
+	rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i,
+	rsubmittable = /^(?:input|select|textarea|keygen)/i;
+
+function buildParams( prefix, obj, traditional, add ) {
+	var name;
+
+	if ( Array.isArray( obj ) ) {
+
+		// Serialize array item.
+		jQuery.each( obj, function( i, v ) {
+			if ( traditional || rbracket.test( prefix ) ) {
+
+				// Treat each array item as a scalar.
+				add( prefix, v );
+
+			} else {
+
+				// Item is non-scalar (array or object), encode its numeric index.
+				buildParams(
+					prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]",
+					v,
+					traditional,
+					add
+				);
+			}
+		} );
+
+	} else if ( !traditional && jQuery.type( obj ) === "object" ) {
+
+		// Serialize object item.
+		for ( name in obj ) {
+			buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add );
+		}
+
+	} else {
+
+		// Serialize scalar item.
+		add( prefix, obj );
+	}
+}
+
+// Serialize an array of form elements or a set of
+// key/values into a query string
+jQuery.param = function( a, traditional ) {
+	var prefix,
+		s = [],
+		add = function( key, valueOrFunction ) {
+
+			// If value is a function, invoke it and use its return value
+			var value = jQuery.isFunction( valueOrFunction ) ?
+				valueOrFunction() :
+				valueOrFunction;
+
+			s[ s.length ] = encodeURIComponent( key ) + "=" +
+				encodeURIComponent( value == null ? "" : value );
+		};
+
+	// If an array was passed in, assume that it is an array of form elements.
+	if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) {
+
+		// Serialize the form elements
+		jQuery.each( a, function() {
+			add( this.name, this.value );
+		} );
+
+	} else {
+
+		// If traditional, encode the "old" way (the way 1.3.2 or older
+		// did it), otherwise encode params recursively.
+		for ( prefix in a ) {
+			buildParams( prefix, a[ prefix ], traditional, add );
+		}
+	}
+
+	// Return the resulting serialization
+	return s.join( "&" );
+};
+
+jQuery.fn.extend( {
+	serialize: function() {
+		return jQuery.param( this.serializeArray() );
+	},
+	serializeArray: function() {
+		return this.map( function() {
+
+			// Can add propHook for "elements" to filter or add form elements
+			var elements = jQuery.prop( this, "elements" );
+			return elements ? jQuery.makeArray( elements ) : this;
+		} )
+		.filter( function() {
+			var type = this.type;
+
+			// Use .is( ":disabled" ) so that fieldset[disabled] works
+			return this.name && !jQuery( this ).is( ":disabled" ) &&
+				rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) &&
+				( this.checked || !rcheckableType.test( type ) );
+		} )
+		.map( function( i, elem ) {
+			var val = jQuery( this ).val();
+
+			if ( val == null ) {
+				return null;
+			}
+
+			if ( Array.isArray( val ) ) {
+				return jQuery.map( val, function( val ) {
+					return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
+				} );
+			}
+
+			return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
+		} ).get();
+	}
+} );
+
+
+var
+	r20 = /%20/g,
+	rhash = /#.*$/,
+	rantiCache = /([?&])_=[^&]*/,
+	rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg,
+
+	// #7653, #8125, #8152: local protocol detection
+	rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/,
+	rnoContent = /^(?:GET|HEAD)$/,
+	rprotocol = /^\/\//,
+
+	/* Prefilters
+	 * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example)
+	 * 2) These are called:
+	 *    - BEFORE asking for a transport
+	 *    - AFTER param serialization (s.data is a string if s.processData is true)
+	 * 3) key is the dataType
+	 * 4) the catchall symbol "*" can be used
+	 * 5) execution will start with transport dataType and THEN continue down to "*" if needed
+	 */
+	prefilters = {},
+
+	/* Transports bindings
+	 * 1) key is the dataType
+	 * 2) the catchall symbol "*" can be used
+	 * 3) selection will start with transport dataType and THEN go to "*" if needed
+	 */
+	transports = {},
+
+	// Avoid comment-prolog char sequence (#10098); must appease lint and evade compression
+	allTypes = "*/".concat( "*" ),
+
+	// Anchor tag for parsing the document origin
+	originAnchor = document.createElement( "a" );
+	originAnchor.href = location.href;
+
+// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport
+function addToPrefiltersOrTransports( structure ) {
+
+	// dataTypeExpression is optional and defaults to "*"
+	return function( dataTypeExpression, func ) {
+
+		if ( typeof dataTypeExpression !== "string" ) {
+			func = dataTypeExpression;
+			dataTypeExpression = "*";
+		}
+
+		var dataType,
+			i = 0,
+			dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || [];
+
+		if ( jQuery.isFunction( func ) ) {
+
+			// For each dataType in the dataTypeExpression
+			while ( ( dataType = dataTypes[ i++ ] ) ) {
+
+				// Prepend if requested
+				if ( dataType[ 0 ] === "+" ) {
+					dataType = dataType.slice( 1 ) || "*";
+					( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func );
+
+				// Otherwise append
+				} else {
+					( structure[ dataType ] = structure[ dataType ] || [] ).push( func );
+				}
+			}
+		}
+	};
+}
+
+// Base inspection function for prefilters and transports
+function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) {
+
+	var inspected = {},
+		seekingTransport = ( structure === transports );
+
+	function inspect( dataType ) {
+		var selected;
+		inspected[ dataType ] = true;
+		jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) {
+			var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR );
+			if ( typeof dataTypeOrTransport === "string" &&
+				!seekingTransport && !inspected[ dataTypeOrTransport ] ) {
+
+				options.dataTypes.unshift( dataTypeOrTransport );
+				inspect( dataTypeOrTransport );
+				return false;
+			} else if ( seekingTransport ) {
+				return !( selected = dataTypeOrTransport );
+			}
+		} );
+		return selected;
+	}
+
+	return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" );
+}
+
+// A special extend for ajax options
+// that takes "flat" options (not to be deep extended)
+// Fixes #9887
+function ajaxExtend( target, src ) {
+	var key, deep,
+		flatOptions = jQuery.ajaxSettings.flatOptions || {};
+
+	for ( key in src ) {
+		if ( src[ key ] !== undefined ) {
+			( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ];
+		}
+	}
+	if ( deep ) {
+		jQuery.extend( true, target, deep );
+	}
+
+	return target;
+}
+
+/* Handles responses to an ajax request:
+ * - finds the right dataType (mediates between content-type and expected dataType)
+ * - returns the corresponding response
+ */
+function ajaxHandleResponses( s, jqXHR, responses ) {
+
+	var ct, type, finalDataType, firstDataType,
+		contents = s.contents,
+		dataTypes = s.dataTypes;
+
+	// Remove auto dataType and get content-type in the process
+	while ( dataTypes[ 0 ] === "*" ) {
+		dataTypes.shift();
+		if ( ct === undefined ) {
+			ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" );
+		}
+	}
+
+	// Check if we're dealing with a known content-type
+	if ( ct ) {
+		for ( type in contents ) {
+			if ( contents[ type ] && contents[ type ].test( ct ) ) {
+				dataTypes.unshift( type );
+				break;
+			}
+		}
+	}
+
+	// Check to see if we have a response for the expected dataType
+	if ( dataTypes[ 0 ] in responses ) {
+		finalDataType = dataTypes[ 0 ];
+	} else {
+
+		// Try convertible dataTypes
+		for ( type in responses ) {
+			if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) {
+				finalDataType = type;
+				break;
+			}
+			if ( !firstDataType ) {
+				firstDataType = type;
+			}
+		}
+
+		// Or just use first one
+		finalDataType = finalDataType || firstDataType;
+	}
+
+	// If we found a dataType
+	// We add the dataType to the list if needed
+	// and return the corresponding response
+	if ( finalDataType ) {
+		if ( finalDataType !== dataTypes[ 0 ] ) {
+			dataTypes.unshift( finalDataType );
+		}
+		return responses[ finalDataType ];
+	}
+}
+
+/* Chain conversions given the request and the original response
+ * Also sets the responseXXX fields on the jqXHR instance
+ */
+function ajaxConvert( s, response, jqXHR, isSuccess ) {
+	var conv2, current, conv, tmp, prev,
+		converters = {},
+
+		// Work with a copy of dataTypes in case we need to modify it for conversion
+		dataTypes = s.dataTypes.slice();
+
+	// Create converters map with lowercased keys
+	if ( dataTypes[ 1 ] ) {
+		for ( conv in s.converters ) {
+			converters[ conv.toLowerCase() ] = s.converters[ conv ];
+		}
+	}
+
+	current = dataTypes.shift();
+
+	// Convert to each sequential dataType
+	while ( current ) {
+
+		if ( s.responseFields[ current ] ) {
+			jqXHR[ s.responseFields[ current ] ] = response;
+		}
+
+		// Apply the dataFilter if provided
+		if ( !prev && isSuccess && s.dataFilter ) {
+			response = s.dataFilter( response, s.dataType );
+		}
+
+		prev = current;
+		current = dataTypes.shift();
+
+		if ( current ) {
+
+			// There's only work to do if current dataType is non-auto
+			if ( current === "*" ) {
+
+				current = prev;
+
+			// Convert response if prev dataType is non-auto and differs from current
+			} else if ( prev !== "*" && prev !== current ) {
+
+				// Seek a direct converter
+				conv = converters[ prev + " " + current ] || converters[ "* " + current ];
+
+				// If none found, seek a pair
+				if ( !conv ) {
+					for ( conv2 in converters ) {
+
+						// If conv2 outputs current
+						tmp = conv2.split( " " );
+						if ( tmp[ 1 ] === current ) {
+
+							// If prev can be converted to accepted input
+							conv = converters[ prev + " " + tmp[ 0 ] ] ||
+								converters[ "* " + tmp[ 0 ] ];
+							if ( conv ) {
+
+								// Condense equivalence converters
+								if ( conv === true ) {
+									conv = converters[ conv2 ];
+
+								// Otherwise, insert the intermediate dataType
+								} else if ( converters[ conv2 ] !== true ) {
+									current = tmp[ 0 ];
+									dataTypes.unshift( tmp[ 1 ] );
+								}
+								break;
+							}
+						}
+					}
+				}
+
+				// Apply converter (if not an equivalence)
+				if ( conv !== true ) {
+
+					// Unless errors are allowed to bubble, catch and return them
+					if ( conv && s.throws ) {
+						response = conv( response );
+					} else {
+						try {
+							response = conv( response );
+						} catch ( e ) {
+							return {
+								state: "parsererror",
+								error: conv ? e : "No conversion from " + prev + " to " + current
+							};
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return { state: "success", data: response };
+}
+
+jQuery.extend( {
+
+	// Counter for holding the number of active queries
+	active: 0,
+
+	// Last-Modified header cache for next request
+	lastModified: {},
+	etag: {},
+
+	ajaxSettings: {
+		url: location.href,
+		type: "GET",
+		isLocal: rlocalProtocol.test( location.protocol ),
+		global: true,
+		processData: true,
+		async: true,
+		contentType: "application/x-www-form-urlencoded; charset=UTF-8",
+
+		/*
+		timeout: 0,
+		data: null,
+		dataType: null,
+		username: null,
+		password: null,
+		cache: null,
+		throws: false,
+		traditional: false,
+		headers: {},
+		*/
+
+		accepts: {
+			"*": allTypes,
+			text: "text/plain",
+			html: "text/html",
+			xml: "application/xml, text/xml",
+			json: "application/json, text/javascript"
+		},
+
+		contents: {
+			xml: /\bxml\b/,
+			html: /\bhtml/,
+			json: /\bjson\b/
+		},
+
+		responseFields: {
+			xml: "responseXML",
+			text: "responseText",
+			json: "responseJSON"
+		},
+
+		// Data converters
+		// Keys separate source (or catchall "*") and destination types with a single space
+		converters: {
+
+			// Convert anything to text
+			"* text": String,
+
+			// Text to html (true = no transformation)
+			"text html": true,
+
+			// Evaluate text as a json expression
+			"text json": JSON.parse,
+
+			// Parse text as xml
+			"text xml": jQuery.parseXML
+		},
+
+		// For options that shouldn't be deep extended:
+		// you can add your own custom options here if
+		// and when you create one that shouldn't be
+		// deep extended (see ajaxExtend)
+		flatOptions: {
+			url: true,
+			context: true
+		}
+	},
+
+	// Creates a full fledged settings object into target
+	// with both ajaxSettings and settings fields.
+	// If target is omitted, writes into ajaxSettings.
+	ajaxSetup: function( target, settings ) {
+		return settings ?
+
+			// Building a settings object
+			ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) :
+
+			// Extending ajaxSettings
+			ajaxExtend( jQuery.ajaxSettings, target );
+	},
+
+	ajaxPrefilter: addToPrefiltersOrTransports( prefilters ),
+	ajaxTransport: addToPrefiltersOrTransports( transports ),
+
+	// Main method
+	ajax: function( url, options ) {
+
+		// If url is an object, simulate pre-1.5 signature
+		if ( typeof url === "object" ) {
+			options = url;
+			url = undefined;
+		}
+
+		// Force options to be an object
+		options = options || {};
+
+		var transport,
+
+			// URL without anti-cache param
+			cacheURL,
+
+			// Response headers
+			responseHeadersString,
+			responseHeaders,
+
+			// timeout handle
+			timeoutTimer,
+
+			// Url cleanup var
+			urlAnchor,
+
+			// Request state (becomes false upon send and true upon completion)
+			completed,
+
+			// To know if global events are to be dispatched
+			fireGlobals,
+
+			// Loop variable
+			i,
+
+			// uncached part of the url
+			uncached,
+
+			// Create the final options object
+			s = jQuery.ajaxSetup( {}, options ),
+
+			// Callbacks context
+			callbackContext = s.context || s,
+
+			// Context for global events is callbackContext if it is a DOM node or jQuery collection
+			globalEventContext = s.context &&
+				( callbackContext.nodeType || callbackContext.jquery ) ?
+					jQuery( callbackContext ) :
+					jQuery.event,
+
+			// Deferreds
+			deferred = jQuery.Deferred(),
+			completeDeferred = jQuery.Callbacks( "once memory" ),
+
+			// Status-dependent callbacks
+			statusCode = s.statusCode || {},
+
+			// Headers (they are sent all at once)
+			requestHeaders = {},
+			requestHeadersNames = {},
+
+			// Default abort message
+			strAbort = "canceled",
+
+			// Fake xhr
+			jqXHR = {
+				readyState: 0,
+
+				// Builds headers hashtable if needed
+				getResponseHeader: function( key ) {
+					var match;
+					if ( completed ) {
+						if ( !responseHeaders ) {
+							responseHeaders = {};
+							while ( ( match = rheaders.exec( responseHeadersString ) ) ) {
+								responseHeaders[ match[ 1 ].toLowerCase() ] = match[ 2 ];
+							}
+						}
+						match = responseHeaders[ key.toLowerCase() ];
+					}
+					return match == null ? null : match;
+				},
+
+				// Raw string
+				getAllResponseHeaders: function() {
+					return completed ? responseHeadersString : null;
+				},
+
+				// Caches the header
+				setRequestHeader: function( name, value ) {
+					if ( completed == null ) {
+						name = requestHeadersNames[ name.toLowerCase() ] =
+							requestHeadersNames[ name.toLowerCase() ] || name;
+						requestHeaders[ name ] = value;
+					}
+					return this;
+				},
+
+				// Overrides response content-type header
+				overrideMimeType: function( type ) {
+					if ( completed == null ) {
+						s.mimeType = type;
+					}
+					return this;
+				},
+
+				// Status-dependent callbacks
+				statusCode: function( map ) {
+					var code;
+					if ( map ) {
+						if ( completed ) {
+
+							// Execute the appropriate callbacks
+							jqXHR.always( map[ jqXHR.status ] );
+						} else {
+
+							// Lazy-add the new callbacks in a way that preserves old ones
+							for ( code in map ) {
+								statusCode[ code ] = [ statusCode[ code ], map[ code ] ];
+							}
+						}
+					}
+					return this;
+				},
+
+				// Cancel the request
+				abort: function( statusText ) {
+					var finalText = statusText || strAbort;
+					if ( transport ) {
+						transport.abort( finalText );
+					}
+					done( 0, finalText );
+					return this;
+				}
+			};
+
+		// Attach deferreds
+		deferred.promise( jqXHR );
+
+		// Add protocol if not provided (prefilters might expect it)
+		// Handle falsy url in the settings object (#10093: consistency with old signature)
+		// We also use the url parameter if available
+		s.url = ( ( url || s.url || location.href ) + "" )
+			.replace( rprotocol, location.protocol + "//" );
+
+		// Alias method option to type as per ticket #12004
+		s.type = options.method || options.type || s.method || s.type;
+
+		// Extract dataTypes list
+		s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ];
+
+		// A cross-domain request is in order when the origin doesn't match the current origin.
+		if ( s.crossDomain == null ) {
+			urlAnchor = document.createElement( "a" );
+
+			// Support: IE <=8 - 11, Edge 12 - 13
+			// IE throws exception on accessing the href property if url is malformed,
+			// e.g. http://example.com:80x/
+			try {
+				urlAnchor.href = s.url;
+
+				// Support: IE <=8 - 11 only
+				// Anchor's host property isn't correctly set when s.url is relative
+				urlAnchor.href = urlAnchor.href;
+				s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !==
+					urlAnchor.protocol + "//" + urlAnchor.host;
+			} catch ( e ) {
+
+				// If there is an error parsing the URL, assume it is crossDomain,
+				// it can be rejected by the transport if it is invalid
+				s.crossDomain = true;
+			}
+		}
+
+		// Convert data if not already a string
+		if ( s.data && s.processData && typeof s.data !== "string" ) {
+			s.data = jQuery.param( s.data, s.traditional );
+		}
+
+		// Apply prefilters
+		inspectPrefiltersOrTransports( prefilters, s, options, jqXHR );
+
+		// If request was aborted inside a prefilter, stop there
+		if ( completed ) {
+			return jqXHR;
+		}
+
+		// We can fire global events as of now if asked to
+		// Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118)
+		fireGlobals = jQuery.event && s.global;
+
+		// Watch for a new set of requests
+		if ( fireGlobals && jQuery.active++ === 0 ) {
+			jQuery.event.trigger( "ajaxStart" );
+		}
+
+		// Uppercase the type
+		s.type = s.type.toUpperCase();
+
+		// Determine if request has content
+		s.hasContent = !rnoContent.test( s.type );
+
+		// Save the URL in case we're toying with the If-Modified-Since
+		// and/or If-None-Match header later on
+		// Remove hash to simplify url manipulation
+		cacheURL = s.url.replace( rhash, "" );
+
+		// More options handling for requests with no content
+		if ( !s.hasContent ) {
+
+			// Remember the hash so we can put it back
+			uncached = s.url.slice( cacheURL.length );
+
+			// If data is available, append data to url
+			if ( s.data ) {
+				cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data;
+
+				// #9682: remove data so that it's not used in an eventual retry
+				delete s.data;
+			}
+
+			// Add or update anti-cache param if needed
+			if ( s.cache === false ) {
+				cacheURL = cacheURL.replace( rantiCache, "$1" );
+				uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce++ ) + uncached;
+			}
+
+			// Put hash and anti-cache on the URL that will be requested (gh-1732)
+			s.url = cacheURL + uncached;
+
+		// Change '%20' to '+' if this is encoded form body content (gh-2658)
+		} else if ( s.data && s.processData &&
+			( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) {
+			s.data = s.data.replace( r20, "+" );
+		}
+
+		// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
+		if ( s.ifModified ) {
+			if ( jQuery.lastModified[ cacheURL ] ) {
+				jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] );
+			}
+			if ( jQuery.etag[ cacheURL ] ) {
+				jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] );
+			}
+		}
+
+		// Set the correct header, if data is being sent
+		if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) {
+			jqXHR.setRequestHeader( "Content-Type", s.contentType );
+		}
+
+		// Set the Accepts header for the server, depending on the dataType
+		jqXHR.setRequestHeader(
+			"Accept",
+			s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ?
+				s.accepts[ s.dataTypes[ 0 ] ] +
+					( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) :
+				s.accepts[ "*" ]
+		);
+
+		// Check for headers option
+		for ( i in s.headers ) {
+			jqXHR.setRequestHeader( i, s.headers[ i ] );
+		}
+
+		// Allow custom headers/mimetypes and early abort
+		if ( s.beforeSend &&
+			( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) {
+
+			// Abort if not done already and return
+			return jqXHR.abort();
+		}
+
+		// Aborting is no longer a cancellation
+		strAbort = "abort";
+
+		// Install callbacks on deferreds
+		completeDeferred.add( s.complete );
+		jqXHR.done( s.success );
+		jqXHR.fail( s.error );
+
+		// Get transport
+		transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR );
+
+		// If no transport, we auto-abort
+		if ( !transport ) {
+			done( -1, "No Transport" );
+		} else {
+			jqXHR.readyState = 1;
+
+			// Send global event
+			if ( fireGlobals ) {
+				globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] );
+			}
+
+			// If request was aborted inside ajaxSend, stop there
+			if ( completed ) {
+				return jqXHR;
+			}
+
+			// Timeout
+			if ( s.async && s.timeout > 0 ) {
+				timeoutTimer = window.setTimeout( function() {
+					jqXHR.abort( "timeout" );
+				}, s.timeout );
+			}
+
+			try {
+				completed = false;
+				transport.send( requestHeaders, done );
+			} catch ( e ) {
+
+				// Rethrow post-completion exceptions
+				if ( completed ) {
+					throw e;
+				}
+
+				// Propagate others as results
+				done( -1, e );
+			}
+		}
+
+		// Callback for when everything is done
+		function done( status, nativeStatusText, responses, headers ) {
+			var isSuccess, success, error, response, modified,
+				statusText = nativeStatusText;
+
+			// Ignore repeat invocations
+			if ( completed ) {
+				return;
+			}
+
+			completed = true;
+
+			// Clear timeout if it exists
+			if ( timeoutTimer ) {
+				window.clearTimeout( timeoutTimer );
+			}
+
+			// Dereference transport for early garbage collection
+			// (no matter how long the jqXHR object will be used)
+			transport = undefined;
+
+			// Cache response headers
+			responseHeadersString = headers || "";
+
+			// Set readyState
+			jqXHR.readyState = status > 0 ? 4 : 0;
+
+			// Determine if successful
+			isSuccess = status >= 200 && status < 300 || status === 304;
+
+			// Get response data
+			if ( responses ) {
+				response = ajaxHandleResponses( s, jqXHR, responses );
+			}
+
+			// Convert no matter what (that way responseXXX fields are always set)
+			response = ajaxConvert( s, response, jqXHR, isSuccess );
+
+			// If successful, handle type chaining
+			if ( isSuccess ) {
+
+				// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
+				if ( s.ifModified ) {
+					modified = jqXHR.getResponseHeader( "Last-Modified" );
+					if ( modified ) {
+						jQuery.lastModified[ cacheURL ] = modified;
+					}
+					modified = jqXHR.getResponseHeader( "etag" );
+					if ( modified ) {
+						jQuery.etag[ cacheURL ] = modified;
+					}
+				}
+
+				// if no content
+				if ( status === 204 || s.type === "HEAD" ) {
+					statusText = "nocontent";
+
+				// if not modified
+				} else if ( status === 304 ) {
+					statusText = "notmodified";
+
+				// If we have data, let's convert it
+				} else {
+					statusText = response.state;
+					success = response.data;
+					error = response.error;
+					isSuccess = !error;
+				}
+			} else {
+
+				// Extract error from statusText and normalize for non-aborts
+				error = statusText;
+				if ( status || !statusText ) {
+					statusText = "error";
+					if ( status < 0 ) {
+						status = 0;
+					}
+				}
+			}
+
+			// Set data for the fake xhr object
+			jqXHR.status = status;
+			jqXHR.statusText = ( nativeStatusText || statusText ) + "";
+
+			// Success/Error
+			if ( isSuccess ) {
+				deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] );
+			} else {
+				deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] );
+			}
+
+			// Status-dependent callbacks
+			jqXHR.statusCode( statusCode );
+			statusCode = undefined;
+
+			if ( fireGlobals ) {
+				globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError",
+					[ jqXHR, s, isSuccess ? success : error ] );
+			}
+
+			// Complete
+			completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] );
+
+			if ( fireGlobals ) {
+				globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] );
+
+				// Handle the global AJAX counter
+				if ( !( --jQuery.active ) ) {
+					jQuery.event.trigger( "ajaxStop" );
+				}
+			}
+		}
+
+		return jqXHR;
+	},
+
+	getJSON: function( url, data, callback ) {
+		return jQuery.get( url, data, callback, "json" );
+	},
+
+	getScript: function( url, callback ) {
+		return jQuery.get( url, undefined, callback, "script" );
+	}
+} );
+
+jQuery.each( [ "get", "post" ], function( i, method ) {
+	jQuery[ method ] = function( url, data, callback, type ) {
+
+		// Shift arguments if data argument was omitted
+		if ( jQuery.isFunction( data ) ) {
+			type = type || callback;
+			callback = data;
+			data = undefined;
+		}
+
+		// The url can be an options object (which then must have .url)
+		return jQuery.ajax( jQuery.extend( {
+			url: url,
+			type: method,
+			dataType: type,
+			data: data,
+			success: callback
+		}, jQuery.isPlainObject( url ) && url ) );
+	};
+} );
+
+
+jQuery._evalUrl = function( url ) {
+	return jQuery.ajax( {
+		url: url,
+
+		// Make this explicit, since user can override this through ajaxSetup (#11264)
+		type: "GET",
+		dataType: "script",
+		cache: true,
+		async: false,
+		global: false,
+		"throws": true
+	} );
+};
+
+
+jQuery.fn.extend( {
+	wrapAll: function( html ) {
+		var wrap;
+
+		if ( this[ 0 ] ) {
+			if ( jQuery.isFunction( html ) ) {
+				html = html.call( this[ 0 ] );
+			}
+
+			// The elements to wrap the target around
+			wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true );
+
+			if ( this[ 0 ].parentNode ) {
+				wrap.insertBefore( this[ 0 ] );
+			}
+
+			wrap.map( function() {
+				var elem = this;
+
+				while ( elem.firstElementChild ) {
+					elem = elem.firstElementChild;
+				}
+
+				return elem;
+			} ).append( this );
+		}
+
+		return this;
+	},
+
+	wrapInner: function( html ) {
+		if ( jQuery.isFunction( html ) ) {
+			return this.each( function( i ) {
+				jQuery( this ).wrapInner( html.call( this, i ) );
+			} );
+		}
+
+		return this.each( function() {
+			var self = jQuery( this ),
+				contents = self.contents();
+
+			if ( contents.length ) {
+				contents.wrapAll( html );
+
+			} else {
+				self.append( html );
+			}
+		} );
+	},
+
+	wrap: function( html ) {
+		var isFunction = jQuery.isFunction( html );
+
+		return this.each( function( i ) {
+			jQuery( this ).wrapAll( isFunction ? html.call( this, i ) : html );
+		} );
+	},
+
+	unwrap: function( selector ) {
+		this.parent( selector ).not( "body" ).each( function() {
+			jQuery( this ).replaceWith( this.childNodes );
+		} );
+		return this;
+	}
+} );
+
+
+jQuery.expr.pseudos.hidden = function( elem ) {
+	return !jQuery.expr.pseudos.visible( elem );
+};
+jQuery.expr.pseudos.visible = function( elem ) {
+	return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length );
+};
+
+
+
+
+jQuery.ajaxSettings.xhr = function() {
+	try {
+		return new window.XMLHttpRequest();
+	} catch ( e ) {}
+};
+
+var xhrSuccessStatus = {
+
+		// File protocol always yields status code 0, assume 200
+		0: 200,
+
+		// Support: IE <=9 only
+		// #1450: sometimes IE returns 1223 when it should be 204
+		1223: 204
+	},
+	xhrSupported = jQuery.ajaxSettings.xhr();
+
+support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported );
+support.ajax = xhrSupported = !!xhrSupported;
+
+jQuery.ajaxTransport( function( options ) {
+	var callback, errorCallback;
+
+	// Cross domain only allowed if supported through XMLHttpRequest
+	if ( support.cors || xhrSupported && !options.crossDomain ) {
+		return {
+			send: function( headers, complete ) {
+				var i,
+					xhr = options.xhr();
+
+				xhr.open(
+					options.type,
+					options.url,
+					options.async,
+					options.username,
+					options.password
+				);
+
+				// Apply custom fields if provided
+				if ( options.xhrFields ) {
+					for ( i in options.xhrFields ) {
+						xhr[ i ] = options.xhrFields[ i ];
+					}
+				}
+
+				// Override mime type if needed
+				if ( options.mimeType && xhr.overrideMimeType ) {
+					xhr.overrideMimeType( options.mimeType );
+				}
+
+				// X-Requested-With header
+				// For cross-domain requests, seeing as conditions for a preflight are
+				// akin to a jigsaw puzzle, we simply never set it to be sure.
+				// (it can always be set on a per-request basis or even using ajaxSetup)
+				// For same-domain requests, won't change header if already provided.
+				if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) {
+					headers[ "X-Requested-With" ] = "XMLHttpRequest";
+				}
+
+				// Set headers
+				for ( i in headers ) {
+					xhr.setRequestHeader( i, headers[ i ] );
+				}
+
+				// Callback
+				callback = function( type ) {
+					return function() {
+						if ( callback ) {
+							callback = errorCallback = xhr.onload =
+								xhr.onerror = xhr.onabort = xhr.onreadystatechange = null;
+
+							if ( type === "abort" ) {
+								xhr.abort();
+							} else if ( type === "error" ) {
+
+								// Support: IE <=9 only
+								// On a manual native abort, IE9 throws
+								// errors on any property access that is not readyState
+								if ( typeof xhr.status !== "number" ) {
+									complete( 0, "error" );
+								} else {
+									complete(
+
+										// File: protocol always yields status 0; see #8605, #14207
+										xhr.status,
+										xhr.statusText
+									);
+								}
+							} else {
+								complete(
+									xhrSuccessStatus[ xhr.status ] || xhr.status,
+									xhr.statusText,
+
+									// Support: IE <=9 only
+									// IE9 has no XHR2 but throws on binary (trac-11426)
+									// For XHR2 non-text, let the caller handle it (gh-2498)
+									( xhr.responseType || "text" ) !== "text"  ||
+									typeof xhr.responseText !== "string" ?
+										{ binary: xhr.response } :
+										{ text: xhr.responseText },
+									xhr.getAllResponseHeaders()
+								);
+							}
+						}
+					};
+				};
+
+				// Listen to events
+				xhr.onload = callback();
+				errorCallback = xhr.onerror = callback( "error" );
+
+				// Support: IE 9 only
+				// Use onreadystatechange to replace onabort
+				// to handle uncaught aborts
+				if ( xhr.onabort !== undefined ) {
+					xhr.onabort = errorCallback;
+				} else {
+					xhr.onreadystatechange = function() {
+
+						// Check readyState before timeout as it changes
+						if ( xhr.readyState === 4 ) {
+
+							// Allow onerror to be called first,
+							// but that will not handle a native abort
+							// Also, save errorCallback to a variable
+							// as xhr.onerror cannot be accessed
+							window.setTimeout( function() {
+								if ( callback ) {
+									errorCallback();
+								}
+							} );
+						}
+					};
+				}
+
+				// Create the abort callback
+				callback = callback( "abort" );
+
+				try {
+
+					// Do send the request (this may raise an exception)
+					xhr.send( options.hasContent && options.data || null );
+				} catch ( e ) {
+
+					// #14683: Only rethrow if this hasn't been notified as an error yet
+					if ( callback ) {
+						throw e;
+					}
+				}
+			},
+
+			abort: function() {
+				if ( callback ) {
+					callback();
+				}
+			}
+		};
+	}
+} );
+
+
+
+
+// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
+jQuery.ajaxPrefilter( function( s ) {
+	if ( s.crossDomain ) {
+		s.contents.script = false;
+	}
+} );
+
+// Install script dataType
+jQuery.ajaxSetup( {
+	accepts: {
+		script: "text/javascript, application/javascript, " +
+			"application/ecmascript, application/x-ecmascript"
+	},
+	contents: {
+		script: /\b(?:java|ecma)script\b/
+	},
+	converters: {
+		"text script": function( text ) {
+			jQuery.globalEval( text );
+			return text;
+		}
+	}
+} );
+
+// Handle cache's special case and crossDomain
+jQuery.ajaxPrefilter( "script", function( s ) {
+	if ( s.cache === undefined ) {
+		s.cache = false;
+	}
+	if ( s.crossDomain ) {
+		s.type = "GET";
+	}
+} );
+
+// Bind script tag hack transport
+jQuery.ajaxTransport( "script", function( s ) {
+
+	// This transport only deals with cross domain requests
+	if ( s.crossDomain ) {
+		var script, callback;
+		return {
+			send: function( _, complete ) {
+				script = jQuery( "<script>" ).prop( {
+					charset: s.scriptCharset,
+					src: s.url
+				} ).on(
+					"load error",
+					callback = function( evt ) {
+						script.remove();
+						callback = null;
+						if ( evt ) {
+							complete( evt.type === "error" ? 404 : 200, evt.type );
+						}
+					}
+				);
+
+				// Use native DOM manipulation to avoid our domManip AJAX trickery
+				document.head.appendChild( script[ 0 ] );
+			},
+			abort: function() {
+				if ( callback ) {
+					callback();
+				}
+			}
+		};
+	}
+} );
+
+
+
+
+var oldCallbacks = [],
+	rjsonp = /(=)\?(?=&|$)|\?\?/;
+
+// Default jsonp settings
+jQuery.ajaxSetup( {
+	jsonp: "callback",
+	jsonpCallback: function() {
+		var callback = oldCallbacks.pop() || ( jQuery.expando + "_" + ( nonce++ ) );
+		this[ callback ] = true;
+		return callback;
+	}
+} );
+
+// Detect, normalize options and install callbacks for jsonp requests
+jQuery.ajaxPrefilter( "json jsonp", function( s, originalSettings, jqXHR ) {
+
+	var callbackName, overwritten, responseContainer,
+		jsonProp = s.jsonp !== false && ( rjsonp.test( s.url ) ?
+			"url" :
+			typeof s.data === "string" &&
+				( s.contentType || "" )
+					.indexOf( "application/x-www-form-urlencoded" ) === 0 &&
+				rjsonp.test( s.data ) && "data"
+		);
+
+	// Handle iff the expected data type is "jsonp" or we have a parameter to set
+	if ( jsonProp || s.dataTypes[ 0 ] === "jsonp" ) {
+
+		// Get callback name, remembering preexisting value associated with it
+		callbackName = s.jsonpCallback = jQuery.isFunction( s.jsonpCallback ) ?
+			s.jsonpCallback() :
+			s.jsonpCallback;
+
+		// Insert callback into url or form data
+		if ( jsonProp ) {
+			s[ jsonProp ] = s[ jsonProp ].replace( rjsonp, "$1" + callbackName );
+		} else if ( s.jsonp !== false ) {
+			s.url += ( rquery.test( s.url ) ? "&" : "?" ) + s.jsonp + "=" + callbackName;
+		}
+
+		// Use data converter to retrieve json after script execution
+		s.converters[ "script json" ] = function() {
+			if ( !responseContainer ) {
+				jQuery.error( callbackName + " was not called" );
+			}
+			return responseContainer[ 0 ];
+		};
+
+		// Force json dataType
+		s.dataTypes[ 0 ] = "json";
+
+		// Install callback
+		overwritten = window[ callbackName ];
+		window[ callbackName ] = function() {
+			responseContainer = arguments;
+		};
+
+		// Clean-up function (fires after converters)
+		jqXHR.always( function() {
+
+			// If previous value didn't exist - remove it
+			if ( overwritten === undefined ) {
+				jQuery( window ).removeProp( callbackName );
+
+			// Otherwise restore preexisting value
+			} else {
+				window[ callbackName ] = overwritten;
+			}
+
+			// Save back as free
+			if ( s[ callbackName ] ) {
+
+				// Make sure that re-using the options doesn't screw things around
+				s.jsonpCallback = originalSettings.jsonpCallback;
+
+				// Save the callback name for future use
+				oldCallbacks.push( callbackName );
+			}
+
+			// Call if it was a function and we have a response
+			if ( responseContainer && jQuery.isFunction( overwritten ) ) {
+				overwritten( responseContainer[ 0 ] );
+			}
+
+			responseContainer = overwritten = undefined;
+		} );
+
+		// Delegate to script
+		return "script";
+	}
+} );
+
+
+
+
+// Support: Safari 8 only
+// In Safari 8 documents created via document.implementation.createHTMLDocument
+// collapse sibling forms: the second one becomes a child of the first one.
+// Because of that, this security measure has to be disabled in Safari 8.
+// https://bugs.webkit.org/show_bug.cgi?id=137337
+support.createHTMLDocument = ( function() {
+	var body = document.implementation.createHTMLDocument( "" ).body;
+	body.innerHTML = "<form></form><form></form>";
+	return body.childNodes.length === 2;
+} )();
+
+
+// Argument "data" should be string of html
+// context (optional): If specified, the fragment will be created in this context,
+// defaults to document
+// keepScripts (optional): If true, will include scripts passed in the html string
+jQuery.parseHTML = function( data, context, keepScripts ) {
+	if ( typeof data !== "string" ) {
+		return [];
+	}
+	if ( typeof context === "boolean" ) {
+		keepScripts = context;
+		context = false;
+	}
+
+	var base, parsed, scripts;
+
+	if ( !context ) {
+
+		// Stop scripts or inline event handlers from being executed immediately
+		// by using document.implementation
+		if ( support.createHTMLDocument ) {
+			context = document.implementation.createHTMLDocument( "" );
+
+			// Set the base href for the created document
+			// so any parsed elements with URLs
+			// are based on the document's URL (gh-2965)
+			base = context.createElement( "base" );
+			base.href = document.location.href;
+			context.head.appendChild( base );
+		} else {
+			context = document;
+		}
+	}
+
+	parsed = rsingleTag.exec( data );
+	scripts = !keepScripts && [];
+
+	// Single tag
+	if ( parsed ) {
+		return [ context.createElement( parsed[ 1 ] ) ];
+	}
+
+	parsed = buildFragment( [ data ], context, scripts );
+
+	if ( scripts && scripts.length ) {
+		jQuery( scripts ).remove();
+	}
+
+	return jQuery.merge( [], parsed.childNodes );
+};
+
+
+/**
+ * Load a url into a page
+ */
+jQuery.fn.load = function( url, params, callback ) {
+	var selector, type, response,
+		self = this,
+		off = url.indexOf( " " );
+
+	if ( off > -1 ) {
+		selector = stripAndCollapse( url.slice( off ) );
+		url = url.slice( 0, off );
+	}
+
+	// If it's a function
+	if ( jQuery.isFunction( params ) ) {
+
+		// We assume that it's the callback
+		callback = params;
+		params = undefined;
+
+	// Otherwise, build a param string
+	} else if ( params && typeof params === "object" ) {
+		type = "POST";
+	}
+
+	// If we have elements to modify, make the request
+	if ( self.length > 0 ) {
+		jQuery.ajax( {
+			url: url,
+
+			// If "type" variable is undefined, then "GET" method will be used.
+			// Make value of this field explicit since
+			// user can override it through ajaxSetup method
+			type: type || "GET",
+			dataType: "html",
+			data: params
+		} ).done( function( responseText ) {
+
+			// Save response for use in complete callback
+			response = arguments;
+
+			self.html( selector ?
+
+				// If a selector was specified, locate the right elements in a dummy div
+				// Exclude scripts to avoid IE 'Permission Denied' errors
+				jQuery( "<div>" ).append( jQuery.parseHTML( responseText ) ).find( selector ) :
+
+				// Otherwise use the full result
+				responseText );
+
+		// If the request succeeds, this function gets "data", "status", "jqXHR"
+		// but they are ignored because response was set above.
+		// If it fails, this function gets "jqXHR", "status", "error"
+		} ).always( callback && function( jqXHR, status ) {
+			self.each( function() {
+				callback.apply( this, response || [ jqXHR.responseText, status, jqXHR ] );
+			} );
+		} );
+	}
+
+	return this;
+};
+
+
+
+
+// Attach a bunch of functions for handling common AJAX events
+jQuery.each( [
+	"ajaxStart",
+	"ajaxStop",
+	"ajaxComplete",
+	"ajaxError",
+	"ajaxSuccess",
+	"ajaxSend"
+], function( i, type ) {
+	jQuery.fn[ type ] = function( fn ) {
+		return this.on( type, fn );
+	};
+} );
+
+
+
+
+jQuery.expr.pseudos.animated = function( elem ) {
+	return jQuery.grep( jQuery.timers, function( fn ) {
+		return elem === fn.elem;
+	} ).length;
+};
+
+
+
+
+jQuery.offset = {
+	setOffset: function( elem, options, i ) {
+		var curPosition, curLeft, curCSSTop, curTop, curOffset, curCSSLeft, calculatePosition,
+			position = jQuery.css( elem, "position" ),
+			curElem = jQuery( elem ),
+			props = {};
+
+		// Set position first, in-case top/left are set even on static elem
+		if ( position === "static" ) {
+			elem.style.position = "relative";
+		}
+
+		curOffset = curElem.offset();
+		curCSSTop = jQuery.css( elem, "top" );
+		curCSSLeft = jQuery.css( elem, "left" );
+		calculatePosition = ( position === "absolute" || position === "fixed" ) &&
+			( curCSSTop + curCSSLeft ).indexOf( "auto" ) > -1;
+
+		// Need to be able to calculate position if either
+		// top or left is auto and position is either absolute or fixed
+		if ( calculatePosition ) {
+			curPosition = curElem.position();
+			curTop = curPosition.top;
+			curLeft = curPosition.left;
+
+		} else {
+			curTop = parseFloat( curCSSTop ) || 0;
+			curLeft = parseFloat( curCSSLeft ) || 0;
+		}
+
+		if ( jQuery.isFunction( options ) ) {
+
+			// Use jQuery.extend here to allow modification of coordinates argument (gh-1848)
+			options = options.call( elem, i, jQuery.extend( {}, curOffset ) );
+		}
+
+		if ( options.top != null ) {
+			props.top = ( options.top - curOffset.top ) + curTop;
+		}
+		if ( options.left != null ) {
+			props.left = ( options.left - curOffset.left ) + curLeft;
+		}
+
+		if ( "using" in options ) {
+			options.using.call( elem, props );
+
+		} else {
+			curElem.css( props );
+		}
+	}
+};
+
+jQuery.fn.extend( {
+	offset: function( options ) {
+
+		// Preserve chaining for setter
+		if ( arguments.length ) {
+			return options === undefined ?
+				this :
+				this.each( function( i ) {
+					jQuery.offset.setOffset( this, options, i );
+				} );
+		}
+
+		var doc, docElem, rect, win,
+			elem = this[ 0 ];
+
+		if ( !elem ) {
+			return;
+		}
+
+		// Return zeros for disconnected and hidden (display: none) elements (gh-2310)
+		// Support: IE <=11 only
+		// Running getBoundingClientRect on a
+		// disconnected node in IE throws an error
+		if ( !elem.getClientRects().length ) {
+			return { top: 0, left: 0 };
+		}
+
+		rect = elem.getBoundingClientRect();
+
+		doc = elem.ownerDocument;
+		docElem = doc.documentElement;
+		win = doc.defaultView;
+
+		return {
+			top: rect.top + win.pageYOffset - docElem.clientTop,
+			left: rect.left + win.pageXOffset - docElem.clientLeft
+		};
+	},
+
+	position: function() {
+		if ( !this[ 0 ] ) {
+			return;
+		}
+
+		var offsetParent, offset,
+			elem = this[ 0 ],
+			parentOffset = { top: 0, left: 0 };
+
+		// Fixed elements are offset from window (parentOffset = {top:0, left: 0},
+		// because it is its only offset parent
+		if ( jQuery.css( elem, "position" ) === "fixed" ) {
+
+			// Assume getBoundingClientRect is there when computed position is fixed
+			offset = elem.getBoundingClientRect();
+
+		} else {
+
+			// Get *real* offsetParent
+			offsetParent = this.offsetParent();
+
+			// Get correct offsets
+			offset = this.offset();
+			if ( !nodeName( offsetParent[ 0 ], "html" ) ) {
+				parentOffset = offsetParent.offset();
+			}
+
+			// Add offsetParent borders
+			parentOffset = {
+				top: parentOffset.top + jQuery.css( offsetParent[ 0 ], "borderTopWidth", true ),
+				left: parentOffset.left + jQuery.css( offsetParent[ 0 ], "borderLeftWidth", true )
+			};
+		}
+
+		// Subtract parent offsets and element margins
+		return {
+			top: offset.top - parentOffset.top - jQuery.css( elem, "marginTop", true ),
+			left: offset.left - parentOffset.left - jQuery.css( elem, "marginLeft", true )
+		};
+	},
+
+	// This method will return documentElement in the following cases:
+	// 1) For the element inside the iframe without offsetParent, this method will return
+	//    documentElement of the parent window
+	// 2) For the hidden or detached element
+	// 3) For body or html element, i.e. in case of the html node - it will return itself
+	//
+	// but those exceptions were never presented as a real life use-cases
+	// and might be considered as more preferable results.
+	//
+	// This logic, however, is not guaranteed and can change at any point in the future
+	offsetParent: function() {
+		return this.map( function() {
+			var offsetParent = this.offsetParent;
+
+			while ( offsetParent && jQuery.css( offsetParent, "position" ) === "static" ) {
+				offsetParent = offsetParent.offsetParent;
+			}
+
+			return offsetParent || documentElement;
+		} );
+	}
+} );
+
+// Create scrollLeft and scrollTop methods
+jQuery.each( { scrollLeft: "pageXOffset", scrollTop: "pageYOffset" }, function( method, prop ) {
+	var top = "pageYOffset" === prop;
+
+	jQuery.fn[ method ] = function( val ) {
+		return access( this, function( elem, method, val ) {
+
+			// Coalesce documents and windows
+			var win;
+			if ( jQuery.isWindow( elem ) ) {
+				win = elem;
+			} else if ( elem.nodeType === 9 ) {
+				win = elem.defaultView;
+			}
+
+			if ( val === undefined ) {
+				return win ? win[ prop ] : elem[ method ];
+			}
+
+			if ( win ) {
+				win.scrollTo(
+					!top ? val : win.pageXOffset,
+					top ? val : win.pageYOffset
+				);
+
+			} else {
+				elem[ method ] = val;
+			}
+		}, method, val, arguments.length );
+	};
+} );
+
+// Support: Safari <=7 - 9.1, Chrome <=37 - 49
+// Add the top/left cssHooks using jQuery.fn.position
+// Webkit bug: https://bugs.webkit.org/show_bug.cgi?id=29084
+// Blink bug: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
+// getComputedStyle returns percent when specified for top/left/bottom/right;
+// rather than make the css module depend on the offset module, just check for it here
+jQuery.each( [ "top", "left" ], function( i, prop ) {
+	jQuery.cssHooks[ prop ] = addGetHookIf( support.pixelPosition,
+		function( elem, computed ) {
+			if ( computed ) {
+				computed = curCSS( elem, prop );
+
+				// If curCSS returns percentage, fallback to offset
+				return rnumnonpx.test( computed ) ?
+					jQuery( elem ).position()[ prop ] + "px" :
+					computed;
+			}
+		}
+	);
+} );
+
+
+// Create innerHeight, innerWidth, height, width, outerHeight and outerWidth methods
+jQuery.each( { Height: "height", Width: "width" }, function( name, type ) {
+	jQuery.each( { padding: "inner" + name, content: type, "": "outer" + name },
+		function( defaultExtra, funcName ) {
+
+		// Margin is only for outerHeight, outerWidth
+		jQuery.fn[ funcName ] = function( margin, value ) {
+			var chainable = arguments.length && ( defaultExtra || typeof margin !== "boolean" ),
+				extra = defaultExtra || ( margin === true || value === true ? "margin" : "border" );
+
+			return access( this, function( elem, type, value ) {
+				var doc;
+
+				if ( jQuery.isWindow( elem ) ) {
+
+					// $( window ).outerWidth/Height return w/h including scrollbars (gh-1729)
+					return funcName.indexOf( "outer" ) === 0 ?
+						elem[ "inner" + name ] :
+						elem.document.documentElement[ "client" + name ];
+				}
+
+				// Get document width or height
+				if ( elem.nodeType === 9 ) {
+					doc = elem.documentElement;
+
+					// Either scroll[Width/Height] or offset[Width/Height] or client[Width/Height],
+					// whichever is greatest
+					return Math.max(
+						elem.body[ "scroll" + name ], doc[ "scroll" + name ],
+						elem.body[ "offset" + name ], doc[ "offset" + name ],
+						doc[ "client" + name ]
+					);
+				}
+
+				return value === undefined ?
+
+					// Get width or height on the element, requesting but not forcing parseFloat
+					jQuery.css( elem, type, extra ) :
+
+					// Set width or height on the element
+					jQuery.style( elem, type, value, extra );
+			}, type, chainable ? margin : undefined, chainable );
+		};
+	} );
+} );
+
+
+jQuery.fn.extend( {
+
+	bind: function( types, data, fn ) {
+		return this.on( types, null, data, fn );
+	},
+	unbind: function( types, fn ) {
+		return this.off( types, null, fn );
+	},
+
+	delegate: function( selector, types, data, fn ) {
+		return this.on( types, selector, data, fn );
+	},
+	undelegate: function( selector, types, fn ) {
+
+		// ( namespace ) or ( selector, types [, fn] )
+		return arguments.length === 1 ?
+			this.off( selector, "**" ) :
+			this.off( types, selector || "**", fn );
+	}
+} );
+
+jQuery.holdReady = function( hold ) {
+	if ( hold ) {
+		jQuery.readyWait++;
+	} else {
+		jQuery.ready( true );
+	}
+};
+jQuery.isArray = Array.isArray;
+jQuery.parseJSON = JSON.parse;
+jQuery.nodeName = nodeName;
+
+
+
+
+// Register as a named AMD module, since jQuery can be concatenated with other
+// files that may use define, but not via a proper concatenation script that
+// understands anonymous AMD modules. A named AMD is safest and most robust
+// way to register. Lowercase jquery is used because AMD module names are
+// derived from file names, and jQuery is normally delivered in a lowercase
+// file name. Do this after creating the global so that if an AMD module wants
+// to call noConflict to hide this version of jQuery, it will work.
+
+// Note that for maximum portability, libraries that are not jQuery should
+// declare themselves as anonymous modules, and avoid setting a global if an
+// AMD loader is present. jQuery is a special case. For more information, see
+// https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
+
+if ( typeof define === "function" && define.amd ) {
+	define( "jquery", [], function() {
+		return jQuery;
+	} );
+}
+
+
+
+
+var
+
+	// Map over jQuery in case of overwrite
+	_jQuery = window.jQuery,
+
+	// Map over the $ in case of overwrite
+	_$ = window.$;
+
+jQuery.noConflict = function( deep ) {
+	if ( window.$ === jQuery ) {
+		window.$ = _$;
+	}
+
+	if ( deep && window.jQuery === jQuery ) {
+		window.jQuery = _jQuery;
+	}
+
+	return jQuery;
+};
+
+// Expose jQuery and $ identifiers, even in AMD
+// (#7102#comment:10, https://github.com/jquery/jquery/pull/557)
+// and CommonJS for browser emulators (#13566)
+if ( !noGlobal ) {
+	window.jQuery = window.$ = jQuery;
+}
+
+
+
+
+return jQuery;
+} );
diff --git a/docs/html/_static/jquery.js b/docs/html/_static/jquery.js
new file mode 100644
index 0000000..644d35e
--- /dev/null
+++ b/docs/html/_static/jquery.js
@@ -0,0 +1,4 @@
+/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */
+!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||r.isFunction(g)||(g={}),h===i&&(g=this,h--);h<i;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(r.isPlainObject(d)||(e=Array.isArray(d)))?(e?(e=!1,f=c&&Array.isArray(c)?c:[]):f=c&&r.isPlainObject(c)?c:{},g[b]=r.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},r.extend({expando:"jQuery"+(q+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===r.type(a)},isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){var b=r.type(a);return("number"===b||"string"===b)&&!isNaN(a-parseFloat(a))},isPlainObject:function(a){var b,c;return!(!a||"[object Object]"!==k.call(a))&&(!(b=e(a))||(c=l.call(b,"constructor")&&b.constructor,"function"==typeof c&&m.call(c)===n))},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?j[k.call(a)]||"object":typeof a},globalEval:function(a){p(a)},camelCase:function(a){return a.replace(t,"ms-").replace(u,v)},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(s,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(w(Object(a))?r.merge(c,"string"==typeof a?[a]:a):h.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:i.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;d<c;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;f<g;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,f=0,h=[];if(w(a))for(d=a.length;f<d;f++)e=b(a[f],f,c),null!=e&&h.push(e);else for(f in a)e=b(a[f],f,c),null!=e&&h.push(e);return g.apply([],h)},guid:1,proxy:function(a,b){var c,d,e;if("string"==typeof b&&(c=a[b],b=a,a=c),r.isFunction(a))return d=f.call(arguments,2),e=function(){return a.apply(b||this,d.concat(f.call(arguments)))},e.guid=a.guid=a.guid||r.guid++,e},now:Date.now,support:o}),"function"==typeof Symbol&&(r.fn[Symbol.iterator]=c[Symbol.iterator]),r.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){j["[object "+b+"]"]=b.toLowerCase()});function w(a){var b=!!a&&"length"in a&&a.length,c=r.type(a);return"function"!==c&&!r.isWindow(a)&&("array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.push,G=D.push,H=D.slice,I=function(a,b){for(var c=0,d=a.length;c<d;c++)if(a[c]===b)return c;return-1},J="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",K="[\\x20\\t\\r\\n\\f]",L="(?:\\\\.|[\\w-]|[^\0-\\xa0])+",M="\\["+K+"*("+L+")(?:"+K+"*([*^$|!~]?=)"+K+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+L+"))|)"+K+"*\\]",N=":("+L+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+M+")*)|.*)\\)|)",O=new RegExp(K+"+","g"),P=new RegExp("^"+K+"+|((?:^|[^\\\\])(?:\\\\.)*)"+K+"+$","g"),Q=new RegExp("^"+K+"*,"+K+"*"),R=new RegExp("^"+K+"*([>+~]|"+K+")"+K+"*"),S=new RegExp("="+K+"*([^\\]'\"]*?)"+K+"*\\]","g"),T=new RegExp(N),U=new RegExp("^"+L+"$"),V={ID:new RegExp("^#("+L+")"),CLASS:new RegExp("^\\.("+L+")"),TAG:new RegExp("^("+L+"|[*])"),ATTR:new RegExp("^"+M),PSEUDO:new RegExp("^"+N),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+K+"*(even|odd|(([+-]|)(\\d*)n|)"+K+"*(?:([+-]|)"+K+"*(\\d+)|))"+K+"*\\)|)","i"),bool:new RegExp("^(?:"+J+")$","i"),needsContext:new RegExp("^"+K+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+K+"*((?:-\\d)?\\d*)"+K+"*\\)|)(?=[^-]|$)","i")},W=/^(?:input|select|textarea|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da-f]{1,6}"+K+"?|("+K+")|.)","ig"),aa=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:d<0?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},ba=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ca=function(a,b){return b?"\0"===a?"\ufffd":a.slice(0,-1)+"\\"+a.charCodeAt(a.length-1).toString(16)+" ":"\\"+a},da=function(){m()},ea=ta(function(a){return a.disabled===!0&&("form"in a||"label"in a)},{dir:"parentNode",next:"legend"});try{G.apply(D=H.call(v.childNodes),v.childNodes),D[v.childNodes.length].nodeType}catch(fa){G={apply:D.length?function(a,b){F.apply(a,H.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function ga(a,b,d,e){var f,h,j,k,l,o,r,s=b&&b.ownerDocument,w=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==w&&9!==w&&11!==w)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==w&&(l=Z.exec(a)))if(f=l[1]){if(9===w){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(s&&(j=s.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(l[2])return G.apply(d,b.getElementsByTagName(a)),d;if((f=l[3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.setAttribute("id",k=u),o=g(a),h=o.length;while(h--)o[h]="#"+k+" "+sa(o[h]);r=o.join(","),s=$.test(a)&&qa(b.parentNode)||b}if(r)try{return G.apply(d,s.querySelectorAll(r)),d}catch(x){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(P,"$1"),b,d,e)}function ha(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ia(a){return a[u]=!0,a}function ja(a){var b=n.createElement("fieldset");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ka(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function la(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&a.sourceIndex-b.sourceIndex;if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function na(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function oa(a){return function(b){return"form"in b?b.parentNode&&b.disabled===!1?"label"in b?"label"in b.parentNode?b.parentNode.disabled===a:b.disabled===a:b.isDisabled===a||b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function qa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=ga.support={},f=ga.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return!!b&&"HTML"!==b.nodeName},m=ga.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),v!==n&&(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ja(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ja(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Y.test(n.getElementsByClassName),c.getById=ja(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){return a.getAttribute("id")===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}}):(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value===a)return[f];e=b.getElementsByName(a),d=0;while(f=e[d++])if(c=f.getAttributeNode("id"),c&&c.value===a)return[f]}return[]}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){if("undefined"!=typeof b.getElementsByClassName&&p)return b.getElementsByClassName(a)},r=[],q=[],(c.qsa=Y.test(n.querySelectorAll))&&(ja(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\r\\' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+K+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+K+"*(?:value|"+J+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ja(function(a){a.innerHTML="<a href='' disabled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"*[*^$|!~]?="),2!==a.querySelectorAll(":enabled").length&&q.push(":enabled",":disabled"),o.appendChild(a).disabled=!0,2!==a.querySelectorAll(":disabled").length&&q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Y.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ja(function(a){c.disconnectedMatch=s.call(a,"*"),s.call(a,"[s!='']:x"),r.push("!=",N)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Y.test(o.compareDocumentPosition),t=b||Y.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?la(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},ga.matches=function(a,b){return ga(a,null,null,b)},ga.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(S,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return ga(b,n,null,[a]).length>0},ga.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},ga.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&C.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},ga.escape=function(a){return(a+"").replace(ba,ca)},ga.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},ga.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=ga.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=ga.selectors={cacheLength:50,createPseudo:ia,match:V,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(_,aa),a[3]=(a[3]||a[4]||a[5]||"").replace(_,aa),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||ga.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&ga.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return V.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&T.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(_,aa).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+K+")"+a+"("+K+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=ga.attr(d,a);return null==e?"!="===b:!b||(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(O," ")+" ").indexOf(c)>-1:"|="===b&&(e===c||e.slice(0,c.length+1)===c+"-"))}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||ga.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ia(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=I(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ia(function(a){var b=[],c=[],d=h(a.replace(P,"$1"));return d[u]?ia(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ia(function(a){return function(b){return ga(a,b).length>0}}),contains:ia(function(a){return a=a.replace(_,aa),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ia(function(a){return U.test(a||"")||ga.error("unsupported lang: "+a),a=a.replace(_,aa).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:oa(!1),disabled:oa(!0),checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return X.test(a.nodeName)},input:function(a){return W.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:pa(function(){return[0]}),last:pa(function(a,b){return[b-1]}),eq:pa(function(a,b,c){return[c<0?c+b:c]}),even:pa(function(a,b){for(var c=0;c<b;c+=2)a.push(c);return a}),odd:pa(function(a,b){for(var c=1;c<b;c+=2)a.push(c);return a}),lt:pa(function(a,b,c){for(var d=c<0?c+b:c;--d>=0;)a.push(d);return a}),gt:pa(function(a,b,c){for(var d=c<0?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=ma(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=na(b);function ra(){}ra.prototype=d.filters=d.pseudos,d.setFilters=new ra,g=ga.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){c&&!(e=Q.exec(h))||(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=R.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(P," ")}),h=h.slice(c.length));for(g in d.filter)!(e=V[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?ga.error(a):z(a,i).slice(0)};function sa(a){for(var b=0,c=a.length,d="";b<c;b++)d+=a[b].value;return d}function ta(a,b,c){var d=b.dir,e=b.next,f=e||d,g=c&&"parentNode"===f,h=x++;return b.first?function(b,c,e){while(b=b[d])if(1===b.nodeType||g)return a(b,c,e);return!1}:function(b,c,i){var j,k,l,m=[w,h];if(i){while(b=b[d])if((1===b.nodeType||g)&&a(b,c,i))return!0}else while(b=b[d])if(1===b.nodeType||g)if(l=b[u]||(b[u]={}),k=l[b.uniqueID]||(l[b.uniqueID]={}),e&&e===b.nodeName.toLowerCase())b=b[d]||b;else{if((j=k[f])&&j[0]===w&&j[1]===h)return m[2]=j[2];if(k[f]=m,m[2]=a(b,c,i))return!0}return!1}}function ua(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function va(a,b,c){for(var d=0,e=b.length;d<e;d++)ga(a,b[d],c);return c}function wa(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;h<i;h++)(f=a[h])&&(c&&!c(f,d,e)||(g.push(f),j&&b.push(h)));return g}function xa(a,b,c,d,e,f){return d&&!d[u]&&(d=xa(d)),e&&!e[u]&&(e=xa(e,f)),ia(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||va(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:wa(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=wa(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?I(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=wa(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):G.apply(g,r)})}function ya(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ta(function(a){return a===b},h,!0),l=ta(function(a){return I(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];i<f;i++)if(c=d.relative[a[i].type])m=[ta(ua(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;e<f;e++)if(d.relative[a[e].type])break;return xa(i>1&&ua(m),i>1&&sa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(P,"$1"),c,i<e&&ya(a.slice(i,e)),e<f&&ya(a=a.slice(e)),e<f&&sa(a))}m.push(c)}return ua(m)}function za(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=E.call(i));u=wa(u)}G.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&ga.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ia(f):f}return h=ga.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=ya(b[c]),f[u]?d.push(f):e.push(f);f=A(a,za(e,d)),f.selector=a}return f},i=ga.select=function(a,b,c,e){var f,i,j,k,l,m="function"==typeof a&&a,n=!e&&g(a=m.selector||a);if(c=c||[],1===n.length){if(i=n[0]=n[0].slice(0),i.length>2&&"ID"===(j=i[0]).type&&9===b.nodeType&&p&&d.relative[i[1].type]){if(b=(d.find.ID(j.matches[0].replace(_,aa),b)||[])[0],!b)return c;m&&(b=b.parentNode),a=a.slice(i.shift().value.length)}f=V.needsContext.test(a)?0:i.length;while(f--){if(j=i[f],d.relative[k=j.type])break;if((l=d.find[k])&&(e=l(j.matches[0].replace(_,aa),$.test(i[0].type)&&qa(b.parentNode)||b))){if(i.splice(f,1),a=e.length&&sa(i),!a)return G.apply(c,e),c;break}}}return(m||h(a,n))(e,b,!p,c,!b||$.test(a)&&qa(b.parentNode)||b),c},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ja(function(a){return 1&a.compareDocumentPosition(n.createElement("fieldset"))}),ja(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ka("type|href|height|width",function(a,b,c){if(!c)return a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ja(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ka("value",function(a,b,c){if(!c&&"input"===a.nodeName.toLowerCase())return a.defaultValue}),ja(function(a){return null==a.getAttribute("disabled")})||ka(J,function(a,b,c){var d;if(!c)return a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),ga}(a);r.find=x,r.expr=x.selectors,r.expr[":"]=r.expr.pseudos,r.uniqueSort=r.unique=x.uniqueSort,r.text=x.getText,r.isXMLDoc=x.isXML,r.contains=x.contains,r.escapeSelector=x.escape;var y=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&r(a).is(c))break;d.push(a)}return d},z=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},A=r.expr.match.needsContext;function B(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()}var C=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i,D=/^.[^:#\[\.,]*$/;function E(a,b,c){return r.isFunction(b)?r.grep(a,function(a,d){return!!b.call(a,d,a)!==c}):b.nodeType?r.grep(a,function(a){return a===b!==c}):"string"!=typeof b?r.grep(a,function(a){return i.call(b,a)>-1!==c}):D.test(b)?r.filter(b,a,c):(b=r.filter(b,a),r.grep(a,function(a){return i.call(b,a)>-1!==c&&1===a.nodeType}))}r.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?r.find.matchesSelector(d,a)?[d]:[]:r.find.matches(a,r.grep(b,function(a){return 1===a.nodeType}))},r.fn.extend({find:function(a){var b,c,d=this.length,e=this;if("string"!=typeof a)return this.pushStack(r(a).filter(function(){for(b=0;b<d;b++)if(r.contains(e[b],this))return!0}));for(c=this.pushStack([]),b=0;b<d;b++)r.find(a,e[b],c);return d>1?r.uniqueSort(c):c},filter:function(a){return this.pushStack(E(this,a||[],!1))},not:function(a){return this.pushStack(E(this,a||[],!0))},is:function(a){return!!E(this,"string"==typeof a&&A.test(a)?r(a):a||[],!1).length}});var F,G=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/,H=r.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||F,"string"==typeof a){if(e="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:G.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof r?b[0]:b,r.merge(this,r.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),C.test(e[1])&&r.isPlainObject(b))for(e in b)r.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}return f=d.getElementById(e[2]),f&&(this[0]=f,this.length=1),this}return a.nodeType?(this[0]=a,this.length=1,this):r.isFunction(a)?void 0!==c.ready?c.ready(a):a(r):r.makeArray(a,this)};H.prototype=r.fn,F=r(d);var I=/^(?:parents|prev(?:Until|All))/,J={children:!0,contents:!0,next:!0,prev:!0};r.fn.extend({has:function(a){var b=r(a,this),c=b.length;return this.filter(function(){for(var a=0;a<c;a++)if(r.contains(this,b[a]))return!0})},closest:function(a,b){var c,d=0,e=this.length,f=[],g="string"!=typeof a&&r(a);if(!A.test(a))for(;d<e;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&r.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?r.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?i.call(r(a),this[0]):i.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(r.uniqueSort(r.merge(this.get(),r(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function K(a,b){while((a=a[b])&&1!==a.nodeType);return a}r.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return y(a,"parentNode")},parentsUntil:function(a,b,c){return y(a,"parentNode",c)},next:function(a){return K(a,"nextSibling")},prev:function(a){return K(a,"previousSibling")},nextAll:function(a){return y(a,"nextSibling")},prevAll:function(a){return y(a,"previousSibling")},nextUntil:function(a,b,c){return y(a,"nextSibling",c)},prevUntil:function(a,b,c){return y(a,"previousSibling",c)},siblings:function(a){return z((a.parentNode||{}).firstChild,a)},children:function(a){return z(a.firstChild)},contents:function(a){return B(a,"iframe")?a.contentDocument:(B(a,"template")&&(a=a.content||a),r.merge([],a.childNodes))}},function(a,b){r.fn[a]=function(c,d){var e=r.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=r.filter(d,e)),this.length>1&&(J[a]||r.uniqueSort(e),I.test(a)&&e.reverse()),this.pushStack(e)}});var L=/[^\x20\t\r\n\f]+/g;function M(a){var b={};return r.each(a.match(L)||[],function(a,c){b[c]=!0}),b}r.Callbacks=function(a){a="string"==typeof a?M(a):r.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=e||a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h<f.length)f[h].apply(c[0],c[1])===!1&&a.stopOnFalse&&(h=f.length,c=!1)}a.memory||(c=!1),b=!1,e&&(f=c?[]:"")},j={add:function(){return f&&(c&&!b&&(h=f.length-1,g.push(c)),function d(b){r.each(b,function(b,c){r.isFunction(c)?a.unique&&j.has(c)||f.push(c):c&&c.length&&"string"!==r.type(c)&&d(c)})}(arguments),c&&!b&&i()),this},remove:function(){return r.each(arguments,function(a,b){var c;while((c=r.inArray(b,f,c))>-1)f.splice(c,1),c<=h&&h--}),this},has:function(a){return a?r.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=g=[],c||b||(f=c=""),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j};function N(a){return a}function O(a){throw a}function P(a,b,c,d){var e;try{a&&r.isFunction(e=a.promise)?e.call(a).done(b).fail(c):a&&r.isFunction(e=a.then)?e.call(a,b,c):b.apply(void 0,[a].slice(d))}catch(a){c.apply(void 0,[a])}}r.extend({Deferred:function(b){var c=[["notify","progress",r.Callbacks("memory"),r.Callbacks("memory"),2],["resolve","done",r.Callbacks("once memory"),r.Callbacks("once memory"),0,"resolved"],["reject","fail",r.Callbacks("once memory"),r.Callbacks("once memory"),1,"rejected"]],d="pending",e={state:function(){return d},always:function(){return f.done(arguments).fail(arguments),this},"catch":function(a){return e.then(null,a)},pipe:function(){var a=arguments;return r.Deferred(function(b){r.each(c,function(c,d){var e=r.isFunction(a[d[4]])&&a[d[4]];f[d[1]](function(){var a=e&&e.apply(this,arguments);a&&r.isFunction(a.promise)?a.promise().progress(b.notify).done(b.resolve).fail(b.reject):b[d[0]+"With"](this,e?[a]:arguments)})}),a=null}).promise()},then:function(b,d,e){var f=0;function g(b,c,d,e){return function(){var h=this,i=arguments,j=function(){var a,j;if(!(b<f)){if(a=d.apply(h,i),a===c.promise())throw new TypeError("Thenable self-resolution");j=a&&("object"==typeof a||"function"==typeof a)&&a.then,r.isFunction(j)?e?j.call(a,g(f,c,N,e),g(f,c,O,e)):(f++,j.call(a,g(f,c,N,e),g(f,c,O,e),g(f,c,N,c.notifyWith))):(d!==N&&(h=void 0,i=[a]),(e||c.resolveWith)(h,i))}},k=e?j:function(){try{j()}catch(a){r.Deferred.exceptionHook&&r.Deferred.exceptionHook(a,k.stackTrace),b+1>=f&&(d!==O&&(h=void 0,i=[a]),c.rejectWith(h,i))}};b?k():(r.Deferred.getStackHook&&(k.stackTrace=r.Deferred.getStackHook()),a.setTimeout(k))}}return r.Deferred(function(a){c[0][3].add(g(0,a,r.isFunction(e)?e:N,a.notifyWith)),c[1][3].add(g(0,a,r.isFunction(b)?b:N)),c[2][3].add(g(0,a,r.isFunction(d)?d:O))}).promise()},promise:function(a){return null!=a?r.extend(a,e):e}},f={};return r.each(c,function(a,b){var g=b[2],h=b[5];e[b[1]]=g.add,h&&g.add(function(){d=h},c[3-a][2].disable,c[0][2].lock),g.add(b[3].fire),f[b[0]]=function(){return f[b[0]+"With"](this===f?void 0:this,arguments),this},f[b[0]+"With"]=g.fireWith}),e.promise(f),b&&b.call(f,f),f},when:function(a){var b=arguments.length,c=b,d=Array(c),e=f.call(arguments),g=r.Deferred(),h=function(a){return function(c){d[a]=this,e[a]=arguments.length>1?f.call(arguments):c,--b||g.resolveWith(d,e)}};if(b<=1&&(P(a,g.done(h(c)).resolve,g.reject,!b),"pending"===g.state()||r.isFunction(e[c]&&e[c].then)))return g.then();while(c--)P(e[c],h(c),g.reject);return g.promise()}});var Q=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;r.Deferred.exceptionHook=function(b,c){a.console&&a.console.warn&&b&&Q.test(b.name)&&a.console.warn("jQuery.Deferred exception: "+b.message,b.stack,c)},r.readyException=function(b){a.setTimeout(function(){throw b})};var R=r.Deferred();r.fn.ready=function(a){return R.then(a)["catch"](function(a){r.readyException(a)}),this},r.extend({isReady:!1,readyWait:1,ready:function(a){(a===!0?--r.readyWait:r.isReady)||(r.isReady=!0,a!==!0&&--r.readyWait>0||R.resolveWith(d,[r]))}}),r.ready.then=R.then;function S(){d.removeEventListener("DOMContentLoaded",S),
+a.removeEventListener("load",S),r.ready()}"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll?a.setTimeout(r.ready):(d.addEventListener("DOMContentLoaded",S),a.addEventListener("load",S));var T=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===r.type(c)){e=!0;for(h in c)T(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,r.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(r(a),c)})),b))for(;h<i;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},U=function(a){return 1===a.nodeType||9===a.nodeType||!+a.nodeType};function V(){this.expando=r.expando+V.uid++}V.uid=1,V.prototype={cache:function(a){var b=a[this.expando];return b||(b={},U(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase(b)]=c;else for(d in b)e[r.camelCase(d)]=b[d];return e},get:function(a,b){return void 0===b?this.cache(a):a[this.expando]&&a[this.expando][r.camelCase(b)]},access:function(a,b,c){return void 0===b||b&&"string"==typeof b&&void 0===c?this.get(a,b):(this.set(a,b,c),void 0!==c?c:b)},remove:function(a,b){var c,d=a[this.expando];if(void 0!==d){if(void 0!==b){Array.isArray(b)?b=b.map(r.camelCase):(b=r.camelCase(b),b=b in d?[b]:b.match(L)||[]),c=b.length;while(c--)delete d[b[c]]}(void 0===b||r.isEmptyObject(d))&&(a.nodeType?a[this.expando]=void 0:delete a[this.expando])}},hasData:function(a){var b=a[this.expando];return void 0!==b&&!r.isEmptyObject(b)}};var W=new V,X=new V,Y=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,Z=/[A-Z]/g;function $(a){return"true"===a||"false"!==a&&("null"===a?null:a===+a+""?+a:Y.test(a)?JSON.parse(a):a)}function _(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(Z,"-$&").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c=$(c)}catch(e){}X.set(a,b,c)}else c=void 0;return c}r.extend({hasData:function(a){return X.hasData(a)||W.hasData(a)},data:function(a,b,c){return X.access(a,b,c)},removeData:function(a,b){X.remove(a,b)},_data:function(a,b,c){return W.access(a,b,c)},_removeData:function(a,b){W.remove(a,b)}}),r.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=X.get(f),1===f.nodeType&&!W.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=r.camelCase(d.slice(5)),_(f,d,e[d])));W.set(f,"hasDataAttrs",!0)}return e}return"object"==typeof a?this.each(function(){X.set(this,a)}):T(this,function(b){var c;if(f&&void 0===b){if(c=X.get(f,a),void 0!==c)return c;if(c=_(f,a),void 0!==c)return c}else this.each(function(){X.set(this,a,b)})},null,b,arguments.length>1,null,!0)},removeData:function(a){return this.each(function(){X.remove(this,a)})}}),r.extend({queue:function(a,b,c){var d;if(a)return b=(b||"fx")+"queue",d=W.get(a,b),c&&(!d||Array.isArray(c)?d=W.access(a,b,r.makeArray(c)):d.push(c)),d||[]},dequeue:function(a,b){b=b||"fx";var c=r.queue(a,b),d=c.length,e=c.shift(),f=r._queueHooks(a,b),g=function(){r.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return W.get(a,c)||W.access(a,c,{empty:r.Callbacks("once memory").add(function(){W.remove(a,[b+"queue",c])})})}}),r.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?r.queue(this[0],a):void 0===b?this:this.each(function(){var c=r.queue(this,a,b);r._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&r.dequeue(this,a)})},dequeue:function(a){return this.each(function(){r.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=r.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=W.get(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}});var aa=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,ba=new RegExp("^(?:([+-])=|)("+aa+")([a-z%]*)$","i"),ca=["Top","Right","Bottom","Left"],da=function(a,b){return a=b||a,"none"===a.style.display||""===a.style.display&&r.contains(a.ownerDocument,a)&&"none"===r.css(a,"display")},ea=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e};function fa(a,b,c,d){var e,f=1,g=20,h=d?function(){return d.cur()}:function(){return r.css(a,b,"")},i=h(),j=c&&c[3]||(r.cssNumber[b]?"":"px"),k=(r.cssNumber[b]||"px"!==j&&+i)&&ba.exec(r.css(a,b));if(k&&k[3]!==j){j=j||k[3],c=c||[],k=+i||1;do f=f||".5",k/=f,r.style(a,b,k+j);while(f!==(f=h()/i)&&1!==f&&--g)}return c&&(k=+k||+i||0,e=c[1]?k+(c[1]+1)*c[2]:+c[2],d&&(d.unit=j,d.start=k,d.end=e)),e}var ga={};function ha(a){var b,c=a.ownerDocument,d=a.nodeName,e=ga[d];return e?e:(b=c.body.appendChild(c.createElement(d)),e=r.css(b,"display"),b.parentNode.removeChild(b),"none"===e&&(e="block"),ga[d]=e,e)}function ia(a,b){for(var c,d,e=[],f=0,g=a.length;f<g;f++)d=a[f],d.style&&(c=d.style.display,b?("none"===c&&(e[f]=W.get(d,"display")||null,e[f]||(d.style.display="")),""===d.style.display&&da(d)&&(e[f]=ha(d))):"none"!==c&&(e[f]="none",W.set(d,"display",c)));for(f=0;f<g;f++)null!=e[f]&&(a[f].style.display=e[f]);return a}r.fn.extend({show:function(){return ia(this,!0)},hide:function(){return ia(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){da(this)?r(this).show():r(this).hide()})}});var ja=/^(?:checkbox|radio)$/i,ka=/<([a-z][^\/\0>\x20\t\r\n\f]+)/i,la=/^$|\/(?:java|ecma)script/i,ma={option:[1,"<select multiple='multiple'>","</select>"],thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:[0,"",""]};ma.optgroup=ma.option,ma.tbody=ma.tfoot=ma.colgroup=ma.caption=ma.thead,ma.th=ma.td;function na(a,b){var c;return c="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):[],void 0===b||b&&B(a,b)?r.merge([a],c):c}function oa(a,b){for(var c=0,d=a.length;c<d;c++)W.set(a[c],"globalEval",!b||W.get(b[c],"globalEval"))}var pa=/<|&#?\w+;/;function qa(a,b,c,d,e){for(var f,g,h,i,j,k,l=b.createDocumentFragment(),m=[],n=0,o=a.length;n<o;n++)if(f=a[n],f||0===f)if("object"===r.type(f))r.merge(m,f.nodeType?[f]:f);else if(pa.test(f)){g=g||l.appendChild(b.createElement("div")),h=(ka.exec(f)||["",""])[1].toLowerCase(),i=ma[h]||ma._default,g.innerHTML=i[1]+r.htmlPrefilter(f)+i[2],k=i[0];while(k--)g=g.lastChild;r.merge(m,g.childNodes),g=l.firstChild,g.textContent=""}else m.push(b.createTextNode(f));l.textContent="",n=0;while(f=m[n++])if(d&&r.inArray(f,d)>-1)e&&e.push(f);else if(j=r.contains(f.ownerDocument,f),g=na(l.appendChild(f),"script"),j&&oa(g),c){k=0;while(f=g[k++])la.test(f.type||"")&&c.push(f)}return l}!function(){var a=d.createDocumentFragment(),b=a.appendChild(d.createElement("div")),c=d.createElement("input");c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),b.appendChild(c),o.checkClone=b.cloneNode(!0).cloneNode(!0).lastChild.checked,b.innerHTML="<textarea>x</textarea>",o.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var ra=d.documentElement,sa=/^key/,ta=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,ua=/^([^.]*)(?:\.(.+)|)/;function va(){return!0}function wa(){return!1}function xa(){try{return d.activeElement}catch(a){}}function ya(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)ya(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=wa;else if(!e)return a;return 1===f&&(g=e,e=function(a){return r().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=r.guid++)),a.each(function(){r.event.add(this,b,e,d,c)})}r.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=W.get(a);if(q){c.handler&&(f=c,c=f.handler,e=f.selector),e&&r.find.matchesSelector(ra,e),c.guid||(c.guid=r.guid++),(i=q.events)||(i=q.events={}),(g=q.handle)||(g=q.handle=function(b){return"undefined"!=typeof r&&r.event.triggered!==b.type?r.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(L)||[""],j=b.length;while(j--)h=ua.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n&&(l=r.event.special[n]||{},n=(e?l.delegateType:l.bindType)||n,l=r.event.special[n]||{},k=r.extend({type:n,origType:p,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&r.expr.match.needsContext.test(e),namespace:o.join(".")},f),(m=i[n])||(m=i[n]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,o,g)!==!1||a.addEventListener&&a.addEventListener(n,g)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),r.event.global[n]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=W.hasData(a)&&W.get(a);if(q&&(i=q.events)){b=(b||"").match(L)||[""],j=b.length;while(j--)if(h=ua.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n){l=r.event.special[n]||{},n=(d?l.delegateType:l.bindType)||n,m=i[n]||[],h=h[2]&&new RegExp("(^|\\.)"+o.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&p!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,o,q.handle)!==!1||r.removeEvent(a,n,q.handle),delete i[n])}else for(n in i)r.event.remove(a,n+b[j],c,d,!0);r.isEmptyObject(i)&&W.remove(a,"handle events")}},dispatch:function(a){var b=r.event.fix(a),c,d,e,f,g,h,i=new Array(arguments.length),j=(W.get(this,"events")||{})[b.type]||[],k=r.event.special[b.type]||{};for(i[0]=b,c=1;c<arguments.length;c++)i[c]=arguments[c];if(b.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,b)!==!1){h=r.event.handlers.call(this,b,j),c=0;while((f=h[c++])&&!b.isPropagationStopped()){b.currentTarget=f.elem,d=0;while((g=f.handlers[d++])&&!b.isImmediatePropagationStopped())b.rnamespace&&!b.rnamespace.test(g.namespace)||(b.handleObj=g,b.data=g.data,e=((r.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==e&&(b.result=e)===!1&&(b.preventDefault(),b.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,b),b.result}},handlers:function(a,b){var c,d,e,f,g,h=[],i=b.delegateCount,j=a.target;if(i&&j.nodeType&&!("click"===a.type&&a.button>=1))for(;j!==this;j=j.parentNode||this)if(1===j.nodeType&&("click"!==a.type||j.disabled!==!0)){for(f=[],g={},c=0;c<i;c++)d=b[c],e=d.selector+" ",void 0===g[e]&&(g[e]=d.needsContext?r(e,this).index(j)>-1:r.find(e,this,null,[j]).length),g[e]&&f.push(d);f.length&&h.push({elem:j,handlers:f})}return j=this,i<b.length&&h.push({elem:j,handlers:b.slice(i)}),h},addProp:function(a,b){Object.defineProperty(r.Event.prototype,a,{enumerable:!0,configurable:!0,get:r.isFunction(b)?function(){if(this.originalEvent)return b(this.originalEvent)}:function(){if(this.originalEvent)return this.originalEvent[a]},set:function(b){Object.defineProperty(this,a,{enumerable:!0,configurable:!0,writable:!0,value:b})}})},fix:function(a){return a[r.expando]?a:new r.Event(a)},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==xa()&&this.focus)return this.focus(),!1},delegateType:"focusin"},blur:{trigger:function(){if(this===xa()&&this.blur)return this.blur(),!1},delegateType:"focusout"},click:{trigger:function(){if("checkbox"===this.type&&this.click&&B(this,"input"))return this.click(),!1},_default:function(a){return B(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}}},r.removeEvent=function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c)},r.Event=function(a,b){return this instanceof r.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?va:wa,this.target=a.target&&3===a.target.nodeType?a.target.parentNode:a.target,this.currentTarget=a.currentTarget,this.relatedTarget=a.relatedTarget):this.type=a,b&&r.extend(this,b),this.timeStamp=a&&a.timeStamp||r.now(),void(this[r.expando]=!0)):new r.Event(a,b)},r.Event.prototype={constructor:r.Event,isDefaultPrevented:wa,isPropagationStopped:wa,isImmediatePropagationStopped:wa,isSimulated:!1,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=va,a&&!this.isSimulated&&a.preventDefault()},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=va,a&&!this.isSimulated&&a.stopPropagation()},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=va,a&&!this.isSimulated&&a.stopImmediatePropagation(),this.stopPropagation()}},r.each({altKey:!0,bubbles:!0,cancelable:!0,changedTouches:!0,ctrlKey:!0,detail:!0,eventPhase:!0,metaKey:!0,pageX:!0,pageY:!0,shiftKey:!0,view:!0,"char":!0,charCode:!0,key:!0,keyCode:!0,button:!0,buttons:!0,clientX:!0,clientY:!0,offsetX:!0,offsetY:!0,pointerId:!0,pointerType:!0,screenX:!0,screenY:!0,targetTouches:!0,toElement:!0,touches:!0,which:function(a){var b=a.button;return null==a.which&&sa.test(a.type)?null!=a.charCode?a.charCode:a.keyCode:!a.which&&void 0!==b&&ta.test(a.type)?1&b?1:2&b?3:4&b?2:0:a.which}},r.event.addProp),r.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){r.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return e&&(e===d||r.contains(d,e))||(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),r.fn.extend({on:function(a,b,c,d){return ya(this,a,b,c,d)},one:function(a,b,c,d){return ya(this,a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,r(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return b!==!1&&"function"!=typeof b||(c=b,b=void 0),c===!1&&(c=wa),this.each(function(){r.event.remove(this,a,c,b)})}});var za=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,Aa=/<script|<style|<link/i,Ba=/checked\s*(?:[^=]|=\s*.checked.)/i,Ca=/^true\/(.*)/,Da=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;function Ea(a,b){return B(a,"table")&&B(11!==b.nodeType?b:b.firstChild,"tr")?r(">tbody",a)[0]||a:a}function Fa(a){return a.type=(null!==a.getAttribute("type"))+"/"+a.type,a}function Ga(a){var b=Ca.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Ha(a,b){var c,d,e,f,g,h,i,j;if(1===b.nodeType){if(W.hasData(a)&&(f=W.access(a),g=W.set(b,f),j=f.events)){delete g.handle,g.events={};for(e in j)for(c=0,d=j[e].length;c<d;c++)r.event.add(b,e,j[e][c])}X.hasData(a)&&(h=X.access(a),i=r.extend({},h),X.set(b,i))}}function Ia(a,b){var c=b.nodeName.toLowerCase();"input"===c&&ja.test(a.type)?b.checked=a.checked:"input"!==c&&"textarea"!==c||(b.defaultValue=a.defaultValue)}function Ja(a,b,c,d){b=g.apply([],b);var e,f,h,i,j,k,l=0,m=a.length,n=m-1,q=b[0],s=r.isFunction(q);if(s||m>1&&"string"==typeof q&&!o.checkClone&&Ba.test(q))return a.each(function(e){var f=a.eq(e);s&&(b[0]=q.call(this,e,f.html())),Ja(f,b,c,d)});if(m&&(e=qa(b,a[0].ownerDocument,!1,a,d),f=e.firstChild,1===e.childNodes.length&&(e=f),f||d)){for(h=r.map(na(e,"script"),Fa),i=h.length;l<m;l++)j=e,l!==n&&(j=r.clone(j,!0,!0),i&&r.merge(h,na(j,"script"))),c.call(a[l],j,l);if(i)for(k=h[h.length-1].ownerDocument,r.map(h,Ga),l=0;l<i;l++)j=h[l],la.test(j.type||"")&&!W.access(j,"globalEval")&&r.contains(k,j)&&(j.src?r._evalUrl&&r._evalUrl(j.src):p(j.textContent.replace(Da,""),k))}return a}function Ka(a,b,c){for(var d,e=b?r.filter(b,a):a,f=0;null!=(d=e[f]);f++)c||1!==d.nodeType||r.cleanData(na(d)),d.parentNode&&(c&&r.contains(d.ownerDocument,d)&&oa(na(d,"script")),d.parentNode.removeChild(d));return a}r.extend({htmlPrefilter:function(a){return a.replace(za,"<$1></$2>")},clone:function(a,b,c){var d,e,f,g,h=a.cloneNode(!0),i=r.contains(a.ownerDocument,a);if(!(o.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||r.isXMLDoc(a)))for(g=na(h),f=na(a),d=0,e=f.length;d<e;d++)Ia(f[d],g[d]);if(b)if(c)for(f=f||na(a),g=g||na(h),d=0,e=f.length;d<e;d++)Ha(f[d],g[d]);else Ha(a,h);return g=na(h,"script"),g.length>0&&oa(g,!i&&na(a,"script")),h},cleanData:function(a){for(var b,c,d,e=r.event.special,f=0;void 0!==(c=a[f]);f++)if(U(c)){if(b=c[W.expando]){if(b.events)for(d in b.events)e[d]?r.event.remove(c,d):r.removeEvent(c,d,b.handle);c[W.expando]=void 0}c[X.expando]&&(c[X.expando]=void 0)}}}),r.fn.extend({detach:function(a){return Ka(this,a,!0)},remove:function(a){return Ka(this,a)},text:function(a){return T(this,function(a){return void 0===a?r.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ja(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ea(this,a);b.appendChild(a)}})},prepend:function(){return Ja(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ea(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ja(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ja(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++)1===a.nodeType&&(r.cleanData(na(a,!1)),a.textContent="");return this},clone:function(a,b){return a=null!=a&&a,b=null==b?a:b,this.map(function(){return r.clone(this,a,b)})},html:function(a){return T(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a&&1===b.nodeType)return b.innerHTML;if("string"==typeof a&&!Aa.test(a)&&!ma[(ka.exec(a)||["",""])[1].toLowerCase()]){a=r.htmlPrefilter(a);try{for(;c<d;c++)b=this[c]||{},1===b.nodeType&&(r.cleanData(na(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=[];return Ja(this,arguments,function(b){var c=this.parentNode;r.inArray(this,a)<0&&(r.cleanData(na(this)),c&&c.replaceChild(b,this))},a)}}),r.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){r.fn[a]=function(a){for(var c,d=[],e=r(a),f=e.length-1,g=0;g<=f;g++)c=g===f?this:this.clone(!0),r(e[g])[b](c),h.apply(d,c.get());return this.pushStack(d)}});var La=/^margin/,Ma=new RegExp("^("+aa+")(?!px)[a-z%]+$","i"),Na=function(b){var c=b.ownerDocument.defaultView;return c&&c.opener||(c=a),c.getComputedStyle(b)};!function(){function b(){if(i){i.style.cssText="box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",i.innerHTML="",ra.appendChild(h);var b=a.getComputedStyle(i);c="1%"!==b.top,g="2px"===b.marginLeft,e="4px"===b.width,i.style.marginRight="50%",f="4px"===b.marginRight,ra.removeChild(h),i=null}}var c,e,f,g,h=d.createElement("div"),i=d.createElement("div");i.style&&(i.style.backgroundClip="content-box",i.cloneNode(!0).style.backgroundClip="",o.clearCloneStyle="content-box"===i.style.backgroundClip,h.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",h.appendChild(i),r.extend(o,{pixelPosition:function(){return b(),c},boxSizingReliable:function(){return b(),e},pixelMarginRight:function(){return b(),f},reliableMarginLeft:function(){return b(),g}}))}();function Oa(a,b,c){var d,e,f,g,h=a.style;return c=c||Na(a),c&&(g=c.getPropertyValue(b)||c[b],""!==g||r.contains(a.ownerDocument,a)||(g=r.style(a,b)),!o.pixelMarginRight()&&Ma.test(g)&&La.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f)),void 0!==g?g+"":g}function Pa(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}var Qa=/^(none|table(?!-c[ea]).+)/,Ra=/^--/,Sa={position:"absolute",visibility:"hidden",display:"block"},Ta={letterSpacing:"0",fontWeight:"400"},Ua=["Webkit","Moz","ms"],Va=d.createElement("div").style;function Wa(a){if(a in Va)return a;var b=a[0].toUpperCase()+a.slice(1),c=Ua.length;while(c--)if(a=Ua[c]+b,a in Va)return a}function Xa(a){var b=r.cssProps[a];return b||(b=r.cssProps[a]=Wa(a)||a),b}function Ya(a,b,c){var d=ba.exec(b);return d?Math.max(0,d[2]-(c||0))+(d[3]||"px"):b}function Za(a,b,c,d,e){var f,g=0;for(f=c===(d?"border":"content")?4:"width"===b?1:0;f<4;f+=2)"margin"===c&&(g+=r.css(a,c+ca[f],!0,e)),d?("content"===c&&(g-=r.css(a,"padding"+ca[f],!0,e)),"margin"!==c&&(g-=r.css(a,"border"+ca[f]+"Width",!0,e))):(g+=r.css(a,"padding"+ca[f],!0,e),"padding"!==c&&(g+=r.css(a,"border"+ca[f]+"Width",!0,e)));return g}function $a(a,b,c){var d,e=Na(a),f=Oa(a,b,e),g="border-box"===r.css(a,"boxSizing",!1,e);return Ma.test(f)?f:(d=g&&(o.boxSizingReliable()||f===a.style[b]),"auto"===f&&(f=a["offset"+b[0].toUpperCase()+b.slice(1)]),f=parseFloat(f)||0,f+Za(a,b,c||(g?"border":"content"),d,e)+"px")}r.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=Oa(a,"opacity");return""===c?"1":c}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":"cssFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=r.camelCase(b),i=Ra.test(b),j=a.style;return i||(b=Xa(h)),g=r.cssHooks[b]||r.cssHooks[h],void 0===c?g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:j[b]:(f=typeof c,"string"===f&&(e=ba.exec(c))&&e[1]&&(c=fa(a,b,e),f="number"),null!=c&&c===c&&("number"===f&&(c+=e&&e[3]||(r.cssNumber[h]?"":"px")),o.clearCloneStyle||""!==c||0!==b.indexOf("background")||(j[b]="inherit"),g&&"set"in g&&void 0===(c=g.set(a,c,d))||(i?j.setProperty(b,c):j[b]=c)),void 0)}},css:function(a,b,c,d){var e,f,g,h=r.camelCase(b),i=Ra.test(b);return i||(b=Xa(h)),g=r.cssHooks[b]||r.cssHooks[h],g&&"get"in g&&(e=g.get(a,!0,c)),void 0===e&&(e=Oa(a,b,d)),"normal"===e&&b in Ta&&(e=Ta[b]),""===c||c?(f=parseFloat(e),c===!0||isFinite(f)?f||0:e):e}}),r.each(["height","width"],function(a,b){r.cssHooks[b]={get:function(a,c,d){if(c)return!Qa.test(r.css(a,"display"))||a.getClientRects().length&&a.getBoundingClientRect().width?$a(a,b,d):ea(a,Sa,function(){return $a(a,b,d)})},set:function(a,c,d){var e,f=d&&Na(a),g=d&&Za(a,b,d,"border-box"===r.css(a,"boxSizing",!1,f),f);return g&&(e=ba.exec(c))&&"px"!==(e[3]||"px")&&(a.style[b]=c,c=r.css(a,b)),Ya(a,c,g)}}}),r.cssHooks.marginLeft=Pa(o.reliableMarginLeft,function(a,b){if(b)return(parseFloat(Oa(a,"marginLeft"))||a.getBoundingClientRect().left-ea(a,{marginLeft:0},function(){return a.getBoundingClientRect().left}))+"px"}),r.each({margin:"",padding:"",border:"Width"},function(a,b){r.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];d<4;d++)e[a+ca[d]+b]=f[d]||f[d-2]||f[0];return e}},La.test(a)||(r.cssHooks[a+b].set=Ya)}),r.fn.extend({css:function(a,b){return T(this,function(a,b,c){var d,e,f={},g=0;if(Array.isArray(b)){for(d=Na(a),e=b.length;g<e;g++)f[b[g]]=r.css(a,b[g],!1,d);return f}return void 0!==c?r.style(a,b,c):r.css(a,b)},a,b,arguments.length>1)}});function _a(a,b,c,d,e){return new _a.prototype.init(a,b,c,d,e)}r.Tween=_a,_a.prototype={constructor:_a,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||r.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(r.cssNumber[c]?"":"px")},cur:function(){var a=_a.propHooks[this.prop];return a&&a.get?a.get(this):_a.propHooks._default.get(this)},run:function(a){var b,c=_a.propHooks[this.prop];return this.options.duration?this.pos=b=r.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):_a.propHooks._default.set(this),this}},_a.prototype.init.prototype=_a.prototype,_a.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=r.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){r.fx.step[a.prop]?r.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[r.cssProps[a.prop]]&&!r.cssHooks[a.prop]?a.elem[a.prop]=a.now:r.style(a.elem,a.prop,a.now+a.unit)}}},_a.propHooks.scrollTop=_a.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},r.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},r.fx=_a.prototype.init,r.fx.step={};var ab,bb,cb=/^(?:toggle|show|hide)$/,db=/queueHooks$/;function eb(){bb&&(d.hidden===!1&&a.requestAnimationFrame?a.requestAnimationFrame(eb):a.setTimeout(eb,r.fx.interval),r.fx.tick())}function fb(){return a.setTimeout(function(){ab=void 0}),ab=r.now()}function gb(a,b){var c,d=0,e={height:a};for(b=b?1:0;d<4;d+=2-b)c=ca[d],e["margin"+c]=e["padding"+c]=a;return b&&(e.opacity=e.width=a),e}function hb(a,b,c){for(var d,e=(kb.tweeners[b]||[]).concat(kb.tweeners["*"]),f=0,g=e.length;f<g;f++)if(d=e[f].call(c,b,a))return d}function ib(a,b,c){var d,e,f,g,h,i,j,k,l="width"in b||"height"in b,m=this,n={},o=a.style,p=a.nodeType&&da(a),q=W.get(a,"fxshow");c.queue||(g=r._queueHooks(a,"fx"),null==g.unqueued&&(g.unqueued=0,h=g.empty.fire,g.empty.fire=function(){g.unqueued||h()}),g.unqueued++,m.always(function(){m.always(function(){g.unqueued--,r.queue(a,"fx").length||g.empty.fire()})}));for(d in b)if(e=b[d],cb.test(e)){if(delete b[d],f=f||"toggle"===e,e===(p?"hide":"show")){if("show"!==e||!q||void 0===q[d])continue;p=!0}n[d]=q&&q[d]||r.style(a,d)}if(i=!r.isEmptyObject(b),i||!r.isEmptyObject(n)){l&&1===a.nodeType&&(c.overflow=[o.overflow,o.overflowX,o.overflowY],j=q&&q.display,null==j&&(j=W.get(a,"display")),k=r.css(a,"display"),"none"===k&&(j?k=j:(ia([a],!0),j=a.style.display||j,k=r.css(a,"display"),ia([a]))),("inline"===k||"inline-block"===k&&null!=j)&&"none"===r.css(a,"float")&&(i||(m.done(function(){o.display=j}),null==j&&(k=o.display,j="none"===k?"":k)),o.display="inline-block")),c.overflow&&(o.overflow="hidden",m.always(function(){o.overflow=c.overflow[0],o.overflowX=c.overflow[1],o.overflowY=c.overflow[2]})),i=!1;for(d in n)i||(q?"hidden"in q&&(p=q.hidden):q=W.access(a,"fxshow",{display:j}),f&&(q.hidden=!p),p&&ia([a],!0),m.done(function(){p||ia([a]),W.remove(a,"fxshow");for(d in n)r.style(a,d,n[d])})),i=hb(p?q[d]:0,d,m),d in q||(q[d]=i.start,p&&(i.end=i.start,i.start=0))}}function jb(a,b){var c,d,e,f,g;for(c in a)if(d=r.camelCase(c),e=b[d],f=a[c],Array.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=r.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function kb(a,b,c){var d,e,f=0,g=kb.prefilters.length,h=r.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=ab||fb(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;g<i;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),f<1&&i?c:(i||h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:r.extend({},b),opts:r.extend(!0,{specialEasing:{},easing:r.easing._default},c),originalProperties:b,originalOptions:c,startTime:ab||fb(),duration:c.duration,tweens:[],createTween:function(b,c){var d=r.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;c<d;c++)j.tweens[c].run(1);return b?(h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j,b])):h.rejectWith(a,[j,b]),this}}),k=j.props;for(jb(k,j.opts.specialEasing);f<g;f++)if(d=kb.prefilters[f].call(j,a,k,j.opts))return r.isFunction(d.stop)&&(r._queueHooks(j.elem,j.opts.queue).stop=r.proxy(d.stop,d)),d;return r.map(k,hb,j),r.isFunction(j.opts.start)&&j.opts.start.call(a,j),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always),r.fx.timer(r.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j}r.Animation=r.extend(kb,{tweeners:{"*":[function(a,b){var c=this.createTween(a,b);return fa(c.elem,a,ba.exec(b),c),c}]},tweener:function(a,b){r.isFunction(a)?(b=a,a=["*"]):a=a.match(L);for(var c,d=0,e=a.length;d<e;d++)c=a[d],kb.tweeners[c]=kb.tweeners[c]||[],kb.tweeners[c].unshift(b)},prefilters:[ib],prefilter:function(a,b){b?kb.prefilters.unshift(a):kb.prefilters.push(a)}}),r.speed=function(a,b,c){var d=a&&"object"==typeof a?r.extend({},a):{complete:c||!c&&b||r.isFunction(a)&&a,duration:a,easing:c&&b||b&&!r.isFunction(b)&&b};return r.fx.off?d.duration=0:"number"!=typeof d.duration&&(d.duration in r.fx.speeds?d.duration=r.fx.speeds[d.duration]:d.duration=r.fx.speeds._default),null!=d.queue&&d.queue!==!0||(d.queue="fx"),d.old=d.complete,d.complete=function(){r.isFunction(d.old)&&d.old.call(this),d.queue&&r.dequeue(this,d.queue)},d},r.fn.extend({fadeTo:function(a,b,c,d){return this.filter(da).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=r.isEmptyObject(a),f=r.speed(b,c,d),g=function(){var b=kb(this,r.extend({},a),f);(e||W.get(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=r.timers,g=W.get(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&db.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));!b&&c||r.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=W.get(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=r.timers,g=d?d.length:0;for(c.finish=!0,r.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;b<g;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),r.each(["toggle","show","hide"],function(a,b){var c=r.fn[b];r.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(gb(b,!0),a,d,e)}}),r.each({slideDown:gb("show"),slideUp:gb("hide"),slideToggle:gb("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){r.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),r.timers=[],r.fx.tick=function(){var a,b=0,c=r.timers;for(ab=r.now();b<c.length;b++)a=c[b],a()||c[b]!==a||c.splice(b--,1);c.length||r.fx.stop(),ab=void 0},r.fx.timer=function(a){r.timers.push(a),r.fx.start()},r.fx.interval=13,r.fx.start=function(){bb||(bb=!0,eb())},r.fx.stop=function(){bb=null},r.fx.speeds={slow:600,fast:200,_default:400},r.fn.delay=function(b,c){return b=r.fx?r.fx.speeds[b]||b:b,c=c||"fx",this.queue(c,function(c,d){var e=a.setTimeout(c,b);d.stop=function(){a.clearTimeout(e)}})},function(){var a=d.createElement("input"),b=d.createElement("select"),c=b.appendChild(d.createElement("option"));a.type="checkbox",o.checkOn=""!==a.value,o.optSelected=c.selected,a=d.createElement("input"),a.value="t",a.type="radio",o.radioValue="t"===a.value}();var lb,mb=r.expr.attrHandle;r.fn.extend({attr:function(a,b){return T(this,r.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){r.removeAttr(this,a)})}}),r.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?r.prop(a,b,c):(1===f&&r.isXMLDoc(a)||(e=r.attrHooks[b.toLowerCase()]||(r.expr.match.bool.test(b)?lb:void 0)),void 0!==c?null===c?void r.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=r.find.attr(a,b),
+null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!o.radioValue&&"radio"===b&&B(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d=0,e=b&&b.match(L);if(e&&1===a.nodeType)while(c=e[d++])a.removeAttribute(c)}}),lb={set:function(a,b,c){return b===!1?r.removeAttr(a,c):a.setAttribute(c,c),c}},r.each(r.expr.match.bool.source.match(/\w+/g),function(a,b){var c=mb[b]||r.find.attr;mb[b]=function(a,b,d){var e,f,g=b.toLowerCase();return d||(f=mb[g],mb[g]=e,e=null!=c(a,b,d)?g:null,mb[g]=f),e}});var nb=/^(?:input|select|textarea|button)$/i,ob=/^(?:a|area)$/i;r.fn.extend({prop:function(a,b){return T(this,r.prop,a,b,arguments.length>1)},removeProp:function(a){return this.each(function(){delete this[r.propFix[a]||a]})}}),r.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&r.isXMLDoc(a)||(b=r.propFix[b]||b,e=r.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=r.find.attr(a,"tabindex");return b?parseInt(b,10):nb.test(a.nodeName)||ob.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),o.optSelected||(r.propHooks.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){r.propFix[this.toLowerCase()]=this});function pb(a){var b=a.match(L)||[];return b.join(" ")}function qb(a){return a.getAttribute&&a.getAttribute("class")||""}r.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(r.isFunction(a))return this.each(function(b){r(this).addClass(a.call(this,b,qb(this)))});if("string"==typeof a&&a){b=a.match(L)||[];while(c=this[i++])if(e=qb(c),d=1===c.nodeType&&" "+pb(e)+" "){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=pb(d),e!==h&&c.setAttribute("class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(r.isFunction(a))return this.each(function(b){r(this).removeClass(a.call(this,b,qb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(L)||[];while(c=this[i++])if(e=qb(c),d=1===c.nodeType&&" "+pb(e)+" "){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=pb(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):r.isFunction(a)?this.each(function(c){r(this).toggleClass(a.call(this,c,qb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=r(this),f=a.match(L)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=qb(this),b&&W.set(this,"__className__",b),this.setAttribute&&this.setAttribute("class",b||a===!1?"":W.get(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+pb(qb(c))+" ").indexOf(b)>-1)return!0;return!1}});var rb=/\r/g;r.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=r.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,r(this).val()):a,null==e?e="":"number"==typeof e?e+="":Array.isArray(e)&&(e=r.map(e,function(a){return null==a?"":a+""})),b=r.valHooks[this.type]||r.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=r.valHooks[e.type]||r.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(rb,""):null==c?"":c)}}}),r.extend({valHooks:{option:{get:function(a){var b=r.find.attr(a,"value");return null!=b?b:pb(r.text(a))}},select:{get:function(a){var b,c,d,e=a.options,f=a.selectedIndex,g="select-one"===a.type,h=g?null:[],i=g?f+1:e.length;for(d=f<0?i:g?f:0;d<i;d++)if(c=e[d],(c.selected||d===f)&&!c.disabled&&(!c.parentNode.disabled||!B(c.parentNode,"optgroup"))){if(b=r(c).val(),g)return b;h.push(b)}return h},set:function(a,b){var c,d,e=a.options,f=r.makeArray(b),g=e.length;while(g--)d=e[g],(d.selected=r.inArray(r.valHooks.option.get(d),f)>-1)&&(c=!0);return c||(a.selectedIndex=-1),f}}}}),r.each(["radio","checkbox"],function(){r.valHooks[this]={set:function(a,b){if(Array.isArray(b))return a.checked=r.inArray(r(a).val(),b)>-1}},o.checkOn||(r.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var sb=/^(?:focusinfocus|focusoutblur)$/;r.extend(r.event,{trigger:function(b,c,e,f){var g,h,i,j,k,m,n,o=[e||d],p=l.call(b,"type")?b.type:b,q=l.call(b,"namespace")?b.namespace.split("."):[];if(h=i=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!sb.test(p+r.event.triggered)&&(p.indexOf(".")>-1&&(q=p.split("."),p=q.shift(),q.sort()),k=p.indexOf(":")<0&&"on"+p,b=b[r.expando]?b:new r.Event(p,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=q.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+q.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:r.makeArray(c,[b]),n=r.event.special[p]||{},f||!n.trigger||n.trigger.apply(e,c)!==!1)){if(!f&&!n.noBubble&&!r.isWindow(e)){for(j=n.delegateType||p,sb.test(j+p)||(h=h.parentNode);h;h=h.parentNode)o.push(h),i=h;i===(e.ownerDocument||d)&&o.push(i.defaultView||i.parentWindow||a)}g=0;while((h=o[g++])&&!b.isPropagationStopped())b.type=g>1?j:n.bindType||p,m=(W.get(h,"events")||{})[b.type]&&W.get(h,"handle"),m&&m.apply(h,c),m=k&&h[k],m&&m.apply&&U(h)&&(b.result=m.apply(h,c),b.result===!1&&b.preventDefault());return b.type=p,f||b.isDefaultPrevented()||n._default&&n._default.apply(o.pop(),c)!==!1||!U(e)||k&&r.isFunction(e[p])&&!r.isWindow(e)&&(i=e[k],i&&(e[k]=null),r.event.triggered=p,e[p](),r.event.triggered=void 0,i&&(e[k]=i)),b.result}},simulate:function(a,b,c){var d=r.extend(new r.Event,c,{type:a,isSimulated:!0});r.event.trigger(d,null,b)}}),r.fn.extend({trigger:function(a,b){return this.each(function(){r.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];if(c)return r.event.trigger(a,b,c,!0)}}),r.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(a,b){r.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),r.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}}),o.focusin="onfocusin"in a,o.focusin||r.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){r.event.simulate(b,a.target,r.event.fix(a))};r.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=W.access(d,b);e||d.addEventListener(a,c,!0),W.access(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=W.access(d,b)-1;e?W.access(d,b,e):(d.removeEventListener(a,c,!0),W.remove(d,b))}}});var tb=a.location,ub=r.now(),vb=/\?/;r.parseXML=function(b){var c;if(!b||"string"!=typeof b)return null;try{c=(new a.DOMParser).parseFromString(b,"text/xml")}catch(d){c=void 0}return c&&!c.getElementsByTagName("parsererror").length||r.error("Invalid XML: "+b),c};var wb=/\[\]$/,xb=/\r?\n/g,yb=/^(?:submit|button|image|reset|file)$/i,zb=/^(?:input|select|textarea|keygen)/i;function Ab(a,b,c,d){var e;if(Array.isArray(b))r.each(b,function(b,e){c||wb.test(a)?d(a,e):Ab(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==r.type(b))d(a,b);else for(e in b)Ab(a+"["+e+"]",b[e],c,d)}r.param=function(a,b){var c,d=[],e=function(a,b){var c=r.isFunction(b)?b():b;d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(null==c?"":c)};if(Array.isArray(a)||a.jquery&&!r.isPlainObject(a))r.each(a,function(){e(this.name,this.value)});else for(c in a)Ab(c,a[c],b,e);return d.join("&")},r.fn.extend({serialize:function(){return r.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=r.prop(this,"elements");return a?r.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!r(this).is(":disabled")&&zb.test(this.nodeName)&&!yb.test(a)&&(this.checked||!ja.test(a))}).map(function(a,b){var c=r(this).val();return null==c?null:Array.isArray(c)?r.map(c,function(a){return{name:b.name,value:a.replace(xb,"\r\n")}}):{name:b.name,value:c.replace(xb,"\r\n")}}).get()}});var Bb=/%20/g,Cb=/#.*$/,Db=/([?&])_=[^&]*/,Eb=/^(.*?):[ \t]*([^\r\n]*)$/gm,Fb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Gb=/^(?:GET|HEAD)$/,Hb=/^\/\//,Ib={},Jb={},Kb="*/".concat("*"),Lb=d.createElement("a");Lb.href=tb.href;function Mb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(L)||[];if(r.isFunction(c))while(d=f[e++])"+"===d[0]?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Nb(a,b,c,d){var e={},f=a===Jb;function g(h){var i;return e[h]=!0,r.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Ob(a,b){var c,d,e=r.ajaxSettings.flatOptions||{};for(c in b)void 0!==b[c]&&((e[c]?a:d||(d={}))[c]=b[c]);return d&&r.extend(!0,a,d),a}function Pb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===d&&(d=a.mimeType||b.getResponseHeader("Content-Type"));if(d)for(e in h)if(h[e]&&h[e].test(d)){i.unshift(e);break}if(i[0]in c)f=i[0];else{for(e in c){if(!i[0]||a.converters[e+" "+i[0]]){f=e;break}g||(g=e)}f=f||g}if(f)return f!==i[0]&&i.unshift(f),c[f]}function Qb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}r.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:tb.href,type:"GET",isLocal:Fb.test(tb.protocol),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Kb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":JSON.parse,"text xml":r.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Ob(Ob(a,r.ajaxSettings),b):Ob(r.ajaxSettings,a)},ajaxPrefilter:Mb(Ib),ajaxTransport:Mb(Jb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var e,f,g,h,i,j,k,l,m,n,o=r.ajaxSetup({},c),p=o.context||o,q=o.context&&(p.nodeType||p.jquery)?r(p):r.event,s=r.Deferred(),t=r.Callbacks("once memory"),u=o.statusCode||{},v={},w={},x="canceled",y={readyState:0,getResponseHeader:function(a){var b;if(k){if(!h){h={};while(b=Eb.exec(g))h[b[1].toLowerCase()]=b[2]}b=h[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return k?g:null},setRequestHeader:function(a,b){return null==k&&(a=w[a.toLowerCase()]=w[a.toLowerCase()]||a,v[a]=b),this},overrideMimeType:function(a){return null==k&&(o.mimeType=a),this},statusCode:function(a){var b;if(a)if(k)y.always(a[y.status]);else for(b in a)u[b]=[u[b],a[b]];return this},abort:function(a){var b=a||x;return e&&e.abort(b),A(0,b),this}};if(s.promise(y),o.url=((b||o.url||tb.href)+"").replace(Hb,tb.protocol+"//"),o.type=c.method||c.type||o.method||o.type,o.dataTypes=(o.dataType||"*").toLowerCase().match(L)||[""],null==o.crossDomain){j=d.createElement("a");try{j.href=o.url,j.href=j.href,o.crossDomain=Lb.protocol+"//"+Lb.host!=j.protocol+"//"+j.host}catch(z){o.crossDomain=!0}}if(o.data&&o.processData&&"string"!=typeof o.data&&(o.data=r.param(o.data,o.traditional)),Nb(Ib,o,c,y),k)return y;l=r.event&&o.global,l&&0===r.active++&&r.event.trigger("ajaxStart"),o.type=o.type.toUpperCase(),o.hasContent=!Gb.test(o.type),f=o.url.replace(Cb,""),o.hasContent?o.data&&o.processData&&0===(o.contentType||"").indexOf("application/x-www-form-urlencoded")&&(o.data=o.data.replace(Bb,"+")):(n=o.url.slice(f.length),o.data&&(f+=(vb.test(f)?"&":"?")+o.data,delete o.data),o.cache===!1&&(f=f.replace(Db,"$1"),n=(vb.test(f)?"&":"?")+"_="+ub++ +n),o.url=f+n),o.ifModified&&(r.lastModified[f]&&y.setRequestHeader("If-Modified-Since",r.lastModified[f]),r.etag[f]&&y.setRequestHeader("If-None-Match",r.etag[f])),(o.data&&o.hasContent&&o.contentType!==!1||c.contentType)&&y.setRequestHeader("Content-Type",o.contentType),y.setRequestHeader("Accept",o.dataTypes[0]&&o.accepts[o.dataTypes[0]]?o.accepts[o.dataTypes[0]]+("*"!==o.dataTypes[0]?", "+Kb+"; q=0.01":""):o.accepts["*"]);for(m in o.headers)y.setRequestHeader(m,o.headers[m]);if(o.beforeSend&&(o.beforeSend.call(p,y,o)===!1||k))return y.abort();if(x="abort",t.add(o.complete),y.done(o.success),y.fail(o.error),e=Nb(Jb,o,c,y)){if(y.readyState=1,l&&q.trigger("ajaxSend",[y,o]),k)return y;o.async&&o.timeout>0&&(i=a.setTimeout(function(){y.abort("timeout")},o.timeout));try{k=!1,e.send(v,A)}catch(z){if(k)throw z;A(-1,z)}}else A(-1,"No Transport");function A(b,c,d,h){var j,m,n,v,w,x=c;k||(k=!0,i&&a.clearTimeout(i),e=void 0,g=h||"",y.readyState=b>0?4:0,j=b>=200&&b<300||304===b,d&&(v=Pb(o,y,d)),v=Qb(o,v,y,j),j?(o.ifModified&&(w=y.getResponseHeader("Last-Modified"),w&&(r.lastModified[f]=w),w=y.getResponseHeader("etag"),w&&(r.etag[f]=w)),204===b||"HEAD"===o.type?x="nocontent":304===b?x="notmodified":(x=v.state,m=v.data,n=v.error,j=!n)):(n=x,!b&&x||(x="error",b<0&&(b=0))),y.status=b,y.statusText=(c||x)+"",j?s.resolveWith(p,[m,x,y]):s.rejectWith(p,[y,x,n]),y.statusCode(u),u=void 0,l&&q.trigger(j?"ajaxSuccess":"ajaxError",[y,o,j?m:n]),t.fireWith(p,[y,x]),l&&(q.trigger("ajaxComplete",[y,o]),--r.active||r.event.trigger("ajaxStop")))}return y},getJSON:function(a,b,c){return r.get(a,b,c,"json")},getScript:function(a,b){return r.get(a,void 0,b,"script")}}),r.each(["get","post"],function(a,b){r[b]=function(a,c,d,e){return r.isFunction(c)&&(e=e||d,d=c,c=void 0),r.ajax(r.extend({url:a,type:b,dataType:e,data:c,success:d},r.isPlainObject(a)&&a))}}),r._evalUrl=function(a){return r.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},r.fn.extend({wrapAll:function(a){var b;return this[0]&&(r.isFunction(a)&&(a=a.call(this[0])),b=r(a,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstElementChild)a=a.firstElementChild;return a}).append(this)),this},wrapInner:function(a){return r.isFunction(a)?this.each(function(b){r(this).wrapInner(a.call(this,b))}):this.each(function(){var b=r(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=r.isFunction(a);return this.each(function(c){r(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(a){return this.parent(a).not("body").each(function(){r(this).replaceWith(this.childNodes)}),this}}),r.expr.pseudos.hidden=function(a){return!r.expr.pseudos.visible(a)},r.expr.pseudos.visible=function(a){return!!(a.offsetWidth||a.offsetHeight||a.getClientRects().length)},r.ajaxSettings.xhr=function(){try{return new a.XMLHttpRequest}catch(b){}};var Rb={0:200,1223:204},Sb=r.ajaxSettings.xhr();o.cors=!!Sb&&"withCredentials"in Sb,o.ajax=Sb=!!Sb,r.ajaxTransport(function(b){var c,d;if(o.cors||Sb&&!b.crossDomain)return{send:function(e,f){var g,h=b.xhr();if(h.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(g in b.xhrFields)h[g]=b.xhrFields[g];b.mimeType&&h.overrideMimeType&&h.overrideMimeType(b.mimeType),b.crossDomain||e["X-Requested-With"]||(e["X-Requested-With"]="XMLHttpRequest");for(g in e)h.setRequestHeader(g,e[g]);c=function(a){return function(){c&&(c=d=h.onload=h.onerror=h.onabort=h.onreadystatechange=null,"abort"===a?h.abort():"error"===a?"number"!=typeof h.status?f(0,"error"):f(h.status,h.statusText):f(Rb[h.status]||h.status,h.statusText,"text"!==(h.responseType||"text")||"string"!=typeof h.responseText?{binary:h.response}:{text:h.responseText},h.getAllResponseHeaders()))}},h.onload=c(),d=h.onerror=c("error"),void 0!==h.onabort?h.onabort=d:h.onreadystatechange=function(){4===h.readyState&&a.setTimeout(function(){c&&d()})},c=c("abort");try{h.send(b.hasContent&&b.data||null)}catch(i){if(c)throw i}},abort:function(){c&&c()}}}),r.ajaxPrefilter(function(a){a.crossDomain&&(a.contents.script=!1)}),r.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return r.globalEval(a),a}}}),r.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET")}),r.ajaxTransport("script",function(a){if(a.crossDomain){var b,c;return{send:function(e,f){b=r("<script>").prop({charset:a.scriptCharset,src:a.url}).on("load error",c=function(a){b.remove(),c=null,a&&f("error"===a.type?404:200,a.type)}),d.head.appendChild(b[0])},abort:function(){c&&c()}}}});var Tb=[],Ub=/(=)\?(?=&|$)|\?\?/;r.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=Tb.pop()||r.expando+"_"+ub++;return this[a]=!0,a}}),r.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(Ub.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ub.test(b.data)&&"data");if(h||"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(Ub,"$1"+e):b.jsonp!==!1&&(b.url+=(vb.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||r.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){void 0===f?r(a).removeProp(e):a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,Tb.push(e)),g&&r.isFunction(f)&&f(g[0]),g=f=void 0}),"script"}),o.createHTMLDocument=function(){var a=d.implementation.createHTMLDocument("").body;return a.innerHTML="<form></form><form></form>",2===a.childNodes.length}(),r.parseHTML=function(a,b,c){if("string"!=typeof a)return[];"boolean"==typeof b&&(c=b,b=!1);var e,f,g;return b||(o.createHTMLDocument?(b=d.implementation.createHTMLDocument(""),e=b.createElement("base"),e.href=d.location.href,b.head.appendChild(e)):b=d),f=C.exec(a),g=!c&&[],f?[b.createElement(f[1])]:(f=qa([a],b,g),g&&g.length&&r(g).remove(),r.merge([],f.childNodes))},r.fn.load=function(a,b,c){var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=pb(a.slice(h)),a=a.slice(0,h)),r.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&r.ajax({url:a,type:e||"GET",dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?r("<div>").append(r.parseHTML(a)).find(d):a)}).always(c&&function(a,b){g.each(function(){c.apply(this,f||[a.responseText,b,a])})}),this},r.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){r.fn[b]=function(a){return this.on(b,a)}}),r.expr.pseudos.animated=function(a){return r.grep(r.timers,function(b){return a===b.elem}).length},r.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=r.css(a,"position"),l=r(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=r.css(a,"top"),i=r.css(a,"left"),j=("absolute"===k||"fixed"===k)&&(f+i).indexOf("auto")>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),r.isFunction(b)&&(b=b.call(a,c,r.extend({},h))),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},r.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){r.offset.setOffset(this,a,b)});var b,c,d,e,f=this[0];if(f)return f.getClientRects().length?(d=f.getBoundingClientRect(),b=f.ownerDocument,c=b.documentElement,e=b.defaultView,{top:d.top+e.pageYOffset-c.clientTop,left:d.left+e.pageXOffset-c.clientLeft}):{top:0,left:0}},position:function(){if(this[0]){var a,b,c=this[0],d={top:0,left:0};return"fixed"===r.css(c,"position")?b=c.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),B(a[0],"html")||(d=a.offset()),d={top:d.top+r.css(a[0],"borderTopWidth",!0),left:d.left+r.css(a[0],"borderLeftWidth",!0)}),{top:b.top-d.top-r.css(c,"marginTop",!0),left:b.left-d.left-r.css(c,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent;while(a&&"static"===r.css(a,"position"))a=a.offsetParent;return a||ra})}}),r.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,b){var c="pageYOffset"===b;r.fn[a]=function(d){return T(this,function(a,d,e){var f;return r.isWindow(a)?f=a:9===a.nodeType&&(f=a.defaultView),void 0===e?f?f[b]:a[d]:void(f?f.scrollTo(c?f.pageXOffset:e,c?e:f.pageYOffset):a[d]=e)},a,d,arguments.length)}}),r.each(["top","left"],function(a,b){r.cssHooks[b]=Pa(o.pixelPosition,function(a,c){if(c)return c=Oa(a,b),Ma.test(c)?r(a).position()[b]+"px":c})}),r.each({Height:"height",Width:"width"},function(a,b){r.each({padding:"inner"+a,content:b,"":"outer"+a},function(c,d){r.fn[d]=function(e,f){var g=arguments.length&&(c||"boolean"!=typeof e),h=c||(e===!0||f===!0?"margin":"border");return T(this,function(b,c,e){var f;return r.isWindow(b)?0===d.indexOf("outer")?b["inner"+a]:b.document.documentElement["client"+a]:9===b.nodeType?(f=b.documentElement,Math.max(b.body["scroll"+a],f["scroll"+a],b.body["offset"+a],f["offset"+a],f["client"+a])):void 0===e?r.css(b,c,h):r.style(b,c,e,h)},b,g?e:void 0,g)}})}),r.fn.extend({bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}}),r.holdReady=function(a){a?r.readyWait++:r.ready(!0)},r.isArray=Array.isArray,r.parseJSON=JSON.parse,r.nodeName=B,"function"==typeof define&&define.amd&&define("jquery",[],function(){return r});var Vb=a.jQuery,Wb=a.$;return r.noConflict=function(b){return a.$===r&&(a.$=Wb),b&&a.jQuery===r&&(a.jQuery=Vb),r},b||(a.jQuery=a.$=r),r});
diff --git a/docs/html/_static/language_data.js b/docs/html/_static/language_data.js
new file mode 100644
index 0000000..5266fb1
--- /dev/null
+++ b/docs/html/_static/language_data.js
@@ -0,0 +1,297 @@
+/*
+ * language_data.js
+ * ~~~~~~~~~~~~~~~~
+ *
+ * This script contains the language-specific data used by searchtools.js,
+ * namely the list of stopwords, stemmer, scorer and splitter.
+ *
+ * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+var stopwords = ["a","and","are","as","at","be","but","by","for","if","in","into","is","it","near","no","not","of","on","or","such","that","the","their","then","there","these","they","this","to","was","will","with"];
+
+
+/* Non-minified version JS is _stemmer.js if file is provided */ 
+/**
+ * Porter Stemmer
+ */
+var Stemmer = function() {
+
+  var step2list = {
+    ational: 'ate',
+    tional: 'tion',
+    enci: 'ence',
+    anci: 'ance',
+    izer: 'ize',
+    bli: 'ble',
+    alli: 'al',
+    entli: 'ent',
+    eli: 'e',
+    ousli: 'ous',
+    ization: 'ize',
+    ation: 'ate',
+    ator: 'ate',
+    alism: 'al',
+    iveness: 'ive',
+    fulness: 'ful',
+    ousness: 'ous',
+    aliti: 'al',
+    iviti: 'ive',
+    biliti: 'ble',
+    logi: 'log'
+  };
+
+  var step3list = {
+    icate: 'ic',
+    ative: '',
+    alize: 'al',
+    iciti: 'ic',
+    ical: 'ic',
+    ful: '',
+    ness: ''
+  };
+
+  var c = "[^aeiou]";          // consonant
+  var v = "[aeiouy]";          // vowel
+  var C = c + "[^aeiouy]*";    // consonant sequence
+  var V = v + "[aeiou]*";      // vowel sequence
+
+  var mgr0 = "^(" + C + ")?" + V + C;                      // [C]VC... is m>0
+  var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$";    // [C]VC[V] is m=1
+  var mgr1 = "^(" + C + ")?" + V + C + V + C;              // [C]VCVC... is m>1
+  var s_v   = "^(" + C + ")?" + v;                         // vowel in stem
+
+  this.stemWord = function (w) {
+    var stem;
+    var suffix;
+    var firstch;
+    var origword = w;
+
+    if (w.length < 3)
+      return w;
+
+    var re;
+    var re2;
+    var re3;
+    var re4;
+
+    firstch = w.substr(0,1);
+    if (firstch == "y")
+      w = firstch.toUpperCase() + w.substr(1);
+
+    // Step 1a
+    re = /^(.+?)(ss|i)es$/;
+    re2 = /^(.+?)([^s])s$/;
+
+    if (re.test(w))
+      w = w.replace(re,"$1$2");
+    else if (re2.test(w))
+      w = w.replace(re2,"$1$2");
+
+    // Step 1b
+    re = /^(.+?)eed$/;
+    re2 = /^(.+?)(ed|ing)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      re = new RegExp(mgr0);
+      if (re.test(fp[1])) {
+        re = /.$/;
+        w = w.replace(re,"");
+      }
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1];
+      re2 = new RegExp(s_v);
+      if (re2.test(stem)) {
+        w = stem;
+        re2 = /(at|bl|iz)$/;
+        re3 = new RegExp("([^aeiouylsz])\\1$");
+        re4 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+        if (re2.test(w))
+          w = w + "e";
+        else if (re3.test(w)) {
+          re = /.$/;
+          w = w.replace(re,"");
+        }
+        else if (re4.test(w))
+          w = w + "e";
+      }
+    }
+
+    // Step 1c
+    re = /^(.+?)y$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(s_v);
+      if (re.test(stem))
+        w = stem + "i";
+    }
+
+    // Step 2
+    re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step2list[suffix];
+    }
+
+    // Step 3
+    re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step3list[suffix];
+    }
+
+    // Step 4
+    re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/;
+    re2 = /^(.+?)(s|t)(ion)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      if (re.test(stem))
+        w = stem;
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1] + fp[2];
+      re2 = new RegExp(mgr1);
+      if (re2.test(stem))
+        w = stem;
+    }
+
+    // Step 5
+    re = /^(.+?)e$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      re2 = new RegExp(meq1);
+      re3 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+      if (re.test(stem) || (re2.test(stem) && !(re3.test(stem))))
+        w = stem;
+    }
+    re = /ll$/;
+    re2 = new RegExp(mgr1);
+    if (re.test(w) && re2.test(w)) {
+      re = /.$/;
+      w = w.replace(re,"");
+    }
+
+    // and turn initial Y back to y
+    if (firstch == "y")
+      w = firstch.toLowerCase() + w.substr(1);
+    return w;
+  }
+}
+
+
+
+
+
+var splitChars = (function() {
+    var result = {};
+    var singles = [96, 180, 187, 191, 215, 247, 749, 885, 903, 907, 909, 930, 1014, 1648,
+         1748, 1809, 2416, 2473, 2481, 2526, 2601, 2609, 2612, 2615, 2653, 2702,
+         2706, 2729, 2737, 2740, 2857, 2865, 2868, 2910, 2928, 2948, 2961, 2971,
+         2973, 3085, 3089, 3113, 3124, 3213, 3217, 3241, 3252, 3295, 3341, 3345,
+         3369, 3506, 3516, 3633, 3715, 3721, 3736, 3744, 3748, 3750, 3756, 3761,
+         3781, 3912, 4239, 4347, 4681, 4695, 4697, 4745, 4785, 4799, 4801, 4823,
+         4881, 5760, 5901, 5997, 6313, 7405, 8024, 8026, 8028, 8030, 8117, 8125,
+         8133, 8181, 8468, 8485, 8487, 8489, 8494, 8527, 11311, 11359, 11687, 11695,
+         11703, 11711, 11719, 11727, 11735, 12448, 12539, 43010, 43014, 43019, 43587,
+         43696, 43713, 64286, 64297, 64311, 64317, 64319, 64322, 64325, 65141];
+    var i, j, start, end;
+    for (i = 0; i < singles.length; i++) {
+        result[singles[i]] = true;
+    }
+    var ranges = [[0, 47], [58, 64], [91, 94], [123, 169], [171, 177], [182, 184], [706, 709],
+         [722, 735], [741, 747], [751, 879], [888, 889], [894, 901], [1154, 1161],
+         [1318, 1328], [1367, 1368], [1370, 1376], [1416, 1487], [1515, 1519], [1523, 1568],
+         [1611, 1631], [1642, 1645], [1750, 1764], [1767, 1773], [1789, 1790], [1792, 1807],
+         [1840, 1868], [1958, 1968], [1970, 1983], [2027, 2035], [2038, 2041], [2043, 2047],
+         [2070, 2073], [2075, 2083], [2085, 2087], [2089, 2307], [2362, 2364], [2366, 2383],
+         [2385, 2391], [2402, 2405], [2419, 2424], [2432, 2436], [2445, 2446], [2449, 2450],
+         [2483, 2485], [2490, 2492], [2494, 2509], [2511, 2523], [2530, 2533], [2546, 2547],
+         [2554, 2564], [2571, 2574], [2577, 2578], [2618, 2648], [2655, 2661], [2672, 2673],
+         [2677, 2692], [2746, 2748], [2750, 2767], [2769, 2783], [2786, 2789], [2800, 2820],
+         [2829, 2830], [2833, 2834], [2874, 2876], [2878, 2907], [2914, 2917], [2930, 2946],
+         [2955, 2957], [2966, 2968], [2976, 2978], [2981, 2983], [2987, 2989], [3002, 3023],
+         [3025, 3045], [3059, 3076], [3130, 3132], [3134, 3159], [3162, 3167], [3170, 3173],
+         [3184, 3191], [3199, 3204], [3258, 3260], [3262, 3293], [3298, 3301], [3312, 3332],
+         [3386, 3388], [3390, 3423], [3426, 3429], [3446, 3449], [3456, 3460], [3479, 3481],
+         [3518, 3519], [3527, 3584], [3636, 3647], [3655, 3663], [3674, 3712], [3717, 3718],
+         [3723, 3724], [3726, 3731], [3752, 3753], [3764, 3772], [3774, 3775], [3783, 3791],
+         [3802, 3803], [3806, 3839], [3841, 3871], [3892, 3903], [3949, 3975], [3980, 4095],
+         [4139, 4158], [4170, 4175], [4182, 4185], [4190, 4192], [4194, 4196], [4199, 4205],
+         [4209, 4212], [4226, 4237], [4250, 4255], [4294, 4303], [4349, 4351], [4686, 4687],
+         [4702, 4703], [4750, 4751], [4790, 4791], [4806, 4807], [4886, 4887], [4955, 4968],
+         [4989, 4991], [5008, 5023], [5109, 5120], [5741, 5742], [5787, 5791], [5867, 5869],
+         [5873, 5887], [5906, 5919], [5938, 5951], [5970, 5983], [6001, 6015], [6068, 6102],
+         [6104, 6107], [6109, 6111], [6122, 6127], [6138, 6159], [6170, 6175], [6264, 6271],
+         [6315, 6319], [6390, 6399], [6429, 6469], [6510, 6511], [6517, 6527], [6572, 6592],
+         [6600, 6607], [6619, 6655], [6679, 6687], [6741, 6783], [6794, 6799], [6810, 6822],
+         [6824, 6916], [6964, 6980], [6988, 6991], [7002, 7042], [7073, 7085], [7098, 7167],
+         [7204, 7231], [7242, 7244], [7294, 7400], [7410, 7423], [7616, 7679], [7958, 7959],
+         [7966, 7967], [8006, 8007], [8014, 8015], [8062, 8063], [8127, 8129], [8141, 8143],
+         [8148, 8149], [8156, 8159], [8173, 8177], [8189, 8303], [8306, 8307], [8314, 8318],
+         [8330, 8335], [8341, 8449], [8451, 8454], [8456, 8457], [8470, 8472], [8478, 8483],
+         [8506, 8507], [8512, 8516], [8522, 8525], [8586, 9311], [9372, 9449], [9472, 10101],
+         [10132, 11263], [11493, 11498], [11503, 11516], [11518, 11519], [11558, 11567],
+         [11622, 11630], [11632, 11647], [11671, 11679], [11743, 11822], [11824, 12292],
+         [12296, 12320], [12330, 12336], [12342, 12343], [12349, 12352], [12439, 12444],
+         [12544, 12548], [12590, 12592], [12687, 12689], [12694, 12703], [12728, 12783],
+         [12800, 12831], [12842, 12880], [12896, 12927], [12938, 12976], [12992, 13311],
+         [19894, 19967], [40908, 40959], [42125, 42191], [42238, 42239], [42509, 42511],
+         [42540, 42559], [42592, 42593], [42607, 42622], [42648, 42655], [42736, 42774],
+         [42784, 42785], [42889, 42890], [42893, 43002], [43043, 43055], [43062, 43071],
+         [43124, 43137], [43188, 43215], [43226, 43249], [43256, 43258], [43260, 43263],
+         [43302, 43311], [43335, 43359], [43389, 43395], [43443, 43470], [43482, 43519],
+         [43561, 43583], [43596, 43599], [43610, 43615], [43639, 43641], [43643, 43647],
+         [43698, 43700], [43703, 43704], [43710, 43711], [43715, 43738], [43742, 43967],
+         [44003, 44015], [44026, 44031], [55204, 55215], [55239, 55242], [55292, 55295],
+         [57344, 63743], [64046, 64047], [64110, 64111], [64218, 64255], [64263, 64274],
+         [64280, 64284], [64434, 64466], [64830, 64847], [64912, 64913], [64968, 65007],
+         [65020, 65135], [65277, 65295], [65306, 65312], [65339, 65344], [65371, 65381],
+         [65471, 65473], [65480, 65481], [65488, 65489], [65496, 65497]];
+    for (i = 0; i < ranges.length; i++) {
+        start = ranges[i][0];
+        end = ranges[i][1];
+        for (j = start; j <= end; j++) {
+            result[j] = true;
+        }
+    }
+    return result;
+})();
+
+function splitQuery(query) {
+    var result = [];
+    var start = -1;
+    for (var i = 0; i < query.length; i++) {
+        if (splitChars[query.charCodeAt(i)]) {
+            if (start !== -1) {
+                result.push(query.slice(start, i));
+                start = -1;
+            }
+        } else if (start === -1) {
+            start = i;
+        }
+    }
+    if (start !== -1) {
+        result.push(query.slice(start));
+    }
+    return result;
+}
+
+
diff --git a/docs/html/_static/minus.png b/docs/html/_static/minus.png
new file mode 100644
index 0000000..d96755f
--- /dev/null
+++ b/docs/html/_static/minus.png
Binary files differ
diff --git a/docs/html/_static/plus.png b/docs/html/_static/plus.png
new file mode 100644
index 0000000..7107cec
--- /dev/null
+++ b/docs/html/_static/plus.png
Binary files differ
diff --git a/docs/html/_static/pygments.css b/docs/html/_static/pygments.css
new file mode 100644
index 0000000..20c4814
--- /dev/null
+++ b/docs/html/_static/pygments.css
@@ -0,0 +1,69 @@
+.highlight .hll { background-color: #ffffcc }
+.highlight  { background: #eeffcc; }
+.highlight .c { color: #408090; font-style: italic } /* Comment */
+.highlight .err { border: 1px solid #FF0000 } /* Error */
+.highlight .k { color: #007020; font-weight: bold } /* Keyword */
+.highlight .o { color: #666666 } /* Operator */
+.highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */
+.highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */
+.highlight .cp { color: #007020 } /* Comment.Preproc */
+.highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */
+.highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */
+.highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */
+.highlight .gd { color: #A00000 } /* Generic.Deleted */
+.highlight .ge { font-style: italic } /* Generic.Emph */
+.highlight .gr { color: #FF0000 } /* Generic.Error */
+.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
+.highlight .gi { color: #00A000 } /* Generic.Inserted */
+.highlight .go { color: #333333 } /* Generic.Output */
+.highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */
+.highlight .gs { font-weight: bold } /* Generic.Strong */
+.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
+.highlight .gt { color: #0044DD } /* Generic.Traceback */
+.highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */
+.highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */
+.highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */
+.highlight .kp { color: #007020 } /* Keyword.Pseudo */
+.highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */
+.highlight .kt { color: #902000 } /* Keyword.Type */
+.highlight .m { color: #208050 } /* Literal.Number */
+.highlight .s { color: #4070a0 } /* Literal.String */
+.highlight .na { color: #4070a0 } /* Name.Attribute */
+.highlight .nb { color: #007020 } /* Name.Builtin */
+.highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */
+.highlight .no { color: #60add5 } /* Name.Constant */
+.highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */
+.highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */
+.highlight .ne { color: #007020 } /* Name.Exception */
+.highlight .nf { color: #06287e } /* Name.Function */
+.highlight .nl { color: #002070; font-weight: bold } /* Name.Label */
+.highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */
+.highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */
+.highlight .nv { color: #bb60d5 } /* Name.Variable */
+.highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */
+.highlight .w { color: #bbbbbb } /* Text.Whitespace */
+.highlight .mb { color: #208050 } /* Literal.Number.Bin */
+.highlight .mf { color: #208050 } /* Literal.Number.Float */
+.highlight .mh { color: #208050 } /* Literal.Number.Hex */
+.highlight .mi { color: #208050 } /* Literal.Number.Integer */
+.highlight .mo { color: #208050 } /* Literal.Number.Oct */
+.highlight .sa { color: #4070a0 } /* Literal.String.Affix */
+.highlight .sb { color: #4070a0 } /* Literal.String.Backtick */
+.highlight .sc { color: #4070a0 } /* Literal.String.Char */
+.highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */
+.highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */
+.highlight .s2 { color: #4070a0 } /* Literal.String.Double */
+.highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */
+.highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */
+.highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */
+.highlight .sx { color: #c65d09 } /* Literal.String.Other */
+.highlight .sr { color: #235388 } /* Literal.String.Regex */
+.highlight .s1 { color: #4070a0 } /* Literal.String.Single */
+.highlight .ss { color: #517918 } /* Literal.String.Symbol */
+.highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */
+.highlight .fm { color: #06287e } /* Name.Function.Magic */
+.highlight .vc { color: #bb60d5 } /* Name.Variable.Class */
+.highlight .vg { color: #bb60d5 } /* Name.Variable.Global */
+.highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */
+.highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */
+.highlight .il { color: #208050 } /* Literal.Number.Integer.Long */
\ No newline at end of file
diff --git a/docs/html/_static/searchtools.js b/docs/html/_static/searchtools.js
new file mode 100644
index 0000000..5ff3180
--- /dev/null
+++ b/docs/html/_static/searchtools.js
@@ -0,0 +1,481 @@
+/*
+ * searchtools.js
+ * ~~~~~~~~~~~~~~~~
+ *
+ * Sphinx JavaScript utilities for the full-text search.
+ *
+ * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+if (!Scorer) {
+  /**
+   * Simple result scoring code.
+   */
+  var Scorer = {
+    // Implement the following function to further tweak the score for each result
+    // The function takes a result array [filename, title, anchor, descr, score]
+    // and returns the new score.
+    /*
+    score: function(result) {
+      return result[4];
+    },
+    */
+
+    // query matches the full name of an object
+    objNameMatch: 11,
+    // or matches in the last dotted part of the object name
+    objPartialMatch: 6,
+    // Additive scores depending on the priority of the object
+    objPrio: {0:  15,   // used to be importantResults
+              1:  5,   // used to be objectResults
+              2: -5},  // used to be unimportantResults
+    //  Used when the priority is not in the mapping.
+    objPrioDefault: 0,
+
+    // query found in title
+    title: 15,
+    // query found in terms
+    term: 5
+  };
+}
+
+if (!splitQuery) {
+  function splitQuery(query) {
+    return query.split(/\s+/);
+  }
+}
+
+/**
+ * Search Module
+ */
+var Search = {
+
+  _index : null,
+  _queued_query : null,
+  _pulse_status : -1,
+
+  init : function() {
+      var params = $.getQueryParameters();
+      if (params.q) {
+          var query = params.q[0];
+          $('input[name="q"]')[0].value = query;
+          this.performSearch(query);
+      }
+  },
+
+  loadIndex : function(url) {
+    $.ajax({type: "GET", url: url, data: null,
+            dataType: "script", cache: true,
+            complete: function(jqxhr, textstatus) {
+              if (textstatus != "success") {
+                document.getElementById("searchindexloader").src = url;
+              }
+            }});
+  },
+
+  setIndex : function(index) {
+    var q;
+    this._index = index;
+    if ((q = this._queued_query) !== null) {
+      this._queued_query = null;
+      Search.query(q);
+    }
+  },
+
+  hasIndex : function() {
+      return this._index !== null;
+  },
+
+  deferQuery : function(query) {
+      this._queued_query = query;
+  },
+
+  stopPulse : function() {
+      this._pulse_status = 0;
+  },
+
+  startPulse : function() {
+    if (this._pulse_status >= 0)
+        return;
+    function pulse() {
+      var i;
+      Search._pulse_status = (Search._pulse_status + 1) % 4;
+      var dotString = '';
+      for (i = 0; i < Search._pulse_status; i++)
+        dotString += '.';
+      Search.dots.text(dotString);
+      if (Search._pulse_status > -1)
+        window.setTimeout(pulse, 500);
+    }
+    pulse();
+  },
+
+  /**
+   * perform a search for something (or wait until index is loaded)
+   */
+  performSearch : function(query) {
+    // create the required interface elements
+    this.out = $('#search-results');
+    this.title = $('<h2>' + _('Searching') + '</h2>').appendTo(this.out);
+    this.dots = $('<span></span>').appendTo(this.title);
+    this.status = $('<p style="display: none"></p>').appendTo(this.out);
+    this.output = $('<ul class="search"/>').appendTo(this.out);
+
+    $('#search-progress').text(_('Preparing search...'));
+    this.startPulse();
+
+    // index already loaded, the browser was quick!
+    if (this.hasIndex())
+      this.query(query);
+    else
+      this.deferQuery(query);
+  },
+
+  /**
+   * execute search (requires search index to be loaded)
+   */
+  query : function(query) {
+    var i;
+
+    // stem the searchterms and add them to the correct list
+    var stemmer = new Stemmer();
+    var searchterms = [];
+    var excluded = [];
+    var hlterms = [];
+    var tmp = splitQuery(query);
+    var objectterms = [];
+    for (i = 0; i < tmp.length; i++) {
+      if (tmp[i] !== "") {
+          objectterms.push(tmp[i].toLowerCase());
+      }
+
+      if ($u.indexOf(stopwords, tmp[i].toLowerCase()) != -1 || tmp[i].match(/^\d+$/) ||
+          tmp[i] === "") {
+        // skip this "word"
+        continue;
+      }
+      // stem the word
+      var word = stemmer.stemWord(tmp[i].toLowerCase());
+      // prevent stemmer from cutting word smaller than two chars
+      if(word.length < 3 && tmp[i].length >= 3) {
+        word = tmp[i];
+      }
+      var toAppend;
+      // select the correct list
+      if (word[0] == '-') {
+        toAppend = excluded;
+        word = word.substr(1);
+      }
+      else {
+        toAppend = searchterms;
+        hlterms.push(tmp[i].toLowerCase());
+      }
+      // only add if not already in the list
+      if (!$u.contains(toAppend, word))
+        toAppend.push(word);
+    }
+    var highlightstring = '?highlight=' + $.urlencode(hlterms.join(" "));
+
+    // console.debug('SEARCH: searching for:');
+    // console.info('required: ', searchterms);
+    // console.info('excluded: ', excluded);
+
+    // prepare search
+    var terms = this._index.terms;
+    var titleterms = this._index.titleterms;
+
+    // array of [filename, title, anchor, descr, score]
+    var results = [];
+    $('#search-progress').empty();
+
+    // lookup as object
+    for (i = 0; i < objectterms.length; i++) {
+      var others = [].concat(objectterms.slice(0, i),
+                             objectterms.slice(i+1, objectterms.length));
+      results = results.concat(this.performObjectSearch(objectterms[i], others));
+    }
+
+    // lookup as search terms in fulltext
+    results = results.concat(this.performTermsSearch(searchterms, excluded, terms, titleterms));
+
+    // let the scorer override scores with a custom scoring function
+    if (Scorer.score) {
+      for (i = 0; i < results.length; i++)
+        results[i][4] = Scorer.score(results[i]);
+    }
+
+    // now sort the results by score (in opposite order of appearance, since the
+    // display function below uses pop() to retrieve items) and then
+    // alphabetically
+    results.sort(function(a, b) {
+      var left = a[4];
+      var right = b[4];
+      if (left > right) {
+        return 1;
+      } else if (left < right) {
+        return -1;
+      } else {
+        // same score: sort alphabetically
+        left = a[1].toLowerCase();
+        right = b[1].toLowerCase();
+        return (left > right) ? -1 : ((left < right) ? 1 : 0);
+      }
+    });
+
+    // for debugging
+    //Search.lastresults = results.slice();  // a copy
+    //console.info('search results:', Search.lastresults);
+
+    // print the results
+    var resultCount = results.length;
+    function displayNextItem() {
+      // results left, load the summary and display it
+      if (results.length) {
+        var item = results.pop();
+        var listItem = $('<li style="display:none"></li>');
+        if (DOCUMENTATION_OPTIONS.FILE_SUFFIX === '') {
+          // dirhtml builder
+          var dirname = item[0] + '/';
+          if (dirname.match(/\/index\/$/)) {
+            dirname = dirname.substring(0, dirname.length-6);
+          } else if (dirname == 'index/') {
+            dirname = '';
+          }
+          listItem.append($('<a/>').attr('href',
+            DOCUMENTATION_OPTIONS.URL_ROOT + dirname +
+            highlightstring + item[2]).html(item[1]));
+        } else {
+          // normal html builders
+          listItem.append($('<a/>').attr('href',
+            item[0] + DOCUMENTATION_OPTIONS.FILE_SUFFIX +
+            highlightstring + item[2]).html(item[1]));
+        }
+        if (item[3]) {
+          listItem.append($('<span> (' + item[3] + ')</span>'));
+          Search.output.append(listItem);
+          listItem.slideDown(5, function() {
+            displayNextItem();
+          });
+        } else if (DOCUMENTATION_OPTIONS.HAS_SOURCE) {
+          var suffix = DOCUMENTATION_OPTIONS.SOURCELINK_SUFFIX;
+          if (suffix === undefined) {
+            suffix = '.txt';
+          }
+          $.ajax({url: DOCUMENTATION_OPTIONS.URL_ROOT + '_sources/' + item[5] + (item[5].slice(-suffix.length) === suffix ? '' : suffix),
+                  dataType: "text",
+                  complete: function(jqxhr, textstatus) {
+                    var data = jqxhr.responseText;
+                    if (data !== '' && data !== undefined) {
+                      listItem.append(Search.makeSearchSummary(data, searchterms, hlterms));
+                    }
+                    Search.output.append(listItem);
+                    listItem.slideDown(5, function() {
+                      displayNextItem();
+                    });
+                  }});
+        } else {
+          // no source available, just display title
+          Search.output.append(listItem);
+          listItem.slideDown(5, function() {
+            displayNextItem();
+          });
+        }
+      }
+      // search finished, update title and status message
+      else {
+        Search.stopPulse();
+        Search.title.text(_('Search Results'));
+        if (!resultCount)
+          Search.status.text(_('Your search did not match any documents. Please make sure that all words are spelled correctly and that you\'ve selected enough categories.'));
+        else
+            Search.status.text(_('Search finished, found %s page(s) matching the search query.').replace('%s', resultCount));
+        Search.status.fadeIn(500);
+      }
+    }
+    displayNextItem();
+  },
+
+  /**
+   * search for object names
+   */
+  performObjectSearch : function(object, otherterms) {
+    var filenames = this._index.filenames;
+    var docnames = this._index.docnames;
+    var objects = this._index.objects;
+    var objnames = this._index.objnames;
+    var titles = this._index.titles;
+
+    var i;
+    var results = [];
+
+    for (var prefix in objects) {
+      for (var name in objects[prefix]) {
+        var fullname = (prefix ? prefix + '.' : '') + name;
+        if (fullname.toLowerCase().indexOf(object) > -1) {
+          var score = 0;
+          var parts = fullname.split('.');
+          // check for different match types: exact matches of full name or
+          // "last name" (i.e. last dotted part)
+          if (fullname == object || parts[parts.length - 1] == object) {
+            score += Scorer.objNameMatch;
+          // matches in last name
+          } else if (parts[parts.length - 1].indexOf(object) > -1) {
+            score += Scorer.objPartialMatch;
+          }
+          var match = objects[prefix][name];
+          var objname = objnames[match[1]][2];
+          var title = titles[match[0]];
+          // If more than one term searched for, we require other words to be
+          // found in the name/title/description
+          if (otherterms.length > 0) {
+            var haystack = (prefix + ' ' + name + ' ' +
+                            objname + ' ' + title).toLowerCase();
+            var allfound = true;
+            for (i = 0; i < otherterms.length; i++) {
+              if (haystack.indexOf(otherterms[i]) == -1) {
+                allfound = false;
+                break;
+              }
+            }
+            if (!allfound) {
+              continue;
+            }
+          }
+          var descr = objname + _(', in ') + title;
+
+          var anchor = match[3];
+          if (anchor === '')
+            anchor = fullname;
+          else if (anchor == '-')
+            anchor = objnames[match[1]][1] + '-' + fullname;
+          // add custom score for some objects according to scorer
+          if (Scorer.objPrio.hasOwnProperty(match[2])) {
+            score += Scorer.objPrio[match[2]];
+          } else {
+            score += Scorer.objPrioDefault;
+          }
+          results.push([docnames[match[0]], fullname, '#'+anchor, descr, score, filenames[match[0]]]);
+        }
+      }
+    }
+
+    return results;
+  },
+
+  /**
+   * search for full-text terms in the index
+   */
+  performTermsSearch : function(searchterms, excluded, terms, titleterms) {
+    var docnames = this._index.docnames;
+    var filenames = this._index.filenames;
+    var titles = this._index.titles;
+
+    var i, j, file;
+    var fileMap = {};
+    var scoreMap = {};
+    var results = [];
+
+    // perform the search on the required terms
+    for (i = 0; i < searchterms.length; i++) {
+      var word = searchterms[i];
+      var files = [];
+      var _o = [
+        {files: terms[word], score: Scorer.term},
+        {files: titleterms[word], score: Scorer.title}
+      ];
+
+      // no match but word was a required one
+      if ($u.every(_o, function(o){return o.files === undefined;})) {
+        break;
+      }
+      // found search word in contents
+      $u.each(_o, function(o) {
+        var _files = o.files;
+        if (_files === undefined)
+          return
+
+        if (_files.length === undefined)
+          _files = [_files];
+        files = files.concat(_files);
+
+        // set score for the word in each file to Scorer.term
+        for (j = 0; j < _files.length; j++) {
+          file = _files[j];
+          if (!(file in scoreMap))
+            scoreMap[file] = {}
+          scoreMap[file][word] = o.score;
+        }
+      });
+
+      // create the mapping
+      for (j = 0; j < files.length; j++) {
+        file = files[j];
+        if (file in fileMap)
+          fileMap[file].push(word);
+        else
+          fileMap[file] = [word];
+      }
+    }
+
+    // now check if the files don't contain excluded terms
+    for (file in fileMap) {
+      var valid = true;
+
+      // check if all requirements are matched
+      if (fileMap[file].length != searchterms.length)
+          continue;
+
+      // ensure that none of the excluded terms is in the search result
+      for (i = 0; i < excluded.length; i++) {
+        if (terms[excluded[i]] == file ||
+            titleterms[excluded[i]] == file ||
+            $u.contains(terms[excluded[i]] || [], file) ||
+            $u.contains(titleterms[excluded[i]] || [], file)) {
+          valid = false;
+          break;
+        }
+      }
+
+      // if we have still a valid result we can add it to the result list
+      if (valid) {
+        // select one (max) score for the file.
+        // for better ranking, we should calculate ranking by using words statistics like basic tf-idf...
+        var score = $u.max($u.map(fileMap[file], function(w){return scoreMap[file][w]}));
+        results.push([docnames[file], titles[file], '', null, score, filenames[file]]);
+      }
+    }
+    return results;
+  },
+
+  /**
+   * helper function to return a node containing the
+   * search summary for a given text. keywords is a list
+   * of stemmed words, hlwords is the list of normal, unstemmed
+   * words. the first one is used to find the occurrence, the
+   * latter for highlighting it.
+   */
+  makeSearchSummary : function(text, keywords, hlwords) {
+    var textLower = text.toLowerCase();
+    var start = 0;
+    $.each(keywords, function() {
+      var i = textLower.indexOf(this.toLowerCase());
+      if (i > -1)
+        start = i;
+    });
+    start = Math.max(start - 120, 0);
+    var excerpt = ((start > 0) ? '...' : '') +
+      $.trim(text.substr(start, 240)) +
+      ((start + 240 - text.length) ? '...' : '');
+    var rv = $('<div class="context"></div>').text(excerpt);
+    $.each(hlwords, function() {
+      rv = rv.highlightText(this, 'highlighted');
+    });
+    return rv;
+  }
+};
+
+$(document).ready(function() {
+  Search.init();
+});
diff --git a/docs/html/_static/underscore-1.3.1.js b/docs/html/_static/underscore-1.3.1.js
new file mode 100644
index 0000000..208d4cd
--- /dev/null
+++ b/docs/html/_static/underscore-1.3.1.js
@@ -0,0 +1,999 @@
+//     Underscore.js 1.3.1
+//     (c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
+//     Underscore is freely distributable under the MIT license.
+//     Portions of Underscore are inspired or borrowed from Prototype,
+//     Oliver Steele's Functional, and John Resig's Micro-Templating.
+//     For all details and documentation:
+//     http://documentcloud.github.com/underscore
+
+(function() {
+
+  // Baseline setup
+  // --------------
+
+  // Establish the root object, `window` in the browser, or `global` on the server.
+  var root = this;
+
+  // Save the previous value of the `_` variable.
+  var previousUnderscore = root._;
+
+  // Establish the object that gets returned to break out of a loop iteration.
+  var breaker = {};
+
+  // Save bytes in the minified (but not gzipped) version:
+  var ArrayProto = Array.prototype, ObjProto = Object.prototype, FuncProto = Function.prototype;
+
+  // Create quick reference variables for speed access to core prototypes.
+  var slice            = ArrayProto.slice,
+      unshift          = ArrayProto.unshift,
+      toString         = ObjProto.toString,
+      hasOwnProperty   = ObjProto.hasOwnProperty;
+
+  // All **ECMAScript 5** native function implementations that we hope to use
+  // are declared here.
+  var
+    nativeForEach      = ArrayProto.forEach,
+    nativeMap          = ArrayProto.map,
+    nativeReduce       = ArrayProto.reduce,
+    nativeReduceRight  = ArrayProto.reduceRight,
+    nativeFilter       = ArrayProto.filter,
+    nativeEvery        = ArrayProto.every,
+    nativeSome         = ArrayProto.some,
+    nativeIndexOf      = ArrayProto.indexOf,
+    nativeLastIndexOf  = ArrayProto.lastIndexOf,
+    nativeIsArray      = Array.isArray,
+    nativeKeys         = Object.keys,
+    nativeBind         = FuncProto.bind;
+
+  // Create a safe reference to the Underscore object for use below.
+  var _ = function(obj) { return new wrapper(obj); };
+
+  // Export the Underscore object for **Node.js**, with
+  // backwards-compatibility for the old `require()` API. If we're in
+  // the browser, add `_` as a global object via a string identifier,
+  // for Closure Compiler "advanced" mode.
+  if (typeof exports !== 'undefined') {
+    if (typeof module !== 'undefined' && module.exports) {
+      exports = module.exports = _;
+    }
+    exports._ = _;
+  } else {
+    root['_'] = _;
+  }
+
+  // Current version.
+  _.VERSION = '1.3.1';
+
+  // Collection Functions
+  // --------------------
+
+  // The cornerstone, an `each` implementation, aka `forEach`.
+  // Handles objects with the built-in `forEach`, arrays, and raw objects.
+  // Delegates to **ECMAScript 5**'s native `forEach` if available.
+  var each = _.each = _.forEach = function(obj, iterator, context) {
+    if (obj == null) return;
+    if (nativeForEach && obj.forEach === nativeForEach) {
+      obj.forEach(iterator, context);
+    } else if (obj.length === +obj.length) {
+      for (var i = 0, l = obj.length; i < l; i++) {
+        if (i in obj && iterator.call(context, obj[i], i, obj) === breaker) return;
+      }
+    } else {
+      for (var key in obj) {
+        if (_.has(obj, key)) {
+          if (iterator.call(context, obj[key], key, obj) === breaker) return;
+        }
+      }
+    }
+  };
+
+  // Return the results of applying the iterator to each element.
+  // Delegates to **ECMAScript 5**'s native `map` if available.
+  _.map = _.collect = function(obj, iterator, context) {
+    var results = [];
+    if (obj == null) return results;
+    if (nativeMap && obj.map === nativeMap) return obj.map(iterator, context);
+    each(obj, function(value, index, list) {
+      results[results.length] = iterator.call(context, value, index, list);
+    });
+    if (obj.length === +obj.length) results.length = obj.length;
+    return results;
+  };
+
+  // **Reduce** builds up a single result from a list of values, aka `inject`,
+  // or `foldl`. Delegates to **ECMAScript 5**'s native `reduce` if available.
+  _.reduce = _.foldl = _.inject = function(obj, iterator, memo, context) {
+    var initial = arguments.length > 2;
+    if (obj == null) obj = [];
+    if (nativeReduce && obj.reduce === nativeReduce) {
+      if (context) iterator = _.bind(iterator, context);
+      return initial ? obj.reduce(iterator, memo) : obj.reduce(iterator);
+    }
+    each(obj, function(value, index, list) {
+      if (!initial) {
+        memo = value;
+        initial = true;
+      } else {
+        memo = iterator.call(context, memo, value, index, list);
+      }
+    });
+    if (!initial) throw new TypeError('Reduce of empty array with no initial value');
+    return memo;
+  };
+
+  // The right-associative version of reduce, also known as `foldr`.
+  // Delegates to **ECMAScript 5**'s native `reduceRight` if available.
+  _.reduceRight = _.foldr = function(obj, iterator, memo, context) {
+    var initial = arguments.length > 2;
+    if (obj == null) obj = [];
+    if (nativeReduceRight && obj.reduceRight === nativeReduceRight) {
+      if (context) iterator = _.bind(iterator, context);
+      return initial ? obj.reduceRight(iterator, memo) : obj.reduceRight(iterator);
+    }
+    var reversed = _.toArray(obj).reverse();
+    if (context && !initial) iterator = _.bind(iterator, context);
+    return initial ? _.reduce(reversed, iterator, memo, context) : _.reduce(reversed, iterator);
+  };
+
+  // Return the first value which passes a truth test. Aliased as `detect`.
+  _.find = _.detect = function(obj, iterator, context) {
+    var result;
+    any(obj, function(value, index, list) {
+      if (iterator.call(context, value, index, list)) {
+        result = value;
+        return true;
+      }
+    });
+    return result;
+  };
+
+  // Return all the elements that pass a truth test.
+  // Delegates to **ECMAScript 5**'s native `filter` if available.
+  // Aliased as `select`.
+  _.filter = _.select = function(obj, iterator, context) {
+    var results = [];
+    if (obj == null) return results;
+    if (nativeFilter && obj.filter === nativeFilter) return obj.filter(iterator, context);
+    each(obj, function(value, index, list) {
+      if (iterator.call(context, value, index, list)) results[results.length] = value;
+    });
+    return results;
+  };
+
+  // Return all the elements for which a truth test fails.
+  _.reject = function(obj, iterator, context) {
+    var results = [];
+    if (obj == null) return results;
+    each(obj, function(value, index, list) {
+      if (!iterator.call(context, value, index, list)) results[results.length] = value;
+    });
+    return results;
+  };
+
+  // Determine whether all of the elements match a truth test.
+  // Delegates to **ECMAScript 5**'s native `every` if available.
+  // Aliased as `all`.
+  _.every = _.all = function(obj, iterator, context) {
+    var result = true;
+    if (obj == null) return result;
+    if (nativeEvery && obj.every === nativeEvery) return obj.every(iterator, context);
+    each(obj, function(value, index, list) {
+      if (!(result = result && iterator.call(context, value, index, list))) return breaker;
+    });
+    return result;
+  };
+
+  // Determine if at least one element in the object matches a truth test.
+  // Delegates to **ECMAScript 5**'s native `some` if available.
+  // Aliased as `any`.
+  var any = _.some = _.any = function(obj, iterator, context) {
+    iterator || (iterator = _.identity);
+    var result = false;
+    if (obj == null) return result;
+    if (nativeSome && obj.some === nativeSome) return obj.some(iterator, context);
+    each(obj, function(value, index, list) {
+      if (result || (result = iterator.call(context, value, index, list))) return breaker;
+    });
+    return !!result;
+  };
+
+  // Determine if a given value is included in the array or object using `===`.
+  // Aliased as `contains`.
+  _.include = _.contains = function(obj, target) {
+    var found = false;
+    if (obj == null) return found;
+    if (nativeIndexOf && obj.indexOf === nativeIndexOf) return obj.indexOf(target) != -1;
+    found = any(obj, function(value) {
+      return value === target;
+    });
+    return found;
+  };
+
+  // Invoke a method (with arguments) on every item in a collection.
+  _.invoke = function(obj, method) {
+    var args = slice.call(arguments, 2);
+    return _.map(obj, function(value) {
+      return (_.isFunction(method) ? method || value : value[method]).apply(value, args);
+    });
+  };
+
+  // Convenience version of a common use case of `map`: fetching a property.
+  _.pluck = function(obj, key) {
+    return _.map(obj, function(value){ return value[key]; });
+  };
+
+  // Return the maximum element or (element-based computation).
+  _.max = function(obj, iterator, context) {
+    if (!iterator && _.isArray(obj)) return Math.max.apply(Math, obj);
+    if (!iterator && _.isEmpty(obj)) return -Infinity;
+    var result = {computed : -Infinity};
+    each(obj, function(value, index, list) {
+      var computed = iterator ? iterator.call(context, value, index, list) : value;
+      computed >= result.computed && (result = {value : value, computed : computed});
+    });
+    return result.value;
+  };
+
+  // Return the minimum element (or element-based computation).
+  _.min = function(obj, iterator, context) {
+    if (!iterator && _.isArray(obj)) return Math.min.apply(Math, obj);
+    if (!iterator && _.isEmpty(obj)) return Infinity;
+    var result = {computed : Infinity};
+    each(obj, function(value, index, list) {
+      var computed = iterator ? iterator.call(context, value, index, list) : value;
+      computed < result.computed && (result = {value : value, computed : computed});
+    });
+    return result.value;
+  };
+
+  // Shuffle an array.
+  _.shuffle = function(obj) {
+    var shuffled = [], rand;
+    each(obj, function(value, index, list) {
+      if (index == 0) {
+        shuffled[0] = value;
+      } else {
+        rand = Math.floor(Math.random() * (index + 1));
+        shuffled[index] = shuffled[rand];
+        shuffled[rand] = value;
+      }
+    });
+    return shuffled;
+  };
+
+  // Sort the object's values by a criterion produced by an iterator.
+  _.sortBy = function(obj, iterator, context) {
+    return _.pluck(_.map(obj, function(value, index, list) {
+      return {
+        value : value,
+        criteria : iterator.call(context, value, index, list)
+      };
+    }).sort(function(left, right) {
+      var a = left.criteria, b = right.criteria;
+      return a < b ? -1 : a > b ? 1 : 0;
+    }), 'value');
+  };
+
+  // Groups the object's values by a criterion. Pass either a string attribute
+  // to group by, or a function that returns the criterion.
+  _.groupBy = function(obj, val) {
+    var result = {};
+    var iterator = _.isFunction(val) ? val : function(obj) { return obj[val]; };
+    each(obj, function(value, index) {
+      var key = iterator(value, index);
+      (result[key] || (result[key] = [])).push(value);
+    });
+    return result;
+  };
+
+  // Use a comparator function to figure out at what index an object should
+  // be inserted so as to maintain order. Uses binary search.
+  _.sortedIndex = function(array, obj, iterator) {
+    iterator || (iterator = _.identity);
+    var low = 0, high = array.length;
+    while (low < high) {
+      var mid = (low + high) >> 1;
+      iterator(array[mid]) < iterator(obj) ? low = mid + 1 : high = mid;
+    }
+    return low;
+  };
+
+  // Safely convert anything iterable into a real, live array.
+  _.toArray = function(iterable) {
+    if (!iterable)                return [];
+    if (iterable.toArray)         return iterable.toArray();
+    if (_.isArray(iterable))      return slice.call(iterable);
+    if (_.isArguments(iterable))  return slice.call(iterable);
+    return _.values(iterable);
+  };
+
+  // Return the number of elements in an object.
+  _.size = function(obj) {
+    return _.toArray(obj).length;
+  };
+
+  // Array Functions
+  // ---------------
+
+  // Get the first element of an array. Passing **n** will return the first N
+  // values in the array. Aliased as `head`. The **guard** check allows it to work
+  // with `_.map`.
+  _.first = _.head = function(array, n, guard) {
+    return (n != null) && !guard ? slice.call(array, 0, n) : array[0];
+  };
+
+  // Returns everything but the last entry of the array. Especcialy useful on
+  // the arguments object. Passing **n** will return all the values in
+  // the array, excluding the last N. The **guard** check allows it to work with
+  // `_.map`.
+  _.initial = function(array, n, guard) {
+    return slice.call(array, 0, array.length - ((n == null) || guard ? 1 : n));
+  };
+
+  // Get the last element of an array. Passing **n** will return the last N
+  // values in the array. The **guard** check allows it to work with `_.map`.
+  _.last = function(array, n, guard) {
+    if ((n != null) && !guard) {
+      return slice.call(array, Math.max(array.length - n, 0));
+    } else {
+      return array[array.length - 1];
+    }
+  };
+
+  // Returns everything but the first entry of the array. Aliased as `tail`.
+  // Especially useful on the arguments object. Passing an **index** will return
+  // the rest of the values in the array from that index onward. The **guard**
+  // check allows it to work with `_.map`.
+  _.rest = _.tail = function(array, index, guard) {
+    return slice.call(array, (index == null) || guard ? 1 : index);
+  };
+
+  // Trim out all falsy values from an array.
+  _.compact = function(array) {
+    return _.filter(array, function(value){ return !!value; });
+  };
+
+  // Return a completely flattened version of an array.
+  _.flatten = function(array, shallow) {
+    return _.reduce(array, function(memo, value) {
+      if (_.isArray(value)) return memo.concat(shallow ? value : _.flatten(value));
+      memo[memo.length] = value;
+      return memo;
+    }, []);
+  };
+
+  // Return a version of the array that does not contain the specified value(s).
+  _.without = function(array) {
+    return _.difference(array, slice.call(arguments, 1));
+  };
+
+  // Produce a duplicate-free version of the array. If the array has already
+  // been sorted, you have the option of using a faster algorithm.
+  // Aliased as `unique`.
+  _.uniq = _.unique = function(array, isSorted, iterator) {
+    var initial = iterator ? _.map(array, iterator) : array;
+    var result = [];
+    _.reduce(initial, function(memo, el, i) {
+      if (0 == i || (isSorted === true ? _.last(memo) != el : !_.include(memo, el))) {
+        memo[memo.length] = el;
+        result[result.length] = array[i];
+      }
+      return memo;
+    }, []);
+    return result;
+  };
+
+  // Produce an array that contains the union: each distinct element from all of
+  // the passed-in arrays.
+  _.union = function() {
+    return _.uniq(_.flatten(arguments, true));
+  };
+
+  // Produce an array that contains every item shared between all the
+  // passed-in arrays. (Aliased as "intersect" for back-compat.)
+  _.intersection = _.intersect = function(array) {
+    var rest = slice.call(arguments, 1);
+    return _.filter(_.uniq(array), function(item) {
+      return _.every(rest, function(other) {
+        return _.indexOf(other, item) >= 0;
+      });
+    });
+  };
+
+  // Take the difference between one array and a number of other arrays.
+  // Only the elements present in just the first array will remain.
+  _.difference = function(array) {
+    var rest = _.flatten(slice.call(arguments, 1));
+    return _.filter(array, function(value){ return !_.include(rest, value); });
+  };
+
+  // Zip together multiple lists into a single array -- elements that share
+  // an index go together.
+  _.zip = function() {
+    var args = slice.call(arguments);
+    var length = _.max(_.pluck(args, 'length'));
+    var results = new Array(length);
+    for (var i = 0; i < length; i++) results[i] = _.pluck(args, "" + i);
+    return results;
+  };
+
+  // If the browser doesn't supply us with indexOf (I'm looking at you, **MSIE**),
+  // we need this function. Return the position of the first occurrence of an
+  // item in an array, or -1 if the item is not included in the array.
+  // Delegates to **ECMAScript 5**'s native `indexOf` if available.
+  // If the array is large and already in sort order, pass `true`
+  // for **isSorted** to use binary search.
+  _.indexOf = function(array, item, isSorted) {
+    if (array == null) return -1;
+    var i, l;
+    if (isSorted) {
+      i = _.sortedIndex(array, item);
+      return array[i] === item ? i : -1;
+    }
+    if (nativeIndexOf && array.indexOf === nativeIndexOf) return array.indexOf(item);
+    for (i = 0, l = array.length; i < l; i++) if (i in array && array[i] === item) return i;
+    return -1;
+  };
+
+  // Delegates to **ECMAScript 5**'s native `lastIndexOf` if available.
+  _.lastIndexOf = function(array, item) {
+    if (array == null) return -1;
+    if (nativeLastIndexOf && array.lastIndexOf === nativeLastIndexOf) return array.lastIndexOf(item);
+    var i = array.length;
+    while (i--) if (i in array && array[i] === item) return i;
+    return -1;
+  };
+
+  // Generate an integer Array containing an arithmetic progression. A port of
+  // the native Python `range()` function. See
+  // [the Python documentation](http://docs.python.org/library/functions.html#range).
+  _.range = function(start, stop, step) {
+    if (arguments.length <= 1) {
+      stop = start || 0;
+      start = 0;
+    }
+    step = arguments[2] || 1;
+
+    var len = Math.max(Math.ceil((stop - start) / step), 0);
+    var idx = 0;
+    var range = new Array(len);
+
+    while(idx < len) {
+      range[idx++] = start;
+      start += step;
+    }
+
+    return range;
+  };
+
+  // Function (ahem) Functions
+  // ------------------
+
+  // Reusable constructor function for prototype setting.
+  var ctor = function(){};
+
+  // Create a function bound to a given object (assigning `this`, and arguments,
+  // optionally). Binding with arguments is also known as `curry`.
+  // Delegates to **ECMAScript 5**'s native `Function.bind` if available.
+  // We check for `func.bind` first, to fail fast when `func` is undefined.
+  _.bind = function bind(func, context) {
+    var bound, args;
+    if (func.bind === nativeBind && nativeBind) return nativeBind.apply(func, slice.call(arguments, 1));
+    if (!_.isFunction(func)) throw new TypeError;
+    args = slice.call(arguments, 2);
+    return bound = function() {
+      if (!(this instanceof bound)) return func.apply(context, args.concat(slice.call(arguments)));
+      ctor.prototype = func.prototype;
+      var self = new ctor;
+      var result = func.apply(self, args.concat(slice.call(arguments)));
+      if (Object(result) === result) return result;
+      return self;
+    };
+  };
+
+  // Bind all of an object's methods to that object. Useful for ensuring that
+  // all callbacks defined on an object belong to it.
+  _.bindAll = function(obj) {
+    var funcs = slice.call(arguments, 1);
+    if (funcs.length == 0) funcs = _.functions(obj);
+    each(funcs, function(f) { obj[f] = _.bind(obj[f], obj); });
+    return obj;
+  };
+
+  // Memoize an expensive function by storing its results.
+  _.memoize = function(func, hasher) {
+    var memo = {};
+    hasher || (hasher = _.identity);
+    return function() {
+      var key = hasher.apply(this, arguments);
+      return _.has(memo, key) ? memo[key] : (memo[key] = func.apply(this, arguments));
+    };
+  };
+
+  // Delays a function for the given number of milliseconds, and then calls
+  // it with the arguments supplied.
+  _.delay = function(func, wait) {
+    var args = slice.call(arguments, 2);
+    return setTimeout(function(){ return func.apply(func, args); }, wait);
+  };
+
+  // Defers a function, scheduling it to run after the current call stack has
+  // cleared.
+  _.defer = function(func) {
+    return _.delay.apply(_, [func, 1].concat(slice.call(arguments, 1)));
+  };
+
+  // Returns a function, that, when invoked, will only be triggered at most once
+  // during a given window of time.
+  _.throttle = function(func, wait) {
+    var context, args, timeout, throttling, more;
+    var whenDone = _.debounce(function(){ more = throttling = false; }, wait);
+    return function() {
+      context = this; args = arguments;
+      var later = function() {
+        timeout = null;
+        if (more) func.apply(context, args);
+        whenDone();
+      };
+      if (!timeout) timeout = setTimeout(later, wait);
+      if (throttling) {
+        more = true;
+      } else {
+        func.apply(context, args);
+      }
+      whenDone();
+      throttling = true;
+    };
+  };
+
+  // Returns a function, that, as long as it continues to be invoked, will not
+  // be triggered. The function will be called after it stops being called for
+  // N milliseconds.
+  _.debounce = function(func, wait) {
+    var timeout;
+    return function() {
+      var context = this, args = arguments;
+      var later = function() {
+        timeout = null;
+        func.apply(context, args);
+      };
+      clearTimeout(timeout);
+      timeout = setTimeout(later, wait);
+    };
+  };
+
+  // Returns a function that will be executed at most one time, no matter how
+  // often you call it. Useful for lazy initialization.
+  _.once = function(func) {
+    var ran = false, memo;
+    return function() {
+      if (ran) return memo;
+      ran = true;
+      return memo = func.apply(this, arguments);
+    };
+  };
+
+  // Returns the first function passed as an argument to the second,
+  // allowing you to adjust arguments, run code before and after, and
+  // conditionally execute the original function.
+  _.wrap = function(func, wrapper) {
+    return function() {
+      var args = [func].concat(slice.call(arguments, 0));
+      return wrapper.apply(this, args);
+    };
+  };
+
+  // Returns a function that is the composition of a list of functions, each
+  // consuming the return value of the function that follows.
+  _.compose = function() {
+    var funcs = arguments;
+    return function() {
+      var args = arguments;
+      for (var i = funcs.length - 1; i >= 0; i--) {
+        args = [funcs[i].apply(this, args)];
+      }
+      return args[0];
+    };
+  };
+
+  // Returns a function that will only be executed after being called N times.
+  _.after = function(times, func) {
+    if (times <= 0) return func();
+    return function() {
+      if (--times < 1) { return func.apply(this, arguments); }
+    };
+  };
+
+  // Object Functions
+  // ----------------
+
+  // Retrieve the names of an object's properties.
+  // Delegates to **ECMAScript 5**'s native `Object.keys`
+  _.keys = nativeKeys || function(obj) {
+    if (obj !== Object(obj)) throw new TypeError('Invalid object');
+    var keys = [];
+    for (var key in obj) if (_.has(obj, key)) keys[keys.length] = key;
+    return keys;
+  };
+
+  // Retrieve the values of an object's properties.
+  _.values = function(obj) {
+    return _.map(obj, _.identity);
+  };
+
+  // Return a sorted list of the function names available on the object.
+  // Aliased as `methods`
+  _.functions = _.methods = function(obj) {
+    var names = [];
+    for (var key in obj) {
+      if (_.isFunction(obj[key])) names.push(key);
+    }
+    return names.sort();
+  };
+
+  // Extend a given object with all the properties in passed-in object(s).
+  _.extend = function(obj) {
+    each(slice.call(arguments, 1), function(source) {
+      for (var prop in source) {
+        obj[prop] = source[prop];
+      }
+    });
+    return obj;
+  };
+
+  // Fill in a given object with default properties.
+  _.defaults = function(obj) {
+    each(slice.call(arguments, 1), function(source) {
+      for (var prop in source) {
+        if (obj[prop] == null) obj[prop] = source[prop];
+      }
+    });
+    return obj;
+  };
+
+  // Create a (shallow-cloned) duplicate of an object.
+  _.clone = function(obj) {
+    if (!_.isObject(obj)) return obj;
+    return _.isArray(obj) ? obj.slice() : _.extend({}, obj);
+  };
+
+  // Invokes interceptor with the obj, and then returns obj.
+  // The primary purpose of this method is to "tap into" a method chain, in
+  // order to perform operations on intermediate results within the chain.
+  _.tap = function(obj, interceptor) {
+    interceptor(obj);
+    return obj;
+  };
+
+  // Internal recursive comparison function.
+  function eq(a, b, stack) {
+    // Identical objects are equal. `0 === -0`, but they aren't identical.
+    // See the Harmony `egal` proposal: http://wiki.ecmascript.org/doku.php?id=harmony:egal.
+    if (a === b) return a !== 0 || 1 / a == 1 / b;
+    // A strict comparison is necessary because `null == undefined`.
+    if (a == null || b == null) return a === b;
+    // Unwrap any wrapped objects.
+    if (a._chain) a = a._wrapped;
+    if (b._chain) b = b._wrapped;
+    // Invoke a custom `isEqual` method if one is provided.
+    if (a.isEqual && _.isFunction(a.isEqual)) return a.isEqual(b);
+    if (b.isEqual && _.isFunction(b.isEqual)) return b.isEqual(a);
+    // Compare `[[Class]]` names.
+    var className = toString.call(a);
+    if (className != toString.call(b)) return false;
+    switch (className) {
+      // Strings, numbers, dates, and booleans are compared by value.
+      case '[object String]':
+        // Primitives and their corresponding object wrappers are equivalent; thus, `"5"` is
+        // equivalent to `new String("5")`.
+        return a == String(b);
+      case '[object Number]':
+        // `NaN`s are equivalent, but non-reflexive. An `egal` comparison is performed for
+        // other numeric values.
+        return a != +a ? b != +b : (a == 0 ? 1 / a == 1 / b : a == +b);
+      case '[object Date]':
+      case '[object Boolean]':
+        // Coerce dates and booleans to numeric primitive values. Dates are compared by their
+        // millisecond representations. Note that invalid dates with millisecond representations
+        // of `NaN` are not equivalent.
+        return +a == +b;
+      // RegExps are compared by their source patterns and flags.
+      case '[object RegExp]':
+        return a.source == b.source &&
+               a.global == b.global &&
+               a.multiline == b.multiline &&
+               a.ignoreCase == b.ignoreCase;
+    }
+    if (typeof a != 'object' || typeof b != 'object') return false;
+    // Assume equality for cyclic structures. The algorithm for detecting cyclic
+    // structures is adapted from ES 5.1 section 15.12.3, abstract operation `JO`.
+    var length = stack.length;
+    while (length--) {
+      // Linear search. Performance is inversely proportional to the number of
+      // unique nested structures.
+      if (stack[length] == a) return true;
+    }
+    // Add the first object to the stack of traversed objects.
+    stack.push(a);
+    var size = 0, result = true;
+    // Recursively compare objects and arrays.
+    if (className == '[object Array]') {
+      // Compare array lengths to determine if a deep comparison is necessary.
+      size = a.length;
+      result = size == b.length;
+      if (result) {
+        // Deep compare the contents, ignoring non-numeric properties.
+        while (size--) {
+          // Ensure commutative equality for sparse arrays.
+          if (!(result = size in a == size in b && eq(a[size], b[size], stack))) break;
+        }
+      }
+    } else {
+      // Objects with different constructors are not equivalent.
+      if ('constructor' in a != 'constructor' in b || a.constructor != b.constructor) return false;
+      // Deep compare objects.
+      for (var key in a) {
+        if (_.has(a, key)) {
+          // Count the expected number of properties.
+          size++;
+          // Deep compare each member.
+          if (!(result = _.has(b, key) && eq(a[key], b[key], stack))) break;
+        }
+      }
+      // Ensure that both objects contain the same number of properties.
+      if (result) {
+        for (key in b) {
+          if (_.has(b, key) && !(size--)) break;
+        }
+        result = !size;
+      }
+    }
+    // Remove the first object from the stack of traversed objects.
+    stack.pop();
+    return result;
+  }
+
+  // Perform a deep comparison to check if two objects are equal.
+  _.isEqual = function(a, b) {
+    return eq(a, b, []);
+  };
+
+  // Is a given array, string, or object empty?
+  // An "empty" object has no enumerable own-properties.
+  _.isEmpty = function(obj) {
+    if (_.isArray(obj) || _.isString(obj)) return obj.length === 0;
+    for (var key in obj) if (_.has(obj, key)) return false;
+    return true;
+  };
+
+  // Is a given value a DOM element?
+  _.isElement = function(obj) {
+    return !!(obj && obj.nodeType == 1);
+  };
+
+  // Is a given value an array?
+  // Delegates to ECMA5's native Array.isArray
+  _.isArray = nativeIsArray || function(obj) {
+    return toString.call(obj) == '[object Array]';
+  };
+
+  // Is a given variable an object?
+  _.isObject = function(obj) {
+    return obj === Object(obj);
+  };
+
+  // Is a given variable an arguments object?
+  _.isArguments = function(obj) {
+    return toString.call(obj) == '[object Arguments]';
+  };
+  if (!_.isArguments(arguments)) {
+    _.isArguments = function(obj) {
+      return !!(obj && _.has(obj, 'callee'));
+    };
+  }
+
+  // Is a given value a function?
+  _.isFunction = function(obj) {
+    return toString.call(obj) == '[object Function]';
+  };
+
+  // Is a given value a string?
+  _.isString = function(obj) {
+    return toString.call(obj) == '[object String]';
+  };
+
+  // Is a given value a number?
+  _.isNumber = function(obj) {
+    return toString.call(obj) == '[object Number]';
+  };
+
+  // Is the given value `NaN`?
+  _.isNaN = function(obj) {
+    // `NaN` is the only value for which `===` is not reflexive.
+    return obj !== obj;
+  };
+
+  // Is a given value a boolean?
+  _.isBoolean = function(obj) {
+    return obj === true || obj === false || toString.call(obj) == '[object Boolean]';
+  };
+
+  // Is a given value a date?
+  _.isDate = function(obj) {
+    return toString.call(obj) == '[object Date]';
+  };
+
+  // Is the given value a regular expression?
+  _.isRegExp = function(obj) {
+    return toString.call(obj) == '[object RegExp]';
+  };
+
+  // Is a given value equal to null?
+  _.isNull = function(obj) {
+    return obj === null;
+  };
+
+  // Is a given variable undefined?
+  _.isUndefined = function(obj) {
+    return obj === void 0;
+  };
+
+  // Has own property?
+  _.has = function(obj, key) {
+    return hasOwnProperty.call(obj, key);
+  };
+
+  // Utility Functions
+  // -----------------
+
+  // Run Underscore.js in *noConflict* mode, returning the `_` variable to its
+  // previous owner. Returns a reference to the Underscore object.
+  _.noConflict = function() {
+    root._ = previousUnderscore;
+    return this;
+  };
+
+  // Keep the identity function around for default iterators.
+  _.identity = function(value) {
+    return value;
+  };
+
+  // Run a function **n** times.
+  _.times = function (n, iterator, context) {
+    for (var i = 0; i < n; i++) iterator.call(context, i);
+  };
+
+  // Escape a string for HTML interpolation.
+  _.escape = function(string) {
+    return (''+string).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/\//g,'&#x2F;');
+  };
+
+  // Add your own custom functions to the Underscore object, ensuring that
+  // they're correctly added to the OOP wrapper as well.
+  _.mixin = function(obj) {
+    each(_.functions(obj), function(name){
+      addToWrapper(name, _[name] = obj[name]);
+    });
+  };
+
+  // Generate a unique integer id (unique within the entire client session).
+  // Useful for temporary DOM ids.
+  var idCounter = 0;
+  _.uniqueId = function(prefix) {
+    var id = idCounter++;
+    return prefix ? prefix + id : id;
+  };
+
+  // By default, Underscore uses ERB-style template delimiters, change the
+  // following template settings to use alternative delimiters.
+  _.templateSettings = {
+    evaluate    : /<%([\s\S]+?)%>/g,
+    interpolate : /<%=([\s\S]+?)%>/g,
+    escape      : /<%-([\s\S]+?)%>/g
+  };
+
+  // When customizing `templateSettings`, if you don't want to define an
+  // interpolation, evaluation or escaping regex, we need one that is
+  // guaranteed not to match.
+  var noMatch = /.^/;
+
+  // Within an interpolation, evaluation, or escaping, remove HTML escaping
+  // that had been previously added.
+  var unescape = function(code) {
+    return code.replace(/\\\\/g, '\\').replace(/\\'/g, "'");
+  };
+
+  // JavaScript micro-templating, similar to John Resig's implementation.
+  // Underscore templating handles arbitrary delimiters, preserves whitespace,
+  // and correctly escapes quotes within interpolated code.
+  _.template = function(str, data) {
+    var c  = _.templateSettings;
+    var tmpl = 'var __p=[],print=function(){__p.push.apply(__p,arguments);};' +
+      'with(obj||{}){__p.push(\'' +
+      str.replace(/\\/g, '\\\\')
+         .replace(/'/g, "\\'")
+         .replace(c.escape || noMatch, function(match, code) {
+           return "',_.escape(" + unescape(code) + "),'";
+         })
+         .replace(c.interpolate || noMatch, function(match, code) {
+           return "'," + unescape(code) + ",'";
+         })
+         .replace(c.evaluate || noMatch, function(match, code) {
+           return "');" + unescape(code).replace(/[\r\n\t]/g, ' ') + ";__p.push('";
+         })
+         .replace(/\r/g, '\\r')
+         .replace(/\n/g, '\\n')
+         .replace(/\t/g, '\\t')
+         + "');}return __p.join('');";
+    var func = new Function('obj', '_', tmpl);
+    if (data) return func(data, _);
+    return function(data) {
+      return func.call(this, data, _);
+    };
+  };
+
+  // Add a "chain" function, which will delegate to the wrapper.
+  _.chain = function(obj) {
+    return _(obj).chain();
+  };
+
+  // The OOP Wrapper
+  // ---------------
+
+  // If Underscore is called as a function, it returns a wrapped object that
+  // can be used OO-style. This wrapper holds altered versions of all the
+  // underscore functions. Wrapped objects may be chained.
+  var wrapper = function(obj) { this._wrapped = obj; };
+
+  // Expose `wrapper.prototype` as `_.prototype`
+  _.prototype = wrapper.prototype;
+
+  // Helper function to continue chaining intermediate results.
+  var result = function(obj, chain) {
+    return chain ? _(obj).chain() : obj;
+  };
+
+  // A method to easily add functions to the OOP wrapper.
+  var addToWrapper = function(name, func) {
+    wrapper.prototype[name] = function() {
+      var args = slice.call(arguments);
+      unshift.call(args, this._wrapped);
+      return result(func.apply(_, args), this._chain);
+    };
+  };
+
+  // Add all of the Underscore functions to the wrapper object.
+  _.mixin(_);
+
+  // Add all mutator Array functions to the wrapper.
+  each(['pop', 'push', 'reverse', 'shift', 'sort', 'splice', 'unshift'], function(name) {
+    var method = ArrayProto[name];
+    wrapper.prototype[name] = function() {
+      var wrapped = this._wrapped;
+      method.apply(wrapped, arguments);
+      var length = wrapped.length;
+      if ((name == 'shift' || name == 'splice') && length === 0) delete wrapped[0];
+      return result(wrapped, this._chain);
+    };
+  });
+
+  // Add all accessor Array functions to the wrapper.
+  each(['concat', 'join', 'slice'], function(name) {
+    var method = ArrayProto[name];
+    wrapper.prototype[name] = function() {
+      return result(method.apply(this._wrapped, arguments), this._chain);
+    };
+  });
+
+  // Start chaining a wrapped Underscore object.
+  wrapper.prototype.chain = function() {
+    this._chain = true;
+    return this;
+  };
+
+  // Extracts the result from a wrapped and chained object.
+  wrapper.prototype.value = function() {
+    return this._wrapped;
+  };
+
+}).call(this);
diff --git a/docs/html/_static/underscore.js b/docs/html/_static/underscore.js
new file mode 100644
index 0000000..5b55f32
--- /dev/null
+++ b/docs/html/_static/underscore.js
@@ -0,0 +1,31 @@
+// Underscore.js 1.3.1
+// (c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
+// Underscore is freely distributable under the MIT license.
+// Portions of Underscore are inspired or borrowed from Prototype,
+// Oliver Steele's Functional, and John Resig's Micro-Templating.
+// For all details and documentation:
+// http://documentcloud.github.com/underscore
+(function(){function q(a,c,d){if(a===c)return a!==0||1/a==1/c;if(a==null||c==null)return a===c;if(a._chain)a=a._wrapped;if(c._chain)c=c._wrapped;if(a.isEqual&&b.isFunction(a.isEqual))return a.isEqual(c);if(c.isEqual&&b.isFunction(c.isEqual))return c.isEqual(a);var e=l.call(a);if(e!=l.call(c))return false;switch(e){case "[object String]":return a==String(c);case "[object Number]":return a!=+a?c!=+c:a==0?1/a==1/c:a==+c;case "[object Date]":case "[object Boolean]":return+a==+c;case "[object RegExp]":return a.source==
+c.source&&a.global==c.global&&a.multiline==c.multiline&&a.ignoreCase==c.ignoreCase}if(typeof a!="object"||typeof c!="object")return false;for(var f=d.length;f--;)if(d[f]==a)return true;d.push(a);var f=0,g=true;if(e=="[object Array]"){if(f=a.length,g=f==c.length)for(;f--;)if(!(g=f in a==f in c&&q(a[f],c[f],d)))break}else{if("constructor"in a!="constructor"in c||a.constructor!=c.constructor)return false;for(var h in a)if(b.has(a,h)&&(f++,!(g=b.has(c,h)&&q(a[h],c[h],d))))break;if(g){for(h in c)if(b.has(c,
+h)&&!f--)break;g=!f}}d.pop();return g}var r=this,G=r._,n={},k=Array.prototype,o=Object.prototype,i=k.slice,H=k.unshift,l=o.toString,I=o.hasOwnProperty,w=k.forEach,x=k.map,y=k.reduce,z=k.reduceRight,A=k.filter,B=k.every,C=k.some,p=k.indexOf,D=k.lastIndexOf,o=Array.isArray,J=Object.keys,s=Function.prototype.bind,b=function(a){return new m(a)};if(typeof exports!=="undefined"){if(typeof module!=="undefined"&&module.exports)exports=module.exports=b;exports._=b}else r._=b;b.VERSION="1.3.1";var j=b.each=
+b.forEach=function(a,c,d){if(a!=null)if(w&&a.forEach===w)a.forEach(c,d);else if(a.length===+a.length)for(var e=0,f=a.length;e<f;e++){if(e in a&&c.call(d,a[e],e,a)===n)break}else for(e in a)if(b.has(a,e)&&c.call(d,a[e],e,a)===n)break};b.map=b.collect=function(a,c,b){var e=[];if(a==null)return e;if(x&&a.map===x)return a.map(c,b);j(a,function(a,g,h){e[e.length]=c.call(b,a,g,h)});if(a.length===+a.length)e.length=a.length;return e};b.reduce=b.foldl=b.inject=function(a,c,d,e){var f=arguments.length>2;a==
+null&&(a=[]);if(y&&a.reduce===y)return e&&(c=b.bind(c,e)),f?a.reduce(c,d):a.reduce(c);j(a,function(a,b,i){f?d=c.call(e,d,a,b,i):(d=a,f=true)});if(!f)throw new TypeError("Reduce of empty array with no initial value");return d};b.reduceRight=b.foldr=function(a,c,d,e){var f=arguments.length>2;a==null&&(a=[]);if(z&&a.reduceRight===z)return e&&(c=b.bind(c,e)),f?a.reduceRight(c,d):a.reduceRight(c);var g=b.toArray(a).reverse();e&&!f&&(c=b.bind(c,e));return f?b.reduce(g,c,d,e):b.reduce(g,c)};b.find=b.detect=
+function(a,c,b){var e;E(a,function(a,g,h){if(c.call(b,a,g,h))return e=a,true});return e};b.filter=b.select=function(a,c,b){var e=[];if(a==null)return e;if(A&&a.filter===A)return a.filter(c,b);j(a,function(a,g,h){c.call(b,a,g,h)&&(e[e.length]=a)});return e};b.reject=function(a,c,b){var e=[];if(a==null)return e;j(a,function(a,g,h){c.call(b,a,g,h)||(e[e.length]=a)});return e};b.every=b.all=function(a,c,b){var e=true;if(a==null)return e;if(B&&a.every===B)return a.every(c,b);j(a,function(a,g,h){if(!(e=
+e&&c.call(b,a,g,h)))return n});return e};var E=b.some=b.any=function(a,c,d){c||(c=b.identity);var e=false;if(a==null)return e;if(C&&a.some===C)return a.some(c,d);j(a,function(a,b,h){if(e||(e=c.call(d,a,b,h)))return n});return!!e};b.include=b.contains=function(a,c){var b=false;if(a==null)return b;return p&&a.indexOf===p?a.indexOf(c)!=-1:b=E(a,function(a){return a===c})};b.invoke=function(a,c){var d=i.call(arguments,2);return b.map(a,function(a){return(b.isFunction(c)?c||a:a[c]).apply(a,d)})};b.pluck=
+function(a,c){return b.map(a,function(a){return a[c]})};b.max=function(a,c,d){if(!c&&b.isArray(a))return Math.max.apply(Math,a);if(!c&&b.isEmpty(a))return-Infinity;var e={computed:-Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b>=e.computed&&(e={value:a,computed:b})});return e.value};b.min=function(a,c,d){if(!c&&b.isArray(a))return Math.min.apply(Math,a);if(!c&&b.isEmpty(a))return Infinity;var e={computed:Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b<e.computed&&(e={value:a,computed:b})});
+return e.value};b.shuffle=function(a){var b=[],d;j(a,function(a,f){f==0?b[0]=a:(d=Math.floor(Math.random()*(f+1)),b[f]=b[d],b[d]=a)});return b};b.sortBy=function(a,c,d){return b.pluck(b.map(a,function(a,b,g){return{value:a,criteria:c.call(d,a,b,g)}}).sort(function(a,b){var c=a.criteria,d=b.criteria;return c<d?-1:c>d?1:0}),"value")};b.groupBy=function(a,c){var d={},e=b.isFunction(c)?c:function(a){return a[c]};j(a,function(a,b){var c=e(a,b);(d[c]||(d[c]=[])).push(a)});return d};b.sortedIndex=function(a,
+c,d){d||(d=b.identity);for(var e=0,f=a.length;e<f;){var g=e+f>>1;d(a[g])<d(c)?e=g+1:f=g}return e};b.toArray=function(a){return!a?[]:a.toArray?a.toArray():b.isArray(a)?i.call(a):b.isArguments(a)?i.call(a):b.values(a)};b.size=function(a){return b.toArray(a).length};b.first=b.head=function(a,b,d){return b!=null&&!d?i.call(a,0,b):a[0]};b.initial=function(a,b,d){return i.call(a,0,a.length-(b==null||d?1:b))};b.last=function(a,b,d){return b!=null&&!d?i.call(a,Math.max(a.length-b,0)):a[a.length-1]};b.rest=
+b.tail=function(a,b,d){return i.call(a,b==null||d?1:b)};b.compact=function(a){return b.filter(a,function(a){return!!a})};b.flatten=function(a,c){return b.reduce(a,function(a,e){if(b.isArray(e))return a.concat(c?e:b.flatten(e));a[a.length]=e;return a},[])};b.without=function(a){return b.difference(a,i.call(arguments,1))};b.uniq=b.unique=function(a,c,d){var d=d?b.map(a,d):a,e=[];b.reduce(d,function(d,g,h){if(0==h||(c===true?b.last(d)!=g:!b.include(d,g)))d[d.length]=g,e[e.length]=a[h];return d},[]);
+return e};b.union=function(){return b.uniq(b.flatten(arguments,true))};b.intersection=b.intersect=function(a){var c=i.call(arguments,1);return b.filter(b.uniq(a),function(a){return b.every(c,function(c){return b.indexOf(c,a)>=0})})};b.difference=function(a){var c=b.flatten(i.call(arguments,1));return b.filter(a,function(a){return!b.include(c,a)})};b.zip=function(){for(var a=i.call(arguments),c=b.max(b.pluck(a,"length")),d=Array(c),e=0;e<c;e++)d[e]=b.pluck(a,""+e);return d};b.indexOf=function(a,c,
+d){if(a==null)return-1;var e;if(d)return d=b.sortedIndex(a,c),a[d]===c?d:-1;if(p&&a.indexOf===p)return a.indexOf(c);for(d=0,e=a.length;d<e;d++)if(d in a&&a[d]===c)return d;return-1};b.lastIndexOf=function(a,b){if(a==null)return-1;if(D&&a.lastIndexOf===D)return a.lastIndexOf(b);for(var d=a.length;d--;)if(d in a&&a[d]===b)return d;return-1};b.range=function(a,b,d){arguments.length<=1&&(b=a||0,a=0);for(var d=arguments[2]||1,e=Math.max(Math.ceil((b-a)/d),0),f=0,g=Array(e);f<e;)g[f++]=a,a+=d;return g};
+var F=function(){};b.bind=function(a,c){var d,e;if(a.bind===s&&s)return s.apply(a,i.call(arguments,1));if(!b.isFunction(a))throw new TypeError;e=i.call(arguments,2);return d=function(){if(!(this instanceof d))return a.apply(c,e.concat(i.call(arguments)));F.prototype=a.prototype;var b=new F,g=a.apply(b,e.concat(i.call(arguments)));return Object(g)===g?g:b}};b.bindAll=function(a){var c=i.call(arguments,1);c.length==0&&(c=b.functions(a));j(c,function(c){a[c]=b.bind(a[c],a)});return a};b.memoize=function(a,
+c){var d={};c||(c=b.identity);return function(){var e=c.apply(this,arguments);return b.has(d,e)?d[e]:d[e]=a.apply(this,arguments)}};b.delay=function(a,b){var d=i.call(arguments,2);return setTimeout(function(){return a.apply(a,d)},b)};b.defer=function(a){return b.delay.apply(b,[a,1].concat(i.call(arguments,1)))};b.throttle=function(a,c){var d,e,f,g,h,i=b.debounce(function(){h=g=false},c);return function(){d=this;e=arguments;var b;f||(f=setTimeout(function(){f=null;h&&a.apply(d,e);i()},c));g?h=true:
+a.apply(d,e);i();g=true}};b.debounce=function(a,b){var d;return function(){var e=this,f=arguments;clearTimeout(d);d=setTimeout(function(){d=null;a.apply(e,f)},b)}};b.once=function(a){var b=false,d;return function(){if(b)return d;b=true;return d=a.apply(this,arguments)}};b.wrap=function(a,b){return function(){var d=[a].concat(i.call(arguments,0));return b.apply(this,d)}};b.compose=function(){var a=arguments;return function(){for(var b=arguments,d=a.length-1;d>=0;d--)b=[a[d].apply(this,b)];return b[0]}};
+b.after=function(a,b){return a<=0?b():function(){if(--a<1)return b.apply(this,arguments)}};b.keys=J||function(a){if(a!==Object(a))throw new TypeError("Invalid object");var c=[],d;for(d in a)b.has(a,d)&&(c[c.length]=d);return c};b.values=function(a){return b.map(a,b.identity)};b.functions=b.methods=function(a){var c=[],d;for(d in a)b.isFunction(a[d])&&c.push(d);return c.sort()};b.extend=function(a){j(i.call(arguments,1),function(b){for(var d in b)a[d]=b[d]});return a};b.defaults=function(a){j(i.call(arguments,
+1),function(b){for(var d in b)a[d]==null&&(a[d]=b[d])});return a};b.clone=function(a){return!b.isObject(a)?a:b.isArray(a)?a.slice():b.extend({},a)};b.tap=function(a,b){b(a);return a};b.isEqual=function(a,b){return q(a,b,[])};b.isEmpty=function(a){if(b.isArray(a)||b.isString(a))return a.length===0;for(var c in a)if(b.has(a,c))return false;return true};b.isElement=function(a){return!!(a&&a.nodeType==1)};b.isArray=o||function(a){return l.call(a)=="[object Array]"};b.isObject=function(a){return a===Object(a)};
+b.isArguments=function(a){return l.call(a)=="[object Arguments]"};if(!b.isArguments(arguments))b.isArguments=function(a){return!(!a||!b.has(a,"callee"))};b.isFunction=function(a){return l.call(a)=="[object Function]"};b.isString=function(a){return l.call(a)=="[object String]"};b.isNumber=function(a){return l.call(a)=="[object Number]"};b.isNaN=function(a){return a!==a};b.isBoolean=function(a){return a===true||a===false||l.call(a)=="[object Boolean]"};b.isDate=function(a){return l.call(a)=="[object Date]"};
+b.isRegExp=function(a){return l.call(a)=="[object RegExp]"};b.isNull=function(a){return a===null};b.isUndefined=function(a){return a===void 0};b.has=function(a,b){return I.call(a,b)};b.noConflict=function(){r._=G;return this};b.identity=function(a){return a};b.times=function(a,b,d){for(var e=0;e<a;e++)b.call(d,e)};b.escape=function(a){return(""+a).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#x27;").replace(/\//g,"&#x2F;")};b.mixin=function(a){j(b.functions(a),
+function(c){K(c,b[c]=a[c])})};var L=0;b.uniqueId=function(a){var b=L++;return a?a+b:b};b.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g,escape:/<%-([\s\S]+?)%>/g};var t=/.^/,u=function(a){return a.replace(/\\\\/g,"\\").replace(/\\'/g,"'")};b.template=function(a,c){var d=b.templateSettings,d="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+a.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(d.escape||t,function(a,b){return"',_.escape("+
+u(b)+"),'"}).replace(d.interpolate||t,function(a,b){return"',"+u(b)+",'"}).replace(d.evaluate||t,function(a,b){return"');"+u(b).replace(/[\r\n\t]/g," ")+";__p.push('"}).replace(/\r/g,"\\r").replace(/\n/g,"\\n").replace(/\t/g,"\\t")+"');}return __p.join('');",e=new Function("obj","_",d);return c?e(c,b):function(a){return e.call(this,a,b)}};b.chain=function(a){return b(a).chain()};var m=function(a){this._wrapped=a};b.prototype=m.prototype;var v=function(a,c){return c?b(a).chain():a},K=function(a,c){m.prototype[a]=
+function(){var a=i.call(arguments);H.call(a,this._wrapped);return v(c.apply(b,a),this._chain)}};b.mixin(b);j("pop,push,reverse,shift,sort,splice,unshift".split(","),function(a){var b=k[a];m.prototype[a]=function(){var d=this._wrapped;b.apply(d,arguments);var e=d.length;(a=="shift"||a=="splice")&&e===0&&delete d[0];return v(d,this._chain)}});j(["concat","join","slice"],function(a){var b=k[a];m.prototype[a]=function(){return v(b.apply(this._wrapped,arguments),this._chain)}});m.prototype.chain=function(){this._chain=
+true;return this};m.prototype.value=function(){return this._wrapped}}).call(this);
diff --git a/docs/html/_static/up-pressed.png b/docs/html/_static/up-pressed.png
new file mode 100644
index 0000000..acee3b6
--- /dev/null
+++ b/docs/html/_static/up-pressed.png
Binary files differ
diff --git a/docs/html/_static/up.png b/docs/html/_static/up.png
new file mode 100644
index 0000000..2a940a7
--- /dev/null
+++ b/docs/html/_static/up.png
Binary files differ
diff --git a/docs/html/_static/websupport.js b/docs/html/_static/websupport.js
new file mode 100644
index 0000000..3b4999e
--- /dev/null
+++ b/docs/html/_static/websupport.js
@@ -0,0 +1,808 @@
+/*
+ * websupport.js
+ * ~~~~~~~~~~~~~
+ *
+ * sphinx.websupport utilities for all documentation.
+ *
+ * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+(function($) {
+  $.fn.autogrow = function() {
+    return this.each(function() {
+    var textarea = this;
+
+    $.fn.autogrow.resize(textarea);
+
+    $(textarea)
+      .focus(function() {
+        textarea.interval = setInterval(function() {
+          $.fn.autogrow.resize(textarea);
+        }, 500);
+      })
+      .blur(function() {
+        clearInterval(textarea.interval);
+      });
+    });
+  };
+
+  $.fn.autogrow.resize = function(textarea) {
+    var lineHeight = parseInt($(textarea).css('line-height'), 10);
+    var lines = textarea.value.split('\n');
+    var columns = textarea.cols;
+    var lineCount = 0;
+    $.each(lines, function() {
+      lineCount += Math.ceil(this.length / columns) || 1;
+    });
+    var height = lineHeight * (lineCount + 1);
+    $(textarea).css('height', height);
+  };
+})(jQuery);
+
+(function($) {
+  var comp, by;
+
+  function init() {
+    initEvents();
+    initComparator();
+  }
+
+  function initEvents() {
+    $(document).on("click", 'a.comment-close', function(event) {
+      event.preventDefault();
+      hide($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.vote', function(event) {
+      event.preventDefault();
+      handleVote($(this));
+    });
+    $(document).on("click", 'a.reply', function(event) {
+      event.preventDefault();
+      openReply($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.close-reply', function(event) {
+      event.preventDefault();
+      closeReply($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.sort-option', function(event) {
+      event.preventDefault();
+      handleReSort($(this));
+    });
+    $(document).on("click", 'a.show-proposal', function(event) {
+      event.preventDefault();
+      showProposal($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.hide-proposal', function(event) {
+      event.preventDefault();
+      hideProposal($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.show-propose-change', function(event) {
+      event.preventDefault();
+      showProposeChange($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.hide-propose-change', function(event) {
+      event.preventDefault();
+      hideProposeChange($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.accept-comment', function(event) {
+      event.preventDefault();
+      acceptComment($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.delete-comment', function(event) {
+      event.preventDefault();
+      deleteComment($(this).attr('id').substring(2));
+    });
+    $(document).on("click", 'a.comment-markup', function(event) {
+      event.preventDefault();
+      toggleCommentMarkupBox($(this).attr('id').substring(2));
+    });
+  }
+
+  /**
+   * Set comp, which is a comparator function used for sorting and
+   * inserting comments into the list.
+   */
+  function setComparator() {
+    // If the first three letters are "asc", sort in ascending order
+    // and remove the prefix.
+    if (by.substring(0,3) == 'asc') {
+      var i = by.substring(3);
+      comp = function(a, b) { return a[i] - b[i]; };
+    } else {
+      // Otherwise sort in descending order.
+      comp = function(a, b) { return b[by] - a[by]; };
+    }
+
+    // Reset link styles and format the selected sort option.
+    $('a.sel').attr('href', '#').removeClass('sel');
+    $('a.by' + by).removeAttr('href').addClass('sel');
+  }
+
+  /**
+   * Create a comp function. If the user has preferences stored in
+   * the sortBy cookie, use those, otherwise use the default.
+   */
+  function initComparator() {
+    by = 'rating'; // Default to sort by rating.
+    // If the sortBy cookie is set, use that instead.
+    if (document.cookie.length > 0) {
+      var start = document.cookie.indexOf('sortBy=');
+      if (start != -1) {
+        start = start + 7;
+        var end = document.cookie.indexOf(";", start);
+        if (end == -1) {
+          end = document.cookie.length;
+          by = unescape(document.cookie.substring(start, end));
+        }
+      }
+    }
+    setComparator();
+  }
+
+  /**
+   * Show a comment div.
+   */
+  function show(id) {
+    $('#ao' + id).hide();
+    $('#ah' + id).show();
+    var context = $.extend({id: id}, opts);
+    var popup = $(renderTemplate(popupTemplate, context)).hide();
+    popup.find('textarea[name="proposal"]').hide();
+    popup.find('a.by' + by).addClass('sel');
+    var form = popup.find('#cf' + id);
+    form.submit(function(event) {
+      event.preventDefault();
+      addComment(form);
+    });
+    $('#s' + id).after(popup);
+    popup.slideDown('fast', function() {
+      getComments(id);
+    });
+  }
+
+  /**
+   * Hide a comment div.
+   */
+  function hide(id) {
+    $('#ah' + id).hide();
+    $('#ao' + id).show();
+    var div = $('#sc' + id);
+    div.slideUp('fast', function() {
+      div.remove();
+    });
+  }
+
+  /**
+   * Perform an ajax request to get comments for a node
+   * and insert the comments into the comments tree.
+   */
+  function getComments(id) {
+    $.ajax({
+     type: 'GET',
+     url: opts.getCommentsURL,
+     data: {node: id},
+     success: function(data, textStatus, request) {
+       var ul = $('#cl' + id);
+       var speed = 100;
+       $('#cf' + id)
+         .find('textarea[name="proposal"]')
+         .data('source', data.source);
+
+       if (data.comments.length === 0) {
+         ul.html('<li>No comments yet.</li>');
+         ul.data('empty', true);
+       } else {
+         // If there are comments, sort them and put them in the list.
+         var comments = sortComments(data.comments);
+         speed = data.comments.length * 100;
+         appendComments(comments, ul);
+         ul.data('empty', false);
+       }
+       $('#cn' + id).slideUp(speed + 200);
+       ul.slideDown(speed);
+     },
+     error: function(request, textStatus, error) {
+       showError('Oops, there was a problem retrieving the comments.');
+     },
+     dataType: 'json'
+    });
+  }
+
+  /**
+   * Add a comment via ajax and insert the comment into the comment tree.
+   */
+  function addComment(form) {
+    var node_id = form.find('input[name="node"]').val();
+    var parent_id = form.find('input[name="parent"]').val();
+    var text = form.find('textarea[name="comment"]').val();
+    var proposal = form.find('textarea[name="proposal"]').val();
+
+    if (text == '') {
+      showError('Please enter a comment.');
+      return;
+    }
+
+    // Disable the form that is being submitted.
+    form.find('textarea,input').attr('disabled', 'disabled');
+
+    // Send the comment to the server.
+    $.ajax({
+      type: "POST",
+      url: opts.addCommentURL,
+      dataType: 'json',
+      data: {
+        node: node_id,
+        parent: parent_id,
+        text: text,
+        proposal: proposal
+      },
+      success: function(data, textStatus, error) {
+        // Reset the form.
+        if (node_id) {
+          hideProposeChange(node_id);
+        }
+        form.find('textarea')
+          .val('')
+          .add(form.find('input'))
+          .removeAttr('disabled');
+	var ul = $('#cl' + (node_id || parent_id));
+        if (ul.data('empty')) {
+          $(ul).empty();
+          ul.data('empty', false);
+        }
+        insertComment(data.comment);
+        var ao = $('#ao' + node_id);
+        ao.find('img').attr({'src': opts.commentBrightImage});
+        if (node_id) {
+          // if this was a "root" comment, remove the commenting box
+          // (the user can get it back by reopening the comment popup)
+          $('#ca' + node_id).slideUp();
+        }
+      },
+      error: function(request, textStatus, error) {
+        form.find('textarea,input').removeAttr('disabled');
+        showError('Oops, there was a problem adding the comment.');
+      }
+    });
+  }
+
+  /**
+   * Recursively append comments to the main comment list and children
+   * lists, creating the comment tree.
+   */
+  function appendComments(comments, ul) {
+    $.each(comments, function() {
+      var div = createCommentDiv(this);
+      ul.append($(document.createElement('li')).html(div));
+      appendComments(this.children, div.find('ul.comment-children'));
+      // To avoid stagnating data, don't store the comments children in data.
+      this.children = null;
+      div.data('comment', this);
+    });
+  }
+
+  /**
+   * After adding a new comment, it must be inserted in the correct
+   * location in the comment tree.
+   */
+  function insertComment(comment) {
+    var div = createCommentDiv(comment);
+
+    // To avoid stagnating data, don't store the comments children in data.
+    comment.children = null;
+    div.data('comment', comment);
+
+    var ul = $('#cl' + (comment.node || comment.parent));
+    var siblings = getChildren(ul);
+
+    var li = $(document.createElement('li'));
+    li.hide();
+
+    // Determine where in the parents children list to insert this comment.
+    for(var i=0; i < siblings.length; i++) {
+      if (comp(comment, siblings[i]) <= 0) {
+        $('#cd' + siblings[i].id)
+          .parent()
+          .before(li.html(div));
+        li.slideDown('fast');
+        return;
+      }
+    }
+
+    // If we get here, this comment rates lower than all the others,
+    // or it is the only comment in the list.
+    ul.append(li.html(div));
+    li.slideDown('fast');
+  }
+
+  function acceptComment(id) {
+    $.ajax({
+      type: 'POST',
+      url: opts.acceptCommentURL,
+      data: {id: id},
+      success: function(data, textStatus, request) {
+        $('#cm' + id).fadeOut('fast');
+        $('#cd' + id).removeClass('moderate');
+      },
+      error: function(request, textStatus, error) {
+        showError('Oops, there was a problem accepting the comment.');
+      }
+    });
+  }
+
+  function deleteComment(id) {
+    $.ajax({
+      type: 'POST',
+      url: opts.deleteCommentURL,
+      data: {id: id},
+      success: function(data, textStatus, request) {
+        var div = $('#cd' + id);
+        if (data == 'delete') {
+          // Moderator mode: remove the comment and all children immediately
+          div.slideUp('fast', function() {
+            div.remove();
+          });
+          return;
+        }
+        // User mode: only mark the comment as deleted
+        div
+          .find('span.user-id:first')
+          .text('[deleted]').end()
+          .find('div.comment-text:first')
+          .text('[deleted]').end()
+          .find('#cm' + id + ', #dc' + id + ', #ac' + id + ', #rc' + id +
+                ', #sp' + id + ', #hp' + id + ', #cr' + id + ', #rl' + id)
+          .remove();
+        var comment = div.data('comment');
+        comment.username = '[deleted]';
+        comment.text = '[deleted]';
+        div.data('comment', comment);
+      },
+      error: function(request, textStatus, error) {
+        showError('Oops, there was a problem deleting the comment.');
+      }
+    });
+  }
+
+  function showProposal(id) {
+    $('#sp' + id).hide();
+    $('#hp' + id).show();
+    $('#pr' + id).slideDown('fast');
+  }
+
+  function hideProposal(id) {
+    $('#hp' + id).hide();
+    $('#sp' + id).show();
+    $('#pr' + id).slideUp('fast');
+  }
+
+  function showProposeChange(id) {
+    $('#pc' + id).hide();
+    $('#hc' + id).show();
+    var textarea = $('#pt' + id);
+    textarea.val(textarea.data('source'));
+    $.fn.autogrow.resize(textarea[0]);
+    textarea.slideDown('fast');
+  }
+
+  function hideProposeChange(id) {
+    $('#hc' + id).hide();
+    $('#pc' + id).show();
+    var textarea = $('#pt' + id);
+    textarea.val('').removeAttr('disabled');
+    textarea.slideUp('fast');
+  }
+
+  function toggleCommentMarkupBox(id) {
+    $('#mb' + id).toggle();
+  }
+
+  /** Handle when the user clicks on a sort by link. */
+  function handleReSort(link) {
+    var classes = link.attr('class').split(/\s+/);
+    for (var i=0; i<classes.length; i++) {
+      if (classes[i] != 'sort-option') {
+	by = classes[i].substring(2);
+      }
+    }
+    setComparator();
+    // Save/update the sortBy cookie.
+    var expiration = new Date();
+    expiration.setDate(expiration.getDate() + 365);
+    document.cookie= 'sortBy=' + escape(by) +
+                     ';expires=' + expiration.toUTCString();
+    $('ul.comment-ul').each(function(index, ul) {
+      var comments = getChildren($(ul), true);
+      comments = sortComments(comments);
+      appendComments(comments, $(ul).empty());
+    });
+  }
+
+  /**
+   * Function to process a vote when a user clicks an arrow.
+   */
+  function handleVote(link) {
+    if (!opts.voting) {
+      showError("You'll need to login to vote.");
+      return;
+    }
+
+    var id = link.attr('id');
+    if (!id) {
+      // Didn't click on one of the voting arrows.
+      return;
+    }
+    // If it is an unvote, the new vote value is 0,
+    // Otherwise it's 1 for an upvote, or -1 for a downvote.
+    var value = 0;
+    if (id.charAt(1) != 'u') {
+      value = id.charAt(0) == 'u' ? 1 : -1;
+    }
+    // The data to be sent to the server.
+    var d = {
+      comment_id: id.substring(2),
+      value: value
+    };
+
+    // Swap the vote and unvote links.
+    link.hide();
+    $('#' + id.charAt(0) + (id.charAt(1) == 'u' ? 'v' : 'u') + d.comment_id)
+      .show();
+
+    // The div the comment is displayed in.
+    var div = $('div#cd' + d.comment_id);
+    var data = div.data('comment');
+
+    // If this is not an unvote, and the other vote arrow has
+    // already been pressed, unpress it.
+    if ((d.value !== 0) && (data.vote === d.value * -1)) {
+      $('#' + (d.value == 1 ? 'd' : 'u') + 'u' + d.comment_id).hide();
+      $('#' + (d.value == 1 ? 'd' : 'u') + 'v' + d.comment_id).show();
+    }
+
+    // Update the comments rating in the local data.
+    data.rating += (data.vote === 0) ? d.value : (d.value - data.vote);
+    data.vote = d.value;
+    div.data('comment', data);
+
+    // Change the rating text.
+    div.find('.rating:first')
+      .text(data.rating + ' point' + (data.rating == 1 ? '' : 's'));
+
+    // Send the vote information to the server.
+    $.ajax({
+      type: "POST",
+      url: opts.processVoteURL,
+      data: d,
+      error: function(request, textStatus, error) {
+        showError('Oops, there was a problem casting that vote.');
+      }
+    });
+  }
+
+  /**
+   * Open a reply form used to reply to an existing comment.
+   */
+  function openReply(id) {
+    // Swap out the reply link for the hide link
+    $('#rl' + id).hide();
+    $('#cr' + id).show();
+
+    // Add the reply li to the children ul.
+    var div = $(renderTemplate(replyTemplate, {id: id})).hide();
+    $('#cl' + id)
+      .prepend(div)
+      // Setup the submit handler for the reply form.
+      .find('#rf' + id)
+      .submit(function(event) {
+        event.preventDefault();
+        addComment($('#rf' + id));
+        closeReply(id);
+      })
+      .find('input[type=button]')
+      .click(function() {
+        closeReply(id);
+      });
+    div.slideDown('fast', function() {
+      $('#rf' + id).find('textarea').focus();
+    });
+  }
+
+  /**
+   * Close the reply form opened with openReply.
+   */
+  function closeReply(id) {
+    // Remove the reply div from the DOM.
+    $('#rd' + id).slideUp('fast', function() {
+      $(this).remove();
+    });
+
+    // Swap out the hide link for the reply link
+    $('#cr' + id).hide();
+    $('#rl' + id).show();
+  }
+
+  /**
+   * Recursively sort a tree of comments using the comp comparator.
+   */
+  function sortComments(comments) {
+    comments.sort(comp);
+    $.each(comments, function() {
+      this.children = sortComments(this.children);
+    });
+    return comments;
+  }
+
+  /**
+   * Get the children comments from a ul. If recursive is true,
+   * recursively include childrens' children.
+   */
+  function getChildren(ul, recursive) {
+    var children = [];
+    ul.children().children("[id^='cd']")
+      .each(function() {
+        var comment = $(this).data('comment');
+        if (recursive)
+          comment.children = getChildren($(this).find('#cl' + comment.id), true);
+        children.push(comment);
+      });
+    return children;
+  }
+
+  /** Create a div to display a comment in. */
+  function createCommentDiv(comment) {
+    if (!comment.displayed && !opts.moderator) {
+      return $('<div class="moderate">Thank you!  Your comment will show up '
+               + 'once it is has been approved by a moderator.</div>');
+    }
+    // Prettify the comment rating.
+    comment.pretty_rating = comment.rating + ' point' +
+      (comment.rating == 1 ? '' : 's');
+    // Make a class (for displaying not yet moderated comments differently)
+    comment.css_class = comment.displayed ? '' : ' moderate';
+    // Create a div for this comment.
+    var context = $.extend({}, opts, comment);
+    var div = $(renderTemplate(commentTemplate, context));
+
+    // If the user has voted on this comment, highlight the correct arrow.
+    if (comment.vote) {
+      var direction = (comment.vote == 1) ? 'u' : 'd';
+      div.find('#' + direction + 'v' + comment.id).hide();
+      div.find('#' + direction + 'u' + comment.id).show();
+    }
+
+    if (opts.moderator || comment.text != '[deleted]') {
+      div.find('a.reply').show();
+      if (comment.proposal_diff)
+        div.find('#sp' + comment.id).show();
+      if (opts.moderator && !comment.displayed)
+        div.find('#cm' + comment.id).show();
+      if (opts.moderator || (opts.username == comment.username))
+        div.find('#dc' + comment.id).show();
+    }
+    return div;
+  }
+
+  /**
+   * A simple template renderer. Placeholders such as <%id%> are replaced
+   * by context['id'] with items being escaped. Placeholders such as <#id#>
+   * are not escaped.
+   */
+  function renderTemplate(template, context) {
+    var esc = $(document.createElement('div'));
+
+    function handle(ph, escape) {
+      var cur = context;
+      $.each(ph.split('.'), function() {
+        cur = cur[this];
+      });
+      return escape ? esc.text(cur || "").html() : cur;
+    }
+
+    return template.replace(/<([%#])([\w\.]*)\1>/g, function() {
+      return handle(arguments[2], arguments[1] == '%' ? true : false);
+    });
+  }
+
+  /** Flash an error message briefly. */
+  function showError(message) {
+    $(document.createElement('div')).attr({'class': 'popup-error'})
+      .append($(document.createElement('div'))
+               .attr({'class': 'error-message'}).text(message))
+      .appendTo('body')
+      .fadeIn("slow")
+      .delay(2000)
+      .fadeOut("slow");
+  }
+
+  /** Add a link the user uses to open the comments popup. */
+  $.fn.comment = function() {
+    return this.each(function() {
+      var id = $(this).attr('id').substring(1);
+      var count = COMMENT_METADATA[id];
+      var title = count + ' comment' + (count == 1 ? '' : 's');
+      var image = count > 0 ? opts.commentBrightImage : opts.commentImage;
+      var addcls = count == 0 ? ' nocomment' : '';
+      $(this)
+        .append(
+          $(document.createElement('a')).attr({
+            href: '#',
+            'class': 'sphinx-comment-open' + addcls,
+            id: 'ao' + id
+          })
+            .append($(document.createElement('img')).attr({
+              src: image,
+              alt: 'comment',
+              title: title
+            }))
+            .click(function(event) {
+              event.preventDefault();
+              show($(this).attr('id').substring(2));
+            })
+        )
+        .append(
+          $(document.createElement('a')).attr({
+            href: '#',
+            'class': 'sphinx-comment-close hidden',
+            id: 'ah' + id
+          })
+            .append($(document.createElement('img')).attr({
+              src: opts.closeCommentImage,
+              alt: 'close',
+              title: 'close'
+            }))
+            .click(function(event) {
+              event.preventDefault();
+              hide($(this).attr('id').substring(2));
+            })
+        );
+    });
+  };
+
+  var opts = {
+    processVoteURL: '/_process_vote',
+    addCommentURL: '/_add_comment',
+    getCommentsURL: '/_get_comments',
+    acceptCommentURL: '/_accept_comment',
+    deleteCommentURL: '/_delete_comment',
+    commentImage: '/static/_static/comment.png',
+    closeCommentImage: '/static/_static/comment-close.png',
+    loadingImage: '/static/_static/ajax-loader.gif',
+    commentBrightImage: '/static/_static/comment-bright.png',
+    upArrow: '/static/_static/up.png',
+    downArrow: '/static/_static/down.png',
+    upArrowPressed: '/static/_static/up-pressed.png',
+    downArrowPressed: '/static/_static/down-pressed.png',
+    voting: false,
+    moderator: false
+  };
+
+  if (typeof COMMENT_OPTIONS != "undefined") {
+    opts = jQuery.extend(opts, COMMENT_OPTIONS);
+  }
+
+  var popupTemplate = '\
+    <div class="sphinx-comments" id="sc<%id%>">\
+      <p class="sort-options">\
+        Sort by:\
+        <a href="#" class="sort-option byrating">best rated</a>\
+        <a href="#" class="sort-option byascage">newest</a>\
+        <a href="#" class="sort-option byage">oldest</a>\
+      </p>\
+      <div class="comment-header">Comments</div>\
+      <div class="comment-loading" id="cn<%id%>">\
+        loading comments... <img src="<%loadingImage%>" alt="" /></div>\
+      <ul id="cl<%id%>" class="comment-ul"></ul>\
+      <div id="ca<%id%>">\
+      <p class="add-a-comment">Add a comment\
+        (<a href="#" class="comment-markup" id="ab<%id%>">markup</a>):</p>\
+      <div class="comment-markup-box" id="mb<%id%>">\
+        reStructured text markup: <i>*emph*</i>, <b>**strong**</b>, \
+        <code>``code``</code>, \
+        code blocks: <code>::</code> and an indented block after blank line</div>\
+      <form method="post" id="cf<%id%>" class="comment-form" action="">\
+        <textarea name="comment" cols="80"></textarea>\
+        <p class="propose-button">\
+          <a href="#" id="pc<%id%>" class="show-propose-change">\
+            Propose a change &#9657;\
+          </a>\
+          <a href="#" id="hc<%id%>" class="hide-propose-change">\
+            Propose a change &#9663;\
+          </a>\
+        </p>\
+        <textarea name="proposal" id="pt<%id%>" cols="80"\
+                  spellcheck="false"></textarea>\
+        <input type="submit" value="Add comment" />\
+        <input type="hidden" name="node" value="<%id%>" />\
+        <input type="hidden" name="parent" value="" />\
+      </form>\
+      </div>\
+    </div>';
+
+  var commentTemplate = '\
+    <div id="cd<%id%>" class="sphinx-comment<%css_class%>">\
+      <div class="vote">\
+        <div class="arrow">\
+          <a href="#" id="uv<%id%>" class="vote" title="vote up">\
+            <img src="<%upArrow%>" />\
+          </a>\
+          <a href="#" id="uu<%id%>" class="un vote" title="vote up">\
+            <img src="<%upArrowPressed%>" />\
+          </a>\
+        </div>\
+        <div class="arrow">\
+          <a href="#" id="dv<%id%>" class="vote" title="vote down">\
+            <img src="<%downArrow%>" id="da<%id%>" />\
+          </a>\
+          <a href="#" id="du<%id%>" class="un vote" title="vote down">\
+            <img src="<%downArrowPressed%>" />\
+          </a>\
+        </div>\
+      </div>\
+      <div class="comment-content">\
+        <p class="tagline comment">\
+          <span class="user-id"><%username%></span>\
+          <span class="rating"><%pretty_rating%></span>\
+          <span class="delta"><%time.delta%></span>\
+        </p>\
+        <div class="comment-text comment"><#text#></div>\
+        <p class="comment-opts comment">\
+          <a href="#" class="reply hidden" id="rl<%id%>">reply &#9657;</a>\
+          <a href="#" class="close-reply" id="cr<%id%>">reply &#9663;</a>\
+          <a href="#" id="sp<%id%>" class="show-proposal">proposal &#9657;</a>\
+          <a href="#" id="hp<%id%>" class="hide-proposal">proposal &#9663;</a>\
+          <a href="#" id="dc<%id%>" class="delete-comment hidden">delete</a>\
+          <span id="cm<%id%>" class="moderation hidden">\
+            <a href="#" id="ac<%id%>" class="accept-comment">accept</a>\
+          </span>\
+        </p>\
+        <pre class="proposal" id="pr<%id%>">\
+<#proposal_diff#>\
+        </pre>\
+          <ul class="comment-children" id="cl<%id%>"></ul>\
+        </div>\
+        <div class="clearleft"></div>\
+      </div>\
+    </div>';
+
+  var replyTemplate = '\
+    <li>\
+      <div class="reply-div" id="rd<%id%>">\
+        <form id="rf<%id%>">\
+          <textarea name="comment" cols="80"></textarea>\
+          <input type="submit" value="Add reply" />\
+          <input type="button" value="Cancel" />\
+          <input type="hidden" name="parent" value="<%id%>" />\
+          <input type="hidden" name="node" value="" />\
+        </form>\
+      </div>\
+    </li>';
+
+  $(document).ready(function() {
+    init();
+  });
+})(jQuery);
+
+$(document).ready(function() {
+  // add comment anchors for all paragraphs that are commentable
+  $('.sphinx-has-comment').comment();
+
+  // highlight search words in search results
+  $("div.context").each(function() {
+    var params = $.getQueryParameters();
+    var terms = (params.q) ? params.q[0].split(/\s+/) : [];
+    var result = $(this);
+    $.each(terms, function() {
+      result.highlightText(this.toLowerCase(), 'highlighted');
+    });
+  });
+
+  // directly open comment window if requested
+  var anchor = document.location.hash;
+  if (anchor.substring(0, 9) == '#comment-') {
+    $('#ao' + anchor.substring(9)).click();
+    document.location.hash = '#s' + anchor.substring(9);
+  }
+});
diff --git a/docs/html/annotated.html b/docs/html/annotated.html
deleted file mode 100644
index ea8766a..0000000
--- a/docs/html/annotated.html
+++ /dev/null
@@ -1,103 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Class List</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li class="current"><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li class="current"><a href="annotated.html"><span>Class&#160;List</span></a></li>
-      <li><a href="classes.html"><span>Class&#160;Index</span></a></li>
-      <li><a href="functions.html"><span>Class&#160;Members</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="headertitle">
-<div class="title">Class List</div>  </div>
-</div><!--header-->
-<div class="contents">
-<div class="textblock">Here are the classes, structs, unions and interfaces with brief descriptions:</div><div class="directory">
-<table class="directory">
-<tr id="row_0_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><span class="icona"><span class="icon">C</span></span><a class="el" href="structpsa__generate__key__extra__rsa.html" target="_self">psa_generate_key_extra_rsa</a></td><td class="desc"></td></tr>
-</table>
-</div><!-- directory -->
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/arrowdown.png b/docs/html/arrowdown.png
deleted file mode 100644
index 0b63f6d..0000000
--- a/docs/html/arrowdown.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/arrowright.png b/docs/html/arrowright.png
deleted file mode 100644
index c6ee22f..0000000
--- a/docs/html/arrowright.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/bc_s.png b/docs/html/bc_s.png
deleted file mode 100644
index 224b29a..0000000
--- a/docs/html/bc_s.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/bdwn.png b/docs/html/bdwn.png
deleted file mode 100644
index 940a0b9..0000000
--- a/docs/html/bdwn.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/classes.html b/docs/html/classes.html
deleted file mode 100644
index 8382069..0000000
--- a/docs/html/classes.html
+++ /dev/null
@@ -1,107 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Class Index</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li class="current"><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="annotated.html"><span>Class&#160;List</span></a></li>
-      <li class="current"><a href="classes.html"><span>Class&#160;Index</span></a></li>
-      <li><a href="functions.html"><span>Class&#160;Members</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="headertitle">
-<div class="title">Class Index</div>  </div>
-</div><!--header-->
-<div class="contents">
-<div class="qindex"><a class="qindex" href="#letter_P">P</a></div>
-<table class="classindex">
-<tr><td rowspan="2" valign="bottom"><a name="letter_p"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&#160;&#160;p&#160;&#160;</div></td></tr></table>
-</td><td></td></tr>
-<tr><td></td></tr>
-<tr><td valign="top"><a class="el" href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a>&#160;&#160;&#160;</td><td></td></tr>
-<tr><td></td><td></td></tr>
-</table>
-<div class="qindex"><a class="qindex" href="#letter_P">P</a></div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/closed.png b/docs/html/closed.png
deleted file mode 100644
index 98cc2c9..0000000
--- a/docs/html/closed.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto_8h.html b/docs/html/crypto_8h.html
deleted file mode 100644
index 0734526..0000000
--- a/docs/html/crypto_8h.html
+++ /dev/null
@@ -1,338 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto.h File Reference</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="summary">
-<a href="#nested-classes">Classes</a> &#124;
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">crypto.h File Reference</div>  </div>
-</div><!--header-->
-<div class="contents">
-
-<p>Platform Security Architecture cryptography module.  
-<a href="#details">More...</a></p>
-<div class="textblock"><code>#include &quot;crypto_platform.h&quot;</code><br />
-<code>#include &lt;stddef.h&gt;</code><br />
-<code>#include &quot;<a class="el" href="crypto__types_8h_source.html">crypto_types.h</a>&quot;</code><br />
-<code>#include &quot;<a class="el" href="crypto__values_8h_source.html">crypto_values.h</a>&quot;</code><br />
-<code>#include &quot;<a class="el" href="crypto__sizes_8h_source.html">crypto_sizes.h</a>&quot;</code><br />
-<code>#include &quot;crypto_struct.h&quot;</code><br />
-<code>#include &quot;crypto_extra.h&quot;</code><br />
-</div><div class="textblock"><div class="dynheader">
-Include dependency graph for crypto.h:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto_8h__incl.png" border="0" usemap="#psa_2crypto_8h" alt=""/></div>
-<map name="psa_2crypto_8h" id="psa_2crypto_8h">
-<area shape="rect" id="node8" href="crypto__types_8h.html" title="PSA cryptography module: type aliases. " alt="" coords="763,102,871,129"/>
-<area shape="rect" id="node9" href="crypto__values_8h.html" title="PSA cryptography module: macros to build and analyze integer values. " alt="" coords="896,102,1011,129"/>
-<area shape="rect" id="node10" href="crypto__sizes_8h.html" title="PSA cryptography module: Mbed TLS buffer size macros. " alt="" coords="1035,102,1141,129"/>
-</map>
-</div>
-</div>
-<p><a href="crypto_8h_source.html">Go to the source code of this file.</a></p>
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a>
-Classes</h2></td></tr>
-<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a></td></tr>
-<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga5e6bc5f550e88fdc7790f2a75e79f7c5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga5e6bc5f550e88fdc7790f2a75e79f7c5">PSA_KEY_POLICY_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga5e6bc5f550e88fdc7790f2a75e79f7c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6ab7fe8d3500bc2f21be840b4f4f8d1d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga6ab7fe8d3500bc2f21be840b4f4f8d1d">PSA_HASH_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga6ab7fe8d3500bc2f21be840b4f4f8d1d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga441b6efc161a4573d06465bd22d9dc2d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga441b6efc161a4573d06465bd22d9dc2d">PSA_MAC_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga441b6efc161a4573d06465bd22d9dc2d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2da0541aabf9a4995cf2004e36311919"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga2da0541aabf9a4995cf2004e36311919">PSA_CIPHER_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga2da0541aabf9a4995cf2004e36311919"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf52e036794c0dc6fbadd93a2b990f366"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gaf52e036794c0dc6fbadd93a2b990f366">PSA_AEAD_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:gaf52e036794c0dc6fbadd93a2b990f366"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4788b471385fc667876fbd8a0d3fe062"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga4788b471385fc667876fbd8a0d3fe062">PSA_CRYPTO_GENERATOR_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga4788b471385fc667876fbd8a0d3fe062"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac3222df9b9ecca4d33ae56a7b8fbb1c9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#gac3222df9b9ecca4d33ae56a7b8fbb1c9">PSA_GENERATOR_UNBRIDLED_CAPACITY</a>&#160;&#160;&#160;((size_t)(-1))</td></tr>
-<tr class="separator:gac3222df9b9ecca4d33ae56a7b8fbb1c9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:gabf6d5fd4e2ea89ecd425c88f057e7f75"><td class="memItemLeft" align="right" valign="top">typedef _unsigned_integral_type_&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a></td></tr>
-<tr class="memdesc:gabf6d5fd4e2ea89ecd425c88f057e7f75"><td class="mdescLeft">&#160;</td><td class="mdescRight">Key handle.  <a href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">More...</a><br /></td></tr>
-<tr class="separator:gabf6d5fd4e2ea89ecd425c88f057e7f75"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf553efd409845b6d09ff25ce2ba36607"><td class="memItemLeft" align="right" valign="top">typedef struct psa_key_policy_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a></td></tr>
-<tr class="separator:gaf553efd409845b6d09ff25ce2ba36607"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3c4205d2ce66c4095fc5c78c25273fab"><td class="memItemLeft" align="right" valign="top">typedef struct psa_hash_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a></td></tr>
-<tr class="separator:ga3c4205d2ce66c4095fc5c78c25273fab"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga78f0838b0c4e3db28b26355624d4bd37"><td class="memItemLeft" align="right" valign="top">typedef struct psa_mac_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a></td></tr>
-<tr class="separator:ga78f0838b0c4e3db28b26355624d4bd37"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1399de29db657e3737bb09927aae51fa"><td class="memItemLeft" align="right" valign="top">typedef struct psa_cipher_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a></td></tr>
-<tr class="separator:ga1399de29db657e3737bb09927aae51fa"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga14f6a01afbaa8c5b3d8c5d345cbaa3ed"><td class="memItemLeft" align="right" valign="top">typedef struct psa_aead_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a></td></tr>
-<tr class="separator:ga14f6a01afbaa8c5b3d8c5d345cbaa3ed"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1f894c4fba202ef8e307d72caf489e3b"><td class="memItemLeft" align="right" valign="top">typedef struct psa_crypto_generator_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a></td></tr>
-<tr class="separator:ga1f894c4fba202ef8e307d72caf489e3b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga2de150803fc2f7dc6101d5af7e921dd9"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9">psa_crypto_init</a> (void)</td></tr>
-<tr class="memdesc:ga2de150803fc2f7dc6101d5af7e921dd9"><td class="mdescLeft">&#160;</td><td class="mdescRight">Library initialization.  <a href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9">More...</a><br /></td></tr>
-<tr class="separator:ga2de150803fc2f7dc6101d5af7e921dd9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac16792fd6d375a5f76d372090df40607"><td class="memItemLeft" align="right" valign="top">void&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gac16792fd6d375a5f76d372090df40607">psa_key_policy_set_usage</a> (<a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy, <a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a> usage, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="memdesc:gac16792fd6d375a5f76d372090df40607"><td class="mdescLeft">&#160;</td><td class="mdescRight">Set the standard fields of a policy structure.  <a href="group__policy.html#gac16792fd6d375a5f76d372090df40607">More...</a><br /></td></tr>
-<tr class="separator:gac16792fd6d375a5f76d372090df40607"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7746662b7503e484774d0ecb5d8ac2ab"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab">psa_key_policy_get_usage</a> (const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:ga7746662b7503e484774d0ecb5d8ac2ab"><td class="mdescLeft">&#160;</td><td class="mdescRight">Retrieve the usage field of a policy structure.  <a href="group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab">More...</a><br /></td></tr>
-<tr class="separator:ga7746662b7503e484774d0ecb5d8ac2ab"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaadf16b89ace53e1d2cb5bcb0aef24c86"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86">psa_key_policy_get_algorithm</a> (const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:gaadf16b89ace53e1d2cb5bcb0aef24c86"><td class="mdescLeft">&#160;</td><td class="mdescRight">Retrieve the algorithm field of a policy structure.  <a href="group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86">More...</a><br /></td></tr>
-<tr class="separator:gaadf16b89ace53e1d2cb5bcb0aef24c86"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1e2a6e50b621864f95d438222a3c640b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b">psa_set_key_policy</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:ga1e2a6e50b621864f95d438222a3c640b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Set the usage policy on a key slot.  <a href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b">More...</a><br /></td></tr>
-<tr class="separator:ga1e2a6e50b621864f95d438222a3c640b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaed087d1386b807edee66b2e445ba9111"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaed087d1386b807edee66b2e445ba9111">psa_get_key_policy</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:gaed087d1386b807edee66b2e445ba9111"><td class="mdescLeft">&#160;</td><td class="mdescRight">Get the usage policy for a key slot.  <a href="group__policy.html#gaed087d1386b807edee66b2e445ba9111">More...</a><br /></td></tr>
-<tr class="separator:gaed087d1386b807edee66b2e445ba9111"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1e4825ab59260aeb3bdbb3ff07210022"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022">psa_get_key_lifetime</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> *lifetime)</td></tr>
-<tr class="memdesc:ga1e4825ab59260aeb3bdbb3ff07210022"><td class="mdescLeft">&#160;</td><td class="mdescRight">Retrieve the lifetime of an open key.  <a href="group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022">More...</a><br /></td></tr>
-<tr class="separator:ga1e4825ab59260aeb3bdbb3ff07210022"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga40094b77b7a42b9c8e158395113f1a35"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle)</td></tr>
-<tr class="separator:ga40094b77b7a42b9c8e158395113f1a35"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa9f1c848cf78b80fe2a7b18bb7ccec50"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">psa_open_key</a> (<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> lifetime, <a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a> id, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle)</td></tr>
-<tr class="separator:gaa9f1c848cf78b80fe2a7b18bb7ccec50"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4108f255d3eaa6d23a7a14b684af8d7c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key</a> (<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> lifetime, <a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a> id, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle)</td></tr>
-<tr class="separator:ga4108f255d3eaa6d23a7a14b684af8d7c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa09b720d299dfe6b9f41c36e448078eb"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">psa_close_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle)</td></tr>
-<tr class="separator:gaa09b720d299dfe6b9f41c36e448078eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac9f999cb4d098663d56095afe81a453a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a">psa_import_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, const uint8_t *data, size_t data_length)</td></tr>
-<tr class="memdesc:gac9f999cb4d098663d56095afe81a453a"><td class="mdescLeft">&#160;</td><td class="mdescRight">Import a key in binary format.  <a href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a">More...</a><br /></td></tr>
-<tr class="separator:gac9f999cb4d098663d56095afe81a453a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga165085fc1bc7a78b91792fdd94ae102c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c">psa_destroy_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle)</td></tr>
-<tr class="memdesc:ga165085fc1bc7a78b91792fdd94ae102c"><td class="mdescLeft">&#160;</td><td class="mdescRight">Destroy a key.  <a href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c">More...</a><br /></td></tr>
-<tr class="separator:ga165085fc1bc7a78b91792fdd94ae102c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae8939902d6977ea8ad13eb7b4db9a042"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">psa_get_key_information</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> *type, size_t *bits)</td></tr>
-<tr class="memdesc:gae8939902d6977ea8ad13eb7b4db9a042"><td class="mdescLeft">&#160;</td><td class="mdescRight">Get basic metadata about a key.  <a href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">More...</a><br /></td></tr>
-<tr class="separator:gae8939902d6977ea8ad13eb7b4db9a042"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga091da8d3d39137fd6ad59f2b10234300"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300">psa_set_key_domain_parameters</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, const uint8_t *data, size_t data_length)</td></tr>
-<tr class="memdesc:ga091da8d3d39137fd6ad59f2b10234300"><td class="mdescLeft">&#160;</td><td class="mdescRight">Set domain parameters for a key.  <a href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300">More...</a><br /></td></tr>
-<tr class="separator:ga091da8d3d39137fd6ad59f2b10234300"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae260b92e32ac5d63f7dfc6ffdf6536f7"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7">psa_get_key_domain_parameters</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, uint8_t *data, size_t data_size, size_t *data_length)</td></tr>
-<tr class="memdesc:gae260b92e32ac5d63f7dfc6ffdf6536f7"><td class="mdescLeft">&#160;</td><td class="mdescRight">Get domain parameters for a key.  <a href="group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7">More...</a><br /></td></tr>
-<tr class="separator:gae260b92e32ac5d63f7dfc6ffdf6536f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga902b9a7a6cf34d6111668be777b05eaf"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">psa_export_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, uint8_t *data, size_t data_size, size_t *data_length)</td></tr>
-<tr class="memdesc:ga902b9a7a6cf34d6111668be777b05eaf"><td class="mdescLeft">&#160;</td><td class="mdescRight">Export a key in binary format.  <a href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">More...</a><br /></td></tr>
-<tr class="separator:ga902b9a7a6cf34d6111668be777b05eaf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad760d1f0d4e60972c78cbb4c8a528256"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">psa_export_public_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, uint8_t *data, size_t data_size, size_t *data_length)</td></tr>
-<tr class="memdesc:gad760d1f0d4e60972c78cbb4c8a528256"><td class="mdescLeft">&#160;</td><td class="mdescRight">Export a public key or the public part of a key pair in binary format.  <a href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">More...</a><br /></td></tr>
-<tr class="separator:gad760d1f0d4e60972c78cbb4c8a528256"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5c1c24176cfb1517a8806235b3162a9d"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d">psa_copy_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> source_handle, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> target_handle, const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *constraint)</td></tr>
-<tr class="separator:ga5c1c24176cfb1517a8806235b3162a9d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac69f7f19d96a56c28cf3799d11b12156"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#gac69f7f19d96a56c28cf3799d11b12156">psa_hash_compute</a> (<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)</td></tr>
-<tr class="separator:gac69f7f19d96a56c28cf3799d11b12156"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0bb6dbd3c310648c3cf7d202413ff0bc"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc">psa_hash_compare</a> (<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *hash, const size_t hash_length)</td></tr>
-<tr class="separator:ga0bb6dbd3c310648c3cf7d202413ff0bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8d72896cf70fc4d514c5c6b978912515"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga8d72896cf70fc4d514c5c6b978912515"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga65b16ef97d7f650899b7db4b7d1112ff"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, const uint8_t *input, size_t input_length)</td></tr>
-<tr class="separator:ga65b16ef97d7f650899b7db4b7d1112ff"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4795fd06a0067b0adcd92e9627b8c97e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)</td></tr>
-<tr class="separator:ga4795fd06a0067b0adcd92e9627b8c97e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7be923c5700c9c70ef77ee9b76d1a5c0"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, const uint8_t *hash, size_t hash_length)</td></tr>
-<tr class="separator:ga7be923c5700c9c70ef77ee9b76d1a5c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab0b4d5f9912a615559497a467b532928"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation)</td></tr>
-<tr class="separator:gab0b4d5f9912a615559497a467b532928"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga39673348f3302b4646bd780034a5aeda"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga39673348f3302b4646bd780034a5aeda">psa_hash_clone</a> (const <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *source_operation, <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *target_operation)</td></tr>
-<tr class="separator:ga39673348f3302b4646bd780034a5aeda"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gace78d9b51394f9d4f77952963665897a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gace78d9b51394f9d4f77952963665897a">psa_mac_compute</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length)</td></tr>
-<tr class="separator:gace78d9b51394f9d4f77952963665897a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga08e2e8c21bfe762a907266f3bdd1d07c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c">psa_mac_verify</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *mac, const size_t mac_length)</td></tr>
-<tr class="separator:ga08e2e8c21bfe762a907266f3bdd1d07c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad33f2b15119593571ca6b8e7c757ab0e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:gad33f2b15119593571ca6b8e7c757ab0e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa721a59ae6d085ec90c7dc918879a027"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:gaa721a59ae6d085ec90c7dc918879a027"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5560af371497babefe03c9da4e8a1c05"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, const uint8_t *input, size_t input_length)</td></tr>
-<tr class="separator:ga5560af371497babefe03c9da4e8a1c05"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac22bc0125580c96724a09226cfbc97f2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, uint8_t *mac, size_t mac_size, size_t *mac_length)</td></tr>
-<tr class="separator:gac22bc0125580c96724a09226cfbc97f2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac92b2930d6728e1be4d011c05d485822"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, const uint8_t *mac, size_t mac_length)</td></tr>
-<tr class="separator:gac92b2930d6728e1be4d011c05d485822"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacd8dd54855ba1bc0a03f104f252884fd"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation)</td></tr>
-<tr class="separator:gacd8dd54855ba1bc0a03f104f252884fd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac76dda492d9a1ba6b327bff610ec17b2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2">psa_cipher_encrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:gac76dda492d9a1ba6b327bff610ec17b2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga43d5991711ec45c98af0c1d99f6e0216"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216">psa_cipher_decrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:ga43d5991711ec45c98af0c1d99f6e0216"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2a7fc79a9d150d42dba99f40ee3a185e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga2a7fc79a9d150d42dba99f40ee3a185e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaddf8504e5367cd0efb4415bdec004f44"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:gaddf8504e5367cd0efb4415bdec004f44"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga44857cf5e0c3d134a3c560f8ff5b50aa"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, unsigned char *iv, size_t iv_size, size_t *iv_length)</td></tr>
-<tr class="separator:ga44857cf5e0c3d134a3c560f8ff5b50aa"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1359b2101f31637496ce7cc36c6e3d42"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">psa_cipher_set_iv</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, const unsigned char *iv, size_t iv_length)</td></tr>
-<tr class="separator:ga1359b2101f31637496ce7cc36c6e3d42"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd0caea99cf1052527e4089d37f5ab91"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:gafd0caea99cf1052527e4089d37f5ab91"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1dcb58b8befe23f8a4d7a1d49c99249b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:ga1dcb58b8befe23f8a4d7a1d49c99249b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaad482cdca2098bca0620596aaa02eaa4"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation)</td></tr>
-<tr class="separator:gaad482cdca2098bca0620596aaa02eaa4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga44de092cf58bb6c820c5c80a6c51610d"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">psa_aead_encrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)</td></tr>
-<tr class="separator:ga44de092cf58bb6c820c5c80a6c51610d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa8ce6527f2e227f1071fadbf2099793b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">psa_aead_decrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)</td></tr>
-<tr class="separator:gaa8ce6527f2e227f1071fadbf2099793b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga47265dc4852f1476f852752218fd12b2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga47265dc4852f1476f852752218fd12b2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga439896519d4a367ec86b47f201884152"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga439896519d4a367ec86b47f201884152"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3eadcf2a29f662129ea4fb3454969ba2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, unsigned char *nonce, size_t nonce_size, size_t *nonce_length)</td></tr>
-<tr class="separator:ga3eadcf2a29f662129ea4fb3454969ba2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga40641d0721ca7fe01bbcd9ef635fbc46"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const unsigned char *nonce, size_t nonce_length)</td></tr>
-<tr class="separator:ga40641d0721ca7fe01bbcd9ef635fbc46"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad3431e28d05002c2a7b0760610176050"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, size_t ad_length, size_t plaintext_length)</td></tr>
-<tr class="separator:gad3431e28d05002c2a7b0760610176050"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d0eed03f832e5c9c91cb8adf2882569"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const uint8_t *input, size_t input_length)</td></tr>
-<tr class="separator:ga6d0eed03f832e5c9c91cb8adf2882569"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3b105de2088cef7c3d9e2fd8048c841c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:ga3b105de2088cef7c3d9e2fd8048c841c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga759791bbe1763b377c3b5447641f1fc8"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length)</td></tr>
-<tr class="separator:ga759791bbe1763b377c3b5447641f1fc8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaed211fc61977c859d6ff07f39f59219"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const uint8_t *tag, size_t tag_length)</td></tr>
-<tr class="separator:gaaed211fc61977c859d6ff07f39f59219"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae8a5f93d92318c8f592ee9fbb9d36ba0"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation)</td></tr>
-<tr class="separator:gae8a5f93d92318c8f592ee9fbb9d36ba0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1b0db9d345b5048cdd39357ac2d56c07"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07">psa_asymmetric_sign</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)</td></tr>
-<tr class="memdesc:ga1b0db9d345b5048cdd39357ac2d56c07"><td class="mdescLeft">&#160;</td><td class="mdescRight">Sign a hash or short message with a private key.  <a href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07">More...</a><br /></td></tr>
-<tr class="separator:ga1b0db9d345b5048cdd39357ac2d56c07"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1b8e964c8d927e3d632325d762959eb7"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7">psa_asymmetric_verify</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)</td></tr>
-<tr class="memdesc:ga1b8e964c8d927e3d632325d762959eb7"><td class="mdescLeft">&#160;</td><td class="mdescRight">Verify the signature a hash or short message using a public key.  <a href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7">More...</a><br /></td></tr>
-<tr class="separator:ga1b8e964c8d927e3d632325d762959eb7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad429293b7b0bf2a830b9540a02552004"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004">psa_asymmetric_encrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="memdesc:gad429293b7b0bf2a830b9540a02552004"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encrypt a short message with a public key.  <a href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004">More...</a><br /></td></tr>
-<tr class="separator:gad429293b7b0bf2a830b9540a02552004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga34b55fbaee23dba1a677186fc66a556e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e">psa_asymmetric_decrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="memdesc:ga34b55fbaee23dba1a677186fc66a556e"><td class="mdescLeft">&#160;</td><td class="mdescRight">Decrypt a short message with a private key.  <a href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e">More...</a><br /></td></tr>
-<tr class="separator:ga34b55fbaee23dba1a677186fc66a556e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7453491e3b440193be2c5dccc2040fd2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga7453491e3b440193be2c5dccc2040fd2">psa_get_generator_capacity</a> (const <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, size_t *capacity)</td></tr>
-<tr class="separator:ga7453491e3b440193be2c5dccc2040fd2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga45676ec3c719622f95caaf926f44bb6e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">psa_set_generator_capacity</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, size_t capacity)</td></tr>
-<tr class="separator:ga45676ec3c719622f95caaf926f44bb6e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab5712ad29b78c2b170e64cc5bcfc1bce"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">psa_generator_read</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, uint8_t *output, size_t output_length)</td></tr>
-<tr class="separator:gab5712ad29b78c2b170e64cc5bcfc1bce"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7fcdf07cd37279ca167db484053da894"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">psa_generator_import_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, size_t bits, <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator)</td></tr>
-<tr class="separator:ga7fcdf07cd37279ca167db484053da894"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga563ca64537d90368899286b36d8cf7f3"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator)</td></tr>
-<tr class="separator:ga563ca64537d90368899286b36d8cf7f3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1825696be813dfac2b8d3d02717e71c5"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga1825696be813dfac2b8d3d02717e71c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1b30e888db65c71f5337900848e1b03f"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, const uint8_t *data, size_t data_length)</td></tr>
-<tr class="separator:ga1b30e888db65c71f5337900848e1b03f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9e5f549aa1f6f3863a07008d3d98f91a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle)</td></tr>
-<tr class="separator:ga9e5f549aa1f6f3863a07008d3d98f91a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2c7fe304cacc141ffb91553548abc5d2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">psa_key_agreement</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key, const uint8_t *peer_key, size_t peer_key_length)</td></tr>
-<tr class="separator:ga2c7fe304cacc141ffb91553548abc5d2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf1b12eff66a1a0020b5bdc8d0e910006"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006">psa_key_agreement_raw_shared_secret</a> (<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:gaf1b12eff66a1a0020b5bdc8d0e910006"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1985eae417dfbccedf50d5fff54ea8c5"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5">psa_generate_random</a> (uint8_t *output, size_t output_size)</td></tr>
-<tr class="memdesc:ga1985eae417dfbccedf50d5fff54ea8c5"><td class="mdescLeft">&#160;</td><td class="mdescRight">Generate random bytes.  <a href="group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5">More...</a><br /></td></tr>
-<tr class="separator:ga1985eae417dfbccedf50d5fff54ea8c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga72921520494b4f007a3afb904cd9ecdd"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd">psa_generate_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, size_t bits, const void *extra, size_t extra_size)</td></tr>
-<tr class="memdesc:ga72921520494b4f007a3afb904cd9ecdd"><td class="mdescLeft">&#160;</td><td class="mdescRight">Generate a key or key pair.  <a href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd">More...</a><br /></td></tr>
-<tr class="separator:ga72921520494b4f007a3afb904cd9ecdd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<div class="textblock"><p>Platform Security Architecture cryptography module. </p>
-</div></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto_8h__incl.map b/docs/html/crypto_8h__incl.map
deleted file mode 100644
index 1ed73ed..0000000
--- a/docs/html/crypto_8h__incl.map
+++ /dev/null
@@ -1,5 +0,0 @@
-<map id="psa/crypto.h" name="psa/crypto.h">
-<area shape="rect" id="node8" href="$crypto__types_8h.html" title="PSA cryptography module: type aliases. " alt="" coords="763,102,871,129"/>
-<area shape="rect" id="node9" href="$crypto__values_8h.html" title="PSA cryptography module: macros to build and analyze integer values. " alt="" coords="896,102,1011,129"/>
-<area shape="rect" id="node10" href="$crypto__sizes_8h.html" title="PSA cryptography module: Mbed TLS buffer size macros. " alt="" coords="1035,102,1141,129"/>
-</map>
diff --git a/docs/html/crypto_8h__incl.md5 b/docs/html/crypto_8h__incl.md5
deleted file mode 100644
index 4e6059e..0000000
--- a/docs/html/crypto_8h__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-074e89e7e237fada4ce8156df08ea036
\ No newline at end of file
diff --git a/docs/html/crypto_8h__incl.png b/docs/html/crypto_8h__incl.png
deleted file mode 100644
index 520e3e9..0000000
--- a/docs/html/crypto_8h__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto_8h_source.html b/docs/html/crypto_8h_source.html
deleted file mode 100644
index f1d6037..0000000
--- a/docs/html/crypto_8h_source.html
+++ /dev/null
@@ -1,192 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto.h Source File</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="headertitle">
-<div class="title">crypto.h</div>  </div>
-</div><!--header-->
-<div class="contents">
-<a href="crypto_8h.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;</div><div class="line"><a name="l00005"></a><span class="lineno">    5</span>&#160;<span class="comment">/*</span></div><div class="line"><a name="l00006"></a><span class="lineno">    6</span>&#160;<span class="comment"> *  Copyright (C) 2018, ARM Limited, All Rights Reserved</span></div><div class="line"><a name="l00007"></a><span class="lineno">    7</span>&#160;<span class="comment"> *  SPDX-License-Identifier: Apache-2.0</span></div><div class="line"><a name="l00008"></a><span class="lineno">    8</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00009"></a><span class="lineno">    9</span>&#160;<span class="comment"> *  Licensed under the Apache License, Version 2.0 (the &quot;License&quot;); you may</span></div><div class="line"><a name="l00010"></a><span class="lineno">   10</span>&#160;<span class="comment"> *  not use this file except in compliance with the License.</span></div><div class="line"><a name="l00011"></a><span class="lineno">   11</span>&#160;<span class="comment"> *  You may obtain a copy of the License at</span></div><div class="line"><a name="l00012"></a><span class="lineno">   12</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00013"></a><span class="lineno">   13</span>&#160;<span class="comment"> *  http://www.apache.org/licenses/LICENSE-2.0</span></div><div class="line"><a name="l00014"></a><span class="lineno">   14</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00015"></a><span class="lineno">   15</span>&#160;<span class="comment"> *  Unless required by applicable law or agreed to in writing, software</span></div><div class="line"><a name="l00016"></a><span class="lineno">   16</span>&#160;<span class="comment"> *  distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT</span></div><div class="line"><a name="l00017"></a><span class="lineno">   17</span>&#160;<span class="comment"> *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></div><div class="line"><a name="l00018"></a><span class="lineno">   18</span>&#160;<span class="comment"> *  See the License for the specific language governing permissions and</span></div><div class="line"><a name="l00019"></a><span class="lineno">   19</span>&#160;<span class="comment"> *  limitations under the License.</span></div><div class="line"><a name="l00020"></a><span class="lineno">   20</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00021"></a><span class="lineno">   21</span>&#160;</div><div class="line"><a name="l00022"></a><span class="lineno">   22</span>&#160;<span class="preprocessor">#ifndef PSA_CRYPTO_H</span></div><div class="line"><a name="l00023"></a><span class="lineno">   23</span>&#160;<span class="preprocessor">#define PSA_CRYPTO_H</span></div><div class="line"><a name="l00024"></a><span class="lineno">   24</span>&#160;</div><div class="line"><a name="l00025"></a><span class="lineno">   25</span>&#160;<span class="preprocessor">#include &quot;crypto_platform.h&quot;</span></div><div class="line"><a name="l00026"></a><span class="lineno">   26</span>&#160;</div><div class="line"><a name="l00027"></a><span class="lineno">   27</span>&#160;<span class="preprocessor">#include &lt;stddef.h&gt;</span></div><div class="line"><a name="l00028"></a><span class="lineno">   28</span>&#160;</div><div class="line"><a name="l00029"></a><span class="lineno">   29</span>&#160;<span class="preprocessor">#ifdef __DOXYGEN_ONLY__</span></div><div class="line"><a name="l00030"></a><span class="lineno">   30</span>&#160;<span class="comment">/* This __DOXYGEN_ONLY__ block contains mock definitions for things that</span></div><div class="line"><a name="l00031"></a><span class="lineno">   31</span>&#160;<span class="comment"> * must be defined in the crypto_platform.h header. These mock definitions</span></div><div class="line"><a name="l00032"></a><span class="lineno">   32</span>&#160;<span class="comment"> * are present in this file as a convenience to generate pretty-printed</span></div><div class="line"><a name="l00033"></a><span class="lineno">   33</span>&#160;<span class="comment"> * documentation that includes those definitions. */</span></div><div class="line"><a name="l00034"></a><span class="lineno">   34</span>&#160;</div><div class="line"><a name="l00047"></a><span class="lineno"><a class="line" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">   47</a></span>&#160;<span class="keyword">typedef</span> _unsigned_integral_type_ <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>;</div><div class="line"><a name="l00048"></a><span class="lineno">   48</span>&#160;</div><div class="line"><a name="l00050"></a><span class="lineno">   50</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* __DOXYGEN_ONLY__ */</span><span class="preprocessor"></span></div><div class="line"><a name="l00051"></a><span class="lineno">   51</span>&#160;</div><div class="line"><a name="l00052"></a><span class="lineno">   52</span>&#160;<span class="preprocessor">#ifdef __cplusplus</span></div><div class="line"><a name="l00053"></a><span class="lineno">   53</span>&#160;<span class="keyword">extern</span> <span class="stringliteral">&quot;C&quot;</span> {</div><div class="line"><a name="l00054"></a><span class="lineno">   54</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l00055"></a><span class="lineno">   55</span>&#160;</div><div class="line"><a name="l00056"></a><span class="lineno">   56</span>&#160;<span class="comment">/* The file &quot;crypto_types.h&quot; declares types that encode errors,</span></div><div class="line"><a name="l00057"></a><span class="lineno">   57</span>&#160;<span class="comment"> * algorithms, key types, policies, etc. */</span></div><div class="line"><a name="l00058"></a><span class="lineno">   58</span>&#160;<span class="preprocessor">#include &quot;<a class="code" href="crypto__types_8h.html">crypto_types.h</a>&quot;</span></div><div class="line"><a name="l00059"></a><span class="lineno">   59</span>&#160;</div><div class="line"><a name="l00060"></a><span class="lineno">   60</span>&#160;<span class="comment">/* The file &quot;crypto_values.h&quot; declares macros to build and analyze values</span></div><div class="line"><a name="l00061"></a><span class="lineno">   61</span>&#160;<span class="comment"> * of integral types defined in &quot;crypto_types.h&quot;. */</span></div><div class="line"><a name="l00062"></a><span class="lineno">   62</span>&#160;<span class="preprocessor">#include &quot;<a class="code" href="crypto__values_8h.html">crypto_values.h</a>&quot;</span></div><div class="line"><a name="l00063"></a><span class="lineno">   63</span>&#160;</div><div class="line"><a name="l00092"></a><span class="lineno">   92</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9">psa_crypto_init</a>(<span class="keywordtype">void</span>);</div><div class="line"><a name="l00093"></a><span class="lineno">   93</span>&#160;</div><div class="line"><a name="l00128"></a><span class="lineno"><a class="line" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">  128</a></span>&#160;<span class="keyword">typedef</span> <span class="keyword">struct </span>psa_key_policy_s <a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a>;</div><div class="line"><a name="l00129"></a><span class="lineno">  129</span>&#160;</div><div class="line"><a name="l00135"></a><span class="lineno">  135</span>&#160;<span class="preprocessor">#ifdef __DOXYGEN_ONLY__</span></div><div class="line"><a name="l00136"></a><span class="lineno">  136</span>&#160;<span class="comment">/* This is an example definition for documentation purposes.</span></div><div class="line"><a name="l00137"></a><span class="lineno">  137</span>&#160;<span class="comment"> * Implementations should define a suitable value in `crypto_struct.h`.</span></div><div class="line"><a name="l00138"></a><span class="lineno">  138</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00139"></a><span class="lineno"><a class="line" href="group__policy.html#ga5e6bc5f550e88fdc7790f2a75e79f7c5">  139</a></span>&#160;<span class="preprocessor">#define PSA_KEY_POLICY_INIT {0}</span></div><div class="line"><a name="l00140"></a><span class="lineno">  140</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l00141"></a><span class="lineno">  141</span>&#160;</div><div class="line"><a name="l00144"></a><span class="lineno">  144</span>&#160;<span class="keyword">static</span> <a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> psa_key_policy_init(<span class="keywordtype">void</span>);</div><div class="line"><a name="l00145"></a><span class="lineno">  145</span>&#160;</div><div class="line"><a name="l00158"></a><span class="lineno">  158</span>&#160;<span class="keywordtype">void</span> <a class="code" href="group__policy.html#gac16792fd6d375a5f76d372090df40607">psa_key_policy_set_usage</a>(<a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy,</div><div class="line"><a name="l00159"></a><span class="lineno">  159</span>&#160;                              <a class="code" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a> usage,</div><div class="line"><a name="l00160"></a><span class="lineno">  160</span>&#160;                              <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l00161"></a><span class="lineno">  161</span>&#160;</div><div class="line"><a name="l00168"></a><span class="lineno">  168</span>&#160;<a class="code" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a> <a class="code" href="group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab">psa_key_policy_get_usage</a>(<span class="keyword">const</span> <a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy);</div><div class="line"><a name="l00169"></a><span class="lineno">  169</span>&#160;</div><div class="line"><a name="l00176"></a><span class="lineno">  176</span>&#160;<a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> <a class="code" href="group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86">psa_key_policy_get_algorithm</a>(<span class="keyword">const</span> <a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy);</div><div class="line"><a name="l00177"></a><span class="lineno">  177</span>&#160;</div><div class="line"><a name="l00207"></a><span class="lineno">  207</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b">psa_set_key_policy</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00208"></a><span class="lineno">  208</span>&#160;                                <span class="keyword">const</span> <a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy);</div><div class="line"><a name="l00209"></a><span class="lineno">  209</span>&#160;</div><div class="line"><a name="l00225"></a><span class="lineno">  225</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__policy.html#gaed087d1386b807edee66b2e445ba9111">psa_get_key_policy</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00226"></a><span class="lineno">  226</span>&#160;                                <a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy);</div><div class="line"><a name="l00227"></a><span class="lineno">  227</span>&#160;</div><div class="line"><a name="l00250"></a><span class="lineno">  250</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022">psa_get_key_lifetime</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00251"></a><span class="lineno">  251</span>&#160;                                  <a class="code" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> *lifetime);</div><div class="line"><a name="l00252"></a><span class="lineno">  252</span>&#160;</div><div class="line"><a name="l00253"></a><span class="lineno">  253</span>&#160;</div><div class="line"><a name="l00270"></a><span class="lineno">  270</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle);</div><div class="line"><a name="l00271"></a><span class="lineno">  271</span>&#160;</div><div class="line"><a name="l00301"></a><span class="lineno">  301</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">psa_open_key</a>(<a class="code" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> lifetime,</div><div class="line"><a name="l00302"></a><span class="lineno">  302</span>&#160;                          <a class="code" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a> <span class="keywordtype">id</span>,</div><div class="line"><a name="l00303"></a><span class="lineno">  303</span>&#160;                          <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle);</div><div class="line"><a name="l00304"></a><span class="lineno">  304</span>&#160;</div><div class="line"><a name="l00338"></a><span class="lineno">  338</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key</a>(<a class="code" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> lifetime,</div><div class="line"><a name="l00339"></a><span class="lineno">  339</span>&#160;                            <a class="code" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a> <span class="keywordtype">id</span>,</div><div class="line"><a name="l00340"></a><span class="lineno">  340</span>&#160;                            <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle);</div><div class="line"><a name="l00341"></a><span class="lineno">  341</span>&#160;</div><div class="line"><a name="l00360"></a><span class="lineno">  360</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">psa_close_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle);</div><div class="line"><a name="l00361"></a><span class="lineno">  361</span>&#160;</div><div class="line"><a name="l00420"></a><span class="lineno">  420</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a">psa_import_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00421"></a><span class="lineno">  421</span>&#160;                            <a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type,</div><div class="line"><a name="l00422"></a><span class="lineno">  422</span>&#160;                            <span class="keyword">const</span> uint8_t *data,</div><div class="line"><a name="l00423"></a><span class="lineno">  423</span>&#160;                            <span class="keywordtype">size_t</span> data_length);</div><div class="line"><a name="l00424"></a><span class="lineno">  424</span>&#160;</div><div class="line"><a name="l00464"></a><span class="lineno">  464</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c">psa_destroy_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle);</div><div class="line"><a name="l00465"></a><span class="lineno">  465</span>&#160;</div><div class="line"><a name="l00489"></a><span class="lineno">  489</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">psa_get_key_information</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00490"></a><span class="lineno">  490</span>&#160;                                     <a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> *type,</div><div class="line"><a name="l00491"></a><span class="lineno">  491</span>&#160;                                     <span class="keywordtype">size_t</span> *bits);</div><div class="line"><a name="l00492"></a><span class="lineno">  492</span>&#160;</div><div class="line"><a name="l00556"></a><span class="lineno">  556</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300">psa_set_key_domain_parameters</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00557"></a><span class="lineno">  557</span>&#160;                                           <a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type,</div><div class="line"><a name="l00558"></a><span class="lineno">  558</span>&#160;                                           <span class="keyword">const</span> uint8_t *data,</div><div class="line"><a name="l00559"></a><span class="lineno">  559</span>&#160;                                           <span class="keywordtype">size_t</span> data_length);</div><div class="line"><a name="l00560"></a><span class="lineno">  560</span>&#160;</div><div class="line"><a name="l00588"></a><span class="lineno">  588</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7">psa_get_key_domain_parameters</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00589"></a><span class="lineno">  589</span>&#160;                                           uint8_t *data,</div><div class="line"><a name="l00590"></a><span class="lineno">  590</span>&#160;                                           <span class="keywordtype">size_t</span> data_size,</div><div class="line"><a name="l00591"></a><span class="lineno">  591</span>&#160;                                           <span class="keywordtype">size_t</span> *data_length);</div><div class="line"><a name="l00592"></a><span class="lineno">  592</span>&#160;</div><div class="line"><a name="l00675"></a><span class="lineno">  675</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">psa_export_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00676"></a><span class="lineno">  676</span>&#160;                            uint8_t *data,</div><div class="line"><a name="l00677"></a><span class="lineno">  677</span>&#160;                            <span class="keywordtype">size_t</span> data_size,</div><div class="line"><a name="l00678"></a><span class="lineno">  678</span>&#160;                            <span class="keywordtype">size_t</span> *data_length);</div><div class="line"><a name="l00679"></a><span class="lineno">  679</span>&#160;</div><div class="line"><a name="l00744"></a><span class="lineno">  744</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">psa_export_public_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l00745"></a><span class="lineno">  745</span>&#160;                                   uint8_t *data,</div><div class="line"><a name="l00746"></a><span class="lineno">  746</span>&#160;                                   <span class="keywordtype">size_t</span> data_size,</div><div class="line"><a name="l00747"></a><span class="lineno">  747</span>&#160;                                   <span class="keywordtype">size_t</span> *data_length);</div><div class="line"><a name="l00748"></a><span class="lineno">  748</span>&#160;</div><div class="line"><a name="l00810"></a><span class="lineno">  810</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d">psa_copy_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> source_handle,</div><div class="line"><a name="l00811"></a><span class="lineno">  811</span>&#160;                          <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> target_handle,</div><div class="line"><a name="l00812"></a><span class="lineno">  812</span>&#160;                          <span class="keyword">const</span> <a class="code" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *constraint);</div><div class="line"><a name="l00813"></a><span class="lineno">  813</span>&#160;</div><div class="line"><a name="l00844"></a><span class="lineno">  844</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#gac69f7f19d96a56c28cf3799d11b12156">psa_hash_compute</a>(<a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l00845"></a><span class="lineno">  845</span>&#160;                              <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l00846"></a><span class="lineno">  846</span>&#160;                              <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l00847"></a><span class="lineno">  847</span>&#160;                              uint8_t *hash,</div><div class="line"><a name="l00848"></a><span class="lineno">  848</span>&#160;                              <span class="keywordtype">size_t</span> hash_size,</div><div class="line"><a name="l00849"></a><span class="lineno">  849</span>&#160;                              <span class="keywordtype">size_t</span> *hash_length);</div><div class="line"><a name="l00850"></a><span class="lineno">  850</span>&#160;</div><div class="line"><a name="l00873"></a><span class="lineno">  873</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc">psa_hash_compare</a>(<a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l00874"></a><span class="lineno">  874</span>&#160;                              <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l00875"></a><span class="lineno">  875</span>&#160;                              <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l00876"></a><span class="lineno">  876</span>&#160;                              <span class="keyword">const</span> uint8_t *hash,</div><div class="line"><a name="l00877"></a><span class="lineno">  877</span>&#160;                              <span class="keyword">const</span> <span class="keywordtype">size_t</span> hash_length);</div><div class="line"><a name="l00878"></a><span class="lineno">  878</span>&#160;</div><div class="line"><a name="l00907"></a><span class="lineno"><a class="line" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">  907</a></span>&#160;<span class="keyword">typedef</span> <span class="keyword">struct </span>psa_hash_operation_s <a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a>;</div><div class="line"><a name="l00908"></a><span class="lineno">  908</span>&#160;</div><div class="line"><a name="l00914"></a><span class="lineno">  914</span>&#160;<span class="preprocessor">#ifdef __DOXYGEN_ONLY__</span></div><div class="line"><a name="l00915"></a><span class="lineno">  915</span>&#160;<span class="comment">/* This is an example definition for documentation purposes.</span></div><div class="line"><a name="l00916"></a><span class="lineno">  916</span>&#160;<span class="comment"> * Implementations should define a suitable value in `crypto_struct.h`.</span></div><div class="line"><a name="l00917"></a><span class="lineno">  917</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00918"></a><span class="lineno"><a class="line" href="group__hash.html#ga6ab7fe8d3500bc2f21be840b4f4f8d1d">  918</a></span>&#160;<span class="preprocessor">#define PSA_HASH_OPERATION_INIT {0}</span></div><div class="line"><a name="l00919"></a><span class="lineno">  919</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l00920"></a><span class="lineno">  920</span>&#160;</div><div class="line"><a name="l00923"></a><span class="lineno">  923</span>&#160;<span class="keyword">static</span> <a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> psa_hash_operation_init(<span class="keywordtype">void</span>);</div><div class="line"><a name="l00924"></a><span class="lineno">  924</span>&#160;</div><div class="line"><a name="l00964"></a><span class="lineno">  964</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup</a>(<a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation,</div><div class="line"><a name="l00965"></a><span class="lineno">  965</span>&#160;                            <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l00966"></a><span class="lineno">  966</span>&#160;</div><div class="line"><a name="l00986"></a><span class="lineno">  986</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update</a>(<a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation,</div><div class="line"><a name="l00987"></a><span class="lineno">  987</span>&#160;                             <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l00988"></a><span class="lineno">  988</span>&#160;                             <span class="keywordtype">size_t</span> input_length);</div><div class="line"><a name="l00989"></a><span class="lineno">  989</span>&#160;</div><div class="line"><a name="l01027"></a><span class="lineno"> 1027</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish</a>(<a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation,</div><div class="line"><a name="l01028"></a><span class="lineno"> 1028</span>&#160;                             uint8_t *hash,</div><div class="line"><a name="l01029"></a><span class="lineno"> 1029</span>&#160;                             <span class="keywordtype">size_t</span> hash_size,</div><div class="line"><a name="l01030"></a><span class="lineno"> 1030</span>&#160;                             <span class="keywordtype">size_t</span> *hash_length);</div><div class="line"><a name="l01031"></a><span class="lineno"> 1031</span>&#160;</div><div class="line"><a name="l01063"></a><span class="lineno"> 1063</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify</a>(<a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation,</div><div class="line"><a name="l01064"></a><span class="lineno"> 1064</span>&#160;                             <span class="keyword">const</span> uint8_t *hash,</div><div class="line"><a name="l01065"></a><span class="lineno"> 1065</span>&#160;                             <span class="keywordtype">size_t</span> hash_length);</div><div class="line"><a name="l01066"></a><span class="lineno"> 1066</span>&#160;</div><div class="line"><a name="l01094"></a><span class="lineno"> 1094</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort</a>(<a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation);</div><div class="line"><a name="l01095"></a><span class="lineno"> 1095</span>&#160;</div><div class="line"><a name="l01120"></a><span class="lineno"> 1120</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__hash.html#ga39673348f3302b4646bd780034a5aeda">psa_hash_clone</a>(<span class="keyword">const</span> <a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *source_operation,</div><div class="line"><a name="l01121"></a><span class="lineno"> 1121</span>&#160;                            <a class="code" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *target_operation);</div><div class="line"><a name="l01122"></a><span class="lineno"> 1122</span>&#160;</div><div class="line"><a name="l01167"></a><span class="lineno"> 1167</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#gace78d9b51394f9d4f77952963665897a">psa_mac_compute</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01168"></a><span class="lineno"> 1168</span>&#160;                             <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l01169"></a><span class="lineno"> 1169</span>&#160;                             <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l01170"></a><span class="lineno"> 1170</span>&#160;                             <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l01171"></a><span class="lineno"> 1171</span>&#160;                             uint8_t *mac,</div><div class="line"><a name="l01172"></a><span class="lineno"> 1172</span>&#160;                             <span class="keywordtype">size_t</span> mac_size,</div><div class="line"><a name="l01173"></a><span class="lineno"> 1173</span>&#160;                             <span class="keywordtype">size_t</span> *mac_length);</div><div class="line"><a name="l01174"></a><span class="lineno"> 1174</span>&#160;</div><div class="line"><a name="l01202"></a><span class="lineno"> 1202</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c">psa_mac_verify</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01203"></a><span class="lineno"> 1203</span>&#160;                            <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l01204"></a><span class="lineno"> 1204</span>&#160;                            <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l01205"></a><span class="lineno"> 1205</span>&#160;                            <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l01206"></a><span class="lineno"> 1206</span>&#160;                            <span class="keyword">const</span> uint8_t *mac,</div><div class="line"><a name="l01207"></a><span class="lineno"> 1207</span>&#160;                            <span class="keyword">const</span> <span class="keywordtype">size_t</span> mac_length);</div><div class="line"><a name="l01208"></a><span class="lineno"> 1208</span>&#160;</div><div class="line"><a name="l01237"></a><span class="lineno"><a class="line" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37"> 1237</a></span>&#160;<span class="keyword">typedef</span> <span class="keyword">struct </span>psa_mac_operation_s <a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a>;</div><div class="line"><a name="l01238"></a><span class="lineno"> 1238</span>&#160;</div><div class="line"><a name="l01244"></a><span class="lineno"> 1244</span>&#160;<span class="preprocessor">#ifdef __DOXYGEN_ONLY__</span></div><div class="line"><a name="l01245"></a><span class="lineno"> 1245</span>&#160;<span class="comment">/* This is an example definition for documentation purposes.</span></div><div class="line"><a name="l01246"></a><span class="lineno"> 1246</span>&#160;<span class="comment"> * Implementations should define a suitable value in `crypto_struct.h`.</span></div><div class="line"><a name="l01247"></a><span class="lineno"> 1247</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l01248"></a><span class="lineno"><a class="line" href="group__MAC.html#ga441b6efc161a4573d06465bd22d9dc2d"> 1248</a></span>&#160;<span class="preprocessor">#define PSA_MAC_OPERATION_INIT {0}</span></div><div class="line"><a name="l01249"></a><span class="lineno"> 1249</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l01250"></a><span class="lineno"> 1250</span>&#160;</div><div class="line"><a name="l01253"></a><span class="lineno"> 1253</span>&#160;<span class="keyword">static</span> <a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> psa_mac_operation_init(<span class="keywordtype">void</span>);</div><div class="line"><a name="l01254"></a><span class="lineno"> 1254</span>&#160;</div><div class="line"><a name="l01309"></a><span class="lineno"> 1309</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup</a>(<a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation,</div><div class="line"><a name="l01310"></a><span class="lineno"> 1310</span>&#160;                                <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01311"></a><span class="lineno"> 1311</span>&#160;                                <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l01312"></a><span class="lineno"> 1312</span>&#160;</div><div class="line"><a name="l01366"></a><span class="lineno"> 1366</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup</a>(<a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation,</div><div class="line"><a name="l01367"></a><span class="lineno"> 1367</span>&#160;                                  <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01368"></a><span class="lineno"> 1368</span>&#160;                                  <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l01369"></a><span class="lineno"> 1369</span>&#160;</div><div class="line"><a name="l01391"></a><span class="lineno"> 1391</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update</a>(<a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation,</div><div class="line"><a name="l01392"></a><span class="lineno"> 1392</span>&#160;                            <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l01393"></a><span class="lineno"> 1393</span>&#160;                            <span class="keywordtype">size_t</span> input_length);</div><div class="line"><a name="l01394"></a><span class="lineno"> 1394</span>&#160;</div><div class="line"><a name="l01433"></a><span class="lineno"> 1433</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish</a>(<a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation,</div><div class="line"><a name="l01434"></a><span class="lineno"> 1434</span>&#160;                                 uint8_t *mac,</div><div class="line"><a name="l01435"></a><span class="lineno"> 1435</span>&#160;                                 <span class="keywordtype">size_t</span> mac_size,</div><div class="line"><a name="l01436"></a><span class="lineno"> 1436</span>&#160;                                 <span class="keywordtype">size_t</span> *mac_length);</div><div class="line"><a name="l01437"></a><span class="lineno"> 1437</span>&#160;</div><div class="line"><a name="l01469"></a><span class="lineno"> 1469</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish</a>(<a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation,</div><div class="line"><a name="l01470"></a><span class="lineno"> 1470</span>&#160;                                   <span class="keyword">const</span> uint8_t *mac,</div><div class="line"><a name="l01471"></a><span class="lineno"> 1471</span>&#160;                                   <span class="keywordtype">size_t</span> mac_length);</div><div class="line"><a name="l01472"></a><span class="lineno"> 1472</span>&#160;</div><div class="line"><a name="l01501"></a><span class="lineno"> 1501</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort</a>(<a class="code" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation);</div><div class="line"><a name="l01502"></a><span class="lineno"> 1502</span>&#160;</div><div class="line"><a name="l01544"></a><span class="lineno"> 1544</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2">psa_cipher_encrypt</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01545"></a><span class="lineno"> 1545</span>&#160;                                <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l01546"></a><span class="lineno"> 1546</span>&#160;                                <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l01547"></a><span class="lineno"> 1547</span>&#160;                                <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l01548"></a><span class="lineno"> 1548</span>&#160;                                uint8_t *output,</div><div class="line"><a name="l01549"></a><span class="lineno"> 1549</span>&#160;                                <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l01550"></a><span class="lineno"> 1550</span>&#160;                                <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l01551"></a><span class="lineno"> 1551</span>&#160;</div><div class="line"><a name="l01586"></a><span class="lineno"> 1586</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216">psa_cipher_decrypt</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01587"></a><span class="lineno"> 1587</span>&#160;                                <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l01588"></a><span class="lineno"> 1588</span>&#160;                                <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l01589"></a><span class="lineno"> 1589</span>&#160;                                <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l01590"></a><span class="lineno"> 1590</span>&#160;                                uint8_t *output,</div><div class="line"><a name="l01591"></a><span class="lineno"> 1591</span>&#160;                                <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l01592"></a><span class="lineno"> 1592</span>&#160;                                <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l01593"></a><span class="lineno"> 1593</span>&#160;</div><div class="line"><a name="l01622"></a><span class="lineno"><a class="line" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa"> 1622</a></span>&#160;<span class="keyword">typedef</span> <span class="keyword">struct </span>psa_cipher_operation_s <a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a>;</div><div class="line"><a name="l01623"></a><span class="lineno"> 1623</span>&#160;</div><div class="line"><a name="l01629"></a><span class="lineno"> 1629</span>&#160;<span class="preprocessor">#ifdef __DOXYGEN_ONLY__</span></div><div class="line"><a name="l01630"></a><span class="lineno"> 1630</span>&#160;<span class="comment">/* This is an example definition for documentation purposes.</span></div><div class="line"><a name="l01631"></a><span class="lineno"> 1631</span>&#160;<span class="comment"> * Implementations should define a suitable value in `crypto_struct.h`.</span></div><div class="line"><a name="l01632"></a><span class="lineno"> 1632</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l01633"></a><span class="lineno"><a class="line" href="group__cipher.html#ga2da0541aabf9a4995cf2004e36311919"> 1633</a></span>&#160;<span class="preprocessor">#define PSA_CIPHER_OPERATION_INIT {0}</span></div><div class="line"><a name="l01634"></a><span class="lineno"> 1634</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l01635"></a><span class="lineno"> 1635</span>&#160;</div><div class="line"><a name="l01638"></a><span class="lineno"> 1638</span>&#160;<span class="keyword">static</span> <a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> psa_cipher_operation_init(<span class="keywordtype">void</span>);</div><div class="line"><a name="l01639"></a><span class="lineno"> 1639</span>&#160;</div><div class="line"><a name="l01695"></a><span class="lineno"> 1695</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup</a>(<a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation,</div><div class="line"><a name="l01696"></a><span class="lineno"> 1696</span>&#160;                                      <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01697"></a><span class="lineno"> 1697</span>&#160;                                      <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l01698"></a><span class="lineno"> 1698</span>&#160;</div><div class="line"><a name="l01754"></a><span class="lineno"> 1754</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup</a>(<a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation,</div><div class="line"><a name="l01755"></a><span class="lineno"> 1755</span>&#160;                                      <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01756"></a><span class="lineno"> 1756</span>&#160;                                      <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l01757"></a><span class="lineno"> 1757</span>&#160;</div><div class="line"><a name="l01786"></a><span class="lineno"> 1786</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv</a>(<a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation,</div><div class="line"><a name="l01787"></a><span class="lineno"> 1787</span>&#160;                                    <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *iv,</div><div class="line"><a name="l01788"></a><span class="lineno"> 1788</span>&#160;                                    <span class="keywordtype">size_t</span> iv_size,</div><div class="line"><a name="l01789"></a><span class="lineno"> 1789</span>&#160;                                    <span class="keywordtype">size_t</span> *iv_length);</div><div class="line"><a name="l01790"></a><span class="lineno"> 1790</span>&#160;</div><div class="line"><a name="l01821"></a><span class="lineno"> 1821</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">psa_cipher_set_iv</a>(<a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation,</div><div class="line"><a name="l01822"></a><span class="lineno"> 1822</span>&#160;                               <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *iv,</div><div class="line"><a name="l01823"></a><span class="lineno"> 1823</span>&#160;                               <span class="keywordtype">size_t</span> iv_length);</div><div class="line"><a name="l01824"></a><span class="lineno"> 1824</span>&#160;</div><div class="line"><a name="l01857"></a><span class="lineno"> 1857</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update</a>(<a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation,</div><div class="line"><a name="l01858"></a><span class="lineno"> 1858</span>&#160;                               <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l01859"></a><span class="lineno"> 1859</span>&#160;                               <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l01860"></a><span class="lineno"> 1860</span>&#160;                               <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *output,</div><div class="line"><a name="l01861"></a><span class="lineno"> 1861</span>&#160;                               <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l01862"></a><span class="lineno"> 1862</span>&#160;                               <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l01863"></a><span class="lineno"> 1863</span>&#160;</div><div class="line"><a name="l01895"></a><span class="lineno"> 1895</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish</a>(<a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation,</div><div class="line"><a name="l01896"></a><span class="lineno"> 1896</span>&#160;                               uint8_t *output,</div><div class="line"><a name="l01897"></a><span class="lineno"> 1897</span>&#160;                               <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l01898"></a><span class="lineno"> 1898</span>&#160;                               <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l01899"></a><span class="lineno"> 1899</span>&#160;</div><div class="line"><a name="l01928"></a><span class="lineno"> 1928</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort</a>(<a class="code" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation);</div><div class="line"><a name="l01929"></a><span class="lineno"> 1929</span>&#160;</div><div class="line"><a name="l01982"></a><span class="lineno"> 1982</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">psa_aead_encrypt</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l01983"></a><span class="lineno"> 1983</span>&#160;                              <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l01984"></a><span class="lineno"> 1984</span>&#160;                              <span class="keyword">const</span> uint8_t *nonce,</div><div class="line"><a name="l01985"></a><span class="lineno"> 1985</span>&#160;                              <span class="keywordtype">size_t</span> nonce_length,</div><div class="line"><a name="l01986"></a><span class="lineno"> 1986</span>&#160;                              <span class="keyword">const</span> uint8_t *additional_data,</div><div class="line"><a name="l01987"></a><span class="lineno"> 1987</span>&#160;                              <span class="keywordtype">size_t</span> additional_data_length,</div><div class="line"><a name="l01988"></a><span class="lineno"> 1988</span>&#160;                              <span class="keyword">const</span> uint8_t *plaintext,</div><div class="line"><a name="l01989"></a><span class="lineno"> 1989</span>&#160;                              <span class="keywordtype">size_t</span> plaintext_length,</div><div class="line"><a name="l01990"></a><span class="lineno"> 1990</span>&#160;                              uint8_t *ciphertext,</div><div class="line"><a name="l01991"></a><span class="lineno"> 1991</span>&#160;                              <span class="keywordtype">size_t</span> ciphertext_size,</div><div class="line"><a name="l01992"></a><span class="lineno"> 1992</span>&#160;                              <span class="keywordtype">size_t</span> *ciphertext_length);</div><div class="line"><a name="l01993"></a><span class="lineno"> 1993</span>&#160;</div><div class="line"><a name="l02040"></a><span class="lineno"> 2040</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">psa_aead_decrypt</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02041"></a><span class="lineno"> 2041</span>&#160;                              <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l02042"></a><span class="lineno"> 2042</span>&#160;                              <span class="keyword">const</span> uint8_t *nonce,</div><div class="line"><a name="l02043"></a><span class="lineno"> 2043</span>&#160;                              <span class="keywordtype">size_t</span> nonce_length,</div><div class="line"><a name="l02044"></a><span class="lineno"> 2044</span>&#160;                              <span class="keyword">const</span> uint8_t *additional_data,</div><div class="line"><a name="l02045"></a><span class="lineno"> 2045</span>&#160;                              <span class="keywordtype">size_t</span> additional_data_length,</div><div class="line"><a name="l02046"></a><span class="lineno"> 2046</span>&#160;                              <span class="keyword">const</span> uint8_t *ciphertext,</div><div class="line"><a name="l02047"></a><span class="lineno"> 2047</span>&#160;                              <span class="keywordtype">size_t</span> ciphertext_length,</div><div class="line"><a name="l02048"></a><span class="lineno"> 2048</span>&#160;                              uint8_t *plaintext,</div><div class="line"><a name="l02049"></a><span class="lineno"> 2049</span>&#160;                              <span class="keywordtype">size_t</span> plaintext_size,</div><div class="line"><a name="l02050"></a><span class="lineno"> 2050</span>&#160;                              <span class="keywordtype">size_t</span> *plaintext_length);</div><div class="line"><a name="l02051"></a><span class="lineno"> 2051</span>&#160;</div><div class="line"><a name="l02080"></a><span class="lineno"><a class="line" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed"> 2080</a></span>&#160;<span class="keyword">typedef</span> <span class="keyword">struct </span>psa_aead_operation_s <a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a>;</div><div class="line"><a name="l02081"></a><span class="lineno"> 2081</span>&#160;</div><div class="line"><a name="l02087"></a><span class="lineno"> 2087</span>&#160;<span class="preprocessor">#ifdef __DOXYGEN_ONLY__</span></div><div class="line"><a name="l02088"></a><span class="lineno"> 2088</span>&#160;<span class="comment">/* This is an example definition for documentation purposes.</span></div><div class="line"><a name="l02089"></a><span class="lineno"> 2089</span>&#160;<span class="comment"> * Implementations should define a suitable value in `crypto_struct.h`.</span></div><div class="line"><a name="l02090"></a><span class="lineno"> 2090</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l02091"></a><span class="lineno"><a class="line" href="group__aead.html#gaf52e036794c0dc6fbadd93a2b990f366"> 2091</a></span>&#160;<span class="preprocessor">#define PSA_AEAD_OPERATION_INIT {0}</span></div><div class="line"><a name="l02092"></a><span class="lineno"> 2092</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l02093"></a><span class="lineno"> 2093</span>&#160;</div><div class="line"><a name="l02096"></a><span class="lineno"> 2096</span>&#160;<span class="keyword">static</span> <a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> psa_aead_operation_init(<span class="keywordtype">void</span>);</div><div class="line"><a name="l02097"></a><span class="lineno"> 2097</span>&#160;</div><div class="line"><a name="l02159"></a><span class="lineno"> 2159</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02160"></a><span class="lineno"> 2160</span>&#160;                                    <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02161"></a><span class="lineno"> 2161</span>&#160;                                    <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l02162"></a><span class="lineno"> 2162</span>&#160;</div><div class="line"><a name="l02221"></a><span class="lineno"> 2221</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02222"></a><span class="lineno"> 2222</span>&#160;                                    <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02223"></a><span class="lineno"> 2223</span>&#160;                                    <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l02224"></a><span class="lineno"> 2224</span>&#160;</div><div class="line"><a name="l02254"></a><span class="lineno"> 2254</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02255"></a><span class="lineno"> 2255</span>&#160;                                     <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *nonce,</div><div class="line"><a name="l02256"></a><span class="lineno"> 2256</span>&#160;                                     <span class="keywordtype">size_t</span> nonce_size,</div><div class="line"><a name="l02257"></a><span class="lineno"> 2257</span>&#160;                                     <span class="keywordtype">size_t</span> *nonce_length);</div><div class="line"><a name="l02258"></a><span class="lineno"> 2258</span>&#160;</div><div class="line"><a name="l02288"></a><span class="lineno"> 2288</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02289"></a><span class="lineno"> 2289</span>&#160;                                <span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *nonce,</div><div class="line"><a name="l02290"></a><span class="lineno"> 2290</span>&#160;                                <span class="keywordtype">size_t</span> nonce_length);</div><div class="line"><a name="l02291"></a><span class="lineno"> 2291</span>&#160;</div><div class="line"><a name="l02326"></a><span class="lineno"> 2326</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02327"></a><span class="lineno"> 2327</span>&#160;                                  <span class="keywordtype">size_t</span> ad_length,</div><div class="line"><a name="l02328"></a><span class="lineno"> 2328</span>&#160;                                  <span class="keywordtype">size_t</span> plaintext_length);</div><div class="line"><a name="l02329"></a><span class="lineno"> 2329</span>&#160;</div><div class="line"><a name="l02368"></a><span class="lineno"> 2368</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02369"></a><span class="lineno"> 2369</span>&#160;                                <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l02370"></a><span class="lineno"> 2370</span>&#160;                                <span class="keywordtype">size_t</span> input_length);</div><div class="line"><a name="l02371"></a><span class="lineno"> 2371</span>&#160;</div><div class="line"><a name="l02425"></a><span class="lineno"> 2425</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02426"></a><span class="lineno"> 2426</span>&#160;                             <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l02427"></a><span class="lineno"> 2427</span>&#160;                             <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l02428"></a><span class="lineno"> 2428</span>&#160;                             <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *output,</div><div class="line"><a name="l02429"></a><span class="lineno"> 2429</span>&#160;                             <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l02430"></a><span class="lineno"> 2430</span>&#160;                             <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l02431"></a><span class="lineno"> 2431</span>&#160;</div><div class="line"><a name="l02484"></a><span class="lineno"> 2484</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02485"></a><span class="lineno"> 2485</span>&#160;                             uint8_t *ciphertext,</div><div class="line"><a name="l02486"></a><span class="lineno"> 2486</span>&#160;                             <span class="keywordtype">size_t</span> ciphertext_size,</div><div class="line"><a name="l02487"></a><span class="lineno"> 2487</span>&#160;                             <span class="keywordtype">size_t</span> *ciphertext_length,</div><div class="line"><a name="l02488"></a><span class="lineno"> 2488</span>&#160;                             uint8_t *tag,</div><div class="line"><a name="l02489"></a><span class="lineno"> 2489</span>&#160;                             <span class="keywordtype">size_t</span> tag_size,</div><div class="line"><a name="l02490"></a><span class="lineno"> 2490</span>&#160;                             <span class="keywordtype">size_t</span> *tag_length);</div><div class="line"><a name="l02491"></a><span class="lineno"> 2491</span>&#160;</div><div class="line"><a name="l02527"></a><span class="lineno"> 2527</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation,</div><div class="line"><a name="l02528"></a><span class="lineno"> 2528</span>&#160;                             <span class="keyword">const</span> uint8_t *tag,</div><div class="line"><a name="l02529"></a><span class="lineno"> 2529</span>&#160;                             <span class="keywordtype">size_t</span> tag_length);</div><div class="line"><a name="l02530"></a><span class="lineno"> 2530</span>&#160;</div><div class="line"><a name="l02559"></a><span class="lineno"> 2559</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort</a>(<a class="code" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation);</div><div class="line"><a name="l02560"></a><span class="lineno"> 2560</span>&#160;</div><div class="line"><a name="l02606"></a><span class="lineno"> 2606</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07">psa_asymmetric_sign</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02607"></a><span class="lineno"> 2607</span>&#160;                                 <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l02608"></a><span class="lineno"> 2608</span>&#160;                                 <span class="keyword">const</span> uint8_t *hash,</div><div class="line"><a name="l02609"></a><span class="lineno"> 2609</span>&#160;                                 <span class="keywordtype">size_t</span> hash_length,</div><div class="line"><a name="l02610"></a><span class="lineno"> 2610</span>&#160;                                 uint8_t *signature,</div><div class="line"><a name="l02611"></a><span class="lineno"> 2611</span>&#160;                                 <span class="keywordtype">size_t</span> signature_size,</div><div class="line"><a name="l02612"></a><span class="lineno"> 2612</span>&#160;                                 <span class="keywordtype">size_t</span> *signature_length);</div><div class="line"><a name="l02613"></a><span class="lineno"> 2613</span>&#160;</div><div class="line"><a name="l02649"></a><span class="lineno"> 2649</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7">psa_asymmetric_verify</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02650"></a><span class="lineno"> 2650</span>&#160;                                   <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l02651"></a><span class="lineno"> 2651</span>&#160;                                   <span class="keyword">const</span> uint8_t *hash,</div><div class="line"><a name="l02652"></a><span class="lineno"> 2652</span>&#160;                                   <span class="keywordtype">size_t</span> hash_length,</div><div class="line"><a name="l02653"></a><span class="lineno"> 2653</span>&#160;                                   <span class="keyword">const</span> uint8_t *signature,</div><div class="line"><a name="l02654"></a><span class="lineno"> 2654</span>&#160;                                   <span class="keywordtype">size_t</span> signature_length);</div><div class="line"><a name="l02655"></a><span class="lineno"> 2655</span>&#160;</div><div class="line"><a name="l02703"></a><span class="lineno"> 2703</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004">psa_asymmetric_encrypt</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02704"></a><span class="lineno"> 2704</span>&#160;                                    <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l02705"></a><span class="lineno"> 2705</span>&#160;                                    <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l02706"></a><span class="lineno"> 2706</span>&#160;                                    <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l02707"></a><span class="lineno"> 2707</span>&#160;                                    <span class="keyword">const</span> uint8_t *salt,</div><div class="line"><a name="l02708"></a><span class="lineno"> 2708</span>&#160;                                    <span class="keywordtype">size_t</span> salt_length,</div><div class="line"><a name="l02709"></a><span class="lineno"> 2709</span>&#160;                                    uint8_t *output,</div><div class="line"><a name="l02710"></a><span class="lineno"> 2710</span>&#160;                                    <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l02711"></a><span class="lineno"> 2711</span>&#160;                                    <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l02712"></a><span class="lineno"> 2712</span>&#160;</div><div class="line"><a name="l02760"></a><span class="lineno"> 2760</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e">psa_asymmetric_decrypt</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02761"></a><span class="lineno"> 2761</span>&#160;                                    <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l02762"></a><span class="lineno"> 2762</span>&#160;                                    <span class="keyword">const</span> uint8_t *input,</div><div class="line"><a name="l02763"></a><span class="lineno"> 2763</span>&#160;                                    <span class="keywordtype">size_t</span> input_length,</div><div class="line"><a name="l02764"></a><span class="lineno"> 2764</span>&#160;                                    <span class="keyword">const</span> uint8_t *salt,</div><div class="line"><a name="l02765"></a><span class="lineno"> 2765</span>&#160;                                    <span class="keywordtype">size_t</span> salt_length,</div><div class="line"><a name="l02766"></a><span class="lineno"> 2766</span>&#160;                                    uint8_t *output,</div><div class="line"><a name="l02767"></a><span class="lineno"> 2767</span>&#160;                                    <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l02768"></a><span class="lineno"> 2768</span>&#160;                                    <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l02769"></a><span class="lineno"> 2769</span>&#160;</div><div class="line"><a name="l02805"></a><span class="lineno"><a class="line" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b"> 2805</a></span>&#160;<span class="keyword">typedef</span> <span class="keyword">struct </span>psa_crypto_generator_s <a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a>;</div><div class="line"><a name="l02806"></a><span class="lineno"> 2806</span>&#160;</div><div class="line"><a name="l02812"></a><span class="lineno"> 2812</span>&#160;<span class="preprocessor">#ifdef __DOXYGEN_ONLY__</span></div><div class="line"><a name="l02813"></a><span class="lineno"> 2813</span>&#160;<span class="comment">/* This is an example definition for documentation purposes.</span></div><div class="line"><a name="l02814"></a><span class="lineno"> 2814</span>&#160;<span class="comment"> * Implementations should define a suitable value in `crypto_struct.h`.</span></div><div class="line"><a name="l02815"></a><span class="lineno"> 2815</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l02816"></a><span class="lineno"><a class="line" href="group__generators.html#ga4788b471385fc667876fbd8a0d3fe062"> 2816</a></span>&#160;<span class="preprocessor">#define PSA_CRYPTO_GENERATOR_INIT {0}</span></div><div class="line"><a name="l02817"></a><span class="lineno"> 2817</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l02818"></a><span class="lineno"> 2818</span>&#160;</div><div class="line"><a name="l02821"></a><span class="lineno"> 2821</span>&#160;<span class="keyword">static</span> <a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> psa_crypto_generator_init(<span class="keywordtype">void</span>);</div><div class="line"><a name="l02822"></a><span class="lineno"> 2822</span>&#160;</div><div class="line"><a name="l02835"></a><span class="lineno"> 2835</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__generators.html#ga7453491e3b440193be2c5dccc2040fd2">psa_get_generator_capacity</a>(<span class="keyword">const</span> <a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator,</div><div class="line"><a name="l02836"></a><span class="lineno"> 2836</span>&#160;                                        <span class="keywordtype">size_t</span> *capacity);</div><div class="line"><a name="l02837"></a><span class="lineno"> 2837</span>&#160;</div><div class="line"><a name="l02851"></a><span class="lineno"> 2851</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">psa_set_generator_capacity</a>(<a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator,</div><div class="line"><a name="l02852"></a><span class="lineno"> 2852</span>&#160;                                        <span class="keywordtype">size_t</span> capacity);</div><div class="line"><a name="l02853"></a><span class="lineno"> 2853</span>&#160;</div><div class="line"><a name="l02879"></a><span class="lineno"> 2879</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">psa_generator_read</a>(<a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator,</div><div class="line"><a name="l02880"></a><span class="lineno"> 2880</span>&#160;                                uint8_t *output,</div><div class="line"><a name="l02881"></a><span class="lineno"> 2881</span>&#160;                                <span class="keywordtype">size_t</span> output_length);</div><div class="line"><a name="l02882"></a><span class="lineno"> 2882</span>&#160;</div><div class="line"><a name="l02932"></a><span class="lineno"> 2932</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">psa_generator_import_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l02933"></a><span class="lineno"> 2933</span>&#160;                                      <a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type,</div><div class="line"><a name="l02934"></a><span class="lineno"> 2934</span>&#160;                                      <span class="keywordtype">size_t</span> bits,</div><div class="line"><a name="l02935"></a><span class="lineno"> 2935</span>&#160;                                      <a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator);</div><div class="line"><a name="l02936"></a><span class="lineno"> 2936</span>&#160;</div><div class="line"><a name="l02959"></a><span class="lineno"> 2959</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort</a>(<a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator);</div><div class="line"><a name="l02960"></a><span class="lineno"> 2960</span>&#160;</div><div class="line"><a name="l02968"></a><span class="lineno"><a class="line" href="group__generators.html#gac3222df9b9ecca4d33ae56a7b8fbb1c9"> 2968</a></span>&#160;<span class="preprocessor">#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))</span></div><div class="line"><a name="l02969"></a><span class="lineno"> 2969</span>&#160;</div><div class="line"><a name="l03016"></a><span class="lineno"> 3016</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup</a>(<a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator,</div><div class="line"><a name="l03017"></a><span class="lineno"> 3017</span>&#160;                                      <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg);</div><div class="line"><a name="l03018"></a><span class="lineno"> 3018</span>&#160;</div><div class="line"><a name="l03054"></a><span class="lineno"> 3054</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes</a>(<a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator,</div><div class="line"><a name="l03055"></a><span class="lineno"> 3055</span>&#160;                                            <a class="code" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step,</div><div class="line"><a name="l03056"></a><span class="lineno"> 3056</span>&#160;                                            <span class="keyword">const</span> uint8_t *data,</div><div class="line"><a name="l03057"></a><span class="lineno"> 3057</span>&#160;                                            <span class="keywordtype">size_t</span> data_length);</div><div class="line"><a name="l03058"></a><span class="lineno"> 3058</span>&#160;</div><div class="line"><a name="l03099"></a><span class="lineno"> 3099</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key</a>(<a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator,</div><div class="line"><a name="l03100"></a><span class="lineno"> 3100</span>&#160;                                          <a class="code" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step,</div><div class="line"><a name="l03101"></a><span class="lineno"> 3101</span>&#160;                                          <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle);</div><div class="line"><a name="l03102"></a><span class="lineno"> 3102</span>&#160;</div><div class="line"><a name="l03156"></a><span class="lineno"> 3156</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">psa_key_agreement</a>(<a class="code" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator,</div><div class="line"><a name="l03157"></a><span class="lineno"> 3157</span>&#160;                               <a class="code" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step,</div><div class="line"><a name="l03158"></a><span class="lineno"> 3158</span>&#160;                               <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key,</div><div class="line"><a name="l03159"></a><span class="lineno"> 3159</span>&#160;                               <span class="keyword">const</span> uint8_t *peer_key,</div><div class="line"><a name="l03160"></a><span class="lineno"> 3160</span>&#160;                               <span class="keywordtype">size_t</span> peer_key_length);</div><div class="line"><a name="l03161"></a><span class="lineno"> 3161</span>&#160;</div><div class="line"><a name="l03210"></a><span class="lineno"> 3210</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006">psa_key_agreement_raw_shared_secret</a>(<a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg,</div><div class="line"><a name="l03211"></a><span class="lineno"> 3211</span>&#160;                                                 <a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key,</div><div class="line"><a name="l03212"></a><span class="lineno"> 3212</span>&#160;                                                 <span class="keyword">const</span> uint8_t *peer_key,</div><div class="line"><a name="l03213"></a><span class="lineno"> 3213</span>&#160;                                                 <span class="keywordtype">size_t</span> peer_key_length,</div><div class="line"><a name="l03214"></a><span class="lineno"> 3214</span>&#160;                                                 uint8_t *output,</div><div class="line"><a name="l03215"></a><span class="lineno"> 3215</span>&#160;                                                 <span class="keywordtype">size_t</span> output_size,</div><div class="line"><a name="l03216"></a><span class="lineno"> 3216</span>&#160;                                                 <span class="keywordtype">size_t</span> *output_length);</div><div class="line"><a name="l03217"></a><span class="lineno"> 3217</span>&#160;</div><div class="line"><a name="l03247"></a><span class="lineno"> 3247</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5">psa_generate_random</a>(uint8_t *output,</div><div class="line"><a name="l03248"></a><span class="lineno"> 3248</span>&#160;                                 <span class="keywordtype">size_t</span> output_size);</div><div class="line"><a name="l03249"></a><span class="lineno"> 3249</span>&#160;</div><div class="line"><a name="l03255"></a><span class="lineno"><a class="line" href="structpsa__generate__key__extra__rsa.html"> 3255</a></span>&#160;<span class="keyword">typedef</span> <span class="keyword">struct </span>{</div><div class="line"><a name="l03256"></a><span class="lineno"><a class="line" href="structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d"> 3256</a></span>&#160;    uint32_t <a class="code" href="structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d">e</a>; </div><div class="line"><a name="l03257"></a><span class="lineno"> 3257</span>&#160;} <a class="code" href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a>;</div><div class="line"><a name="l03258"></a><span class="lineno"> 3258</span>&#160;</div><div class="line"><a name="l03324"></a><span class="lineno"> 3324</span>&#160;<a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> <a class="code" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd">psa_generate_key</a>(<a class="code" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle,</div><div class="line"><a name="l03325"></a><span class="lineno"> 3325</span>&#160;                              <a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type,</div><div class="line"><a name="l03326"></a><span class="lineno"> 3326</span>&#160;                              <span class="keywordtype">size_t</span> bits,</div><div class="line"><a name="l03327"></a><span class="lineno"> 3327</span>&#160;                              <span class="keyword">const</span> <span class="keywordtype">void</span> *extra,</div><div class="line"><a name="l03328"></a><span class="lineno"> 3328</span>&#160;                              <span class="keywordtype">size_t</span> extra_size);</div><div class="line"><a name="l03329"></a><span class="lineno"> 3329</span>&#160;</div><div class="line"><a name="l03332"></a><span class="lineno"> 3332</span>&#160;<span class="preprocessor">#ifdef __cplusplus</span></div><div class="line"><a name="l03333"></a><span class="lineno"> 3333</span>&#160;}</div><div class="line"><a name="l03334"></a><span class="lineno"> 3334</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l03335"></a><span class="lineno"> 3335</span>&#160;</div><div class="line"><a name="l03336"></a><span class="lineno"> 3336</span>&#160;<span class="comment">/* The file &quot;crypto_sizes.h&quot; contains definitions for size calculation</span></div><div class="line"><a name="l03337"></a><span class="lineno"> 3337</span>&#160;<span class="comment"> * macros whose definitions are implementation-specific. */</span></div><div class="line"><a name="l03338"></a><span class="lineno"> 3338</span>&#160;<span class="preprocessor">#include &quot;<a class="code" href="crypto__sizes_8h.html">crypto_sizes.h</a>&quot;</span></div><div class="line"><a name="l03339"></a><span class="lineno"> 3339</span>&#160;</div><div class="line"><a name="l03340"></a><span class="lineno"> 3340</span>&#160;<span class="comment">/* The file &quot;crypto_struct.h&quot; contains definitions for</span></div><div class="line"><a name="l03341"></a><span class="lineno"> 3341</span>&#160;<span class="comment"> * implementation-specific structs that are declared above. */</span></div><div class="line"><a name="l03342"></a><span class="lineno"> 3342</span>&#160;<span class="preprocessor">#include &quot;crypto_struct.h&quot;</span></div><div class="line"><a name="l03343"></a><span class="lineno"> 3343</span>&#160;</div><div class="line"><a name="l03344"></a><span class="lineno"> 3344</span>&#160;<span class="comment">/* The file &quot;crypto_extra.h&quot; contains vendor-specific definitions. This</span></div><div class="line"><a name="l03345"></a><span class="lineno"> 3345</span>&#160;<span class="comment"> * can include vendor-defined algorithms, extra functions, etc. */</span></div><div class="line"><a name="l03346"></a><span class="lineno"> 3346</span>&#160;<span class="preprocessor">#include &quot;crypto_extra.h&quot;</span></div><div class="line"><a name="l03347"></a><span class="lineno"> 3347</span>&#160;</div><div class="line"><a name="l03348"></a><span class="lineno"> 3348</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* PSA_CRYPTO_H */</span><span class="preprocessor"></span></div><div class="ttc" id="group__cipher_html_ga2a7fc79a9d150d42dba99f40ee3a185e"><div class="ttname"><a href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup</a></div><div class="ttdeci">psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__MAC_html_gac92b2930d6728e1be4d011c05d485822"><div class="ttname"><a href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish</a></div><div class="ttdeci">psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length)</div></div>
-<div class="ttc" id="group__random_html_ga1985eae417dfbccedf50d5fff54ea8c5"><div class="ttname"><a href="group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5">psa_generate_random</a></div><div class="ttdeci">psa_status_t psa_generate_random(uint8_t *output, size_t output_size)</div><div class="ttdoc">Generate random bytes. </div></div>
-<div class="ttc" id="group__aead_html_ga3eadcf2a29f662129ea4fb3454969ba2"><div class="ttname"><a href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce</a></div><div class="ttdeci">psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, unsigned char *nonce, size_t nonce_size, size_t *nonce_length)</div></div>
-<div class="ttc" id="group__import__export_html_ga902b9a7a6cf34d6111668be777b05eaf"><div class="ttname"><a href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">psa_export_key</a></div><div class="ttdeci">psa_status_t psa_export_key(psa_key_handle_t handle, uint8_t *data, size_t data_size, size_t *data_length)</div><div class="ttdoc">Export a key in binary format. </div></div>
-<div class="ttc" id="group__key__management_html_ga40094b77b7a42b9c8e158395113f1a35"><div class="ttname"><a href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key</a></div><div class="ttdeci">psa_status_t psa_allocate_key(psa_key_handle_t *handle)</div></div>
-<div class="ttc" id="group__asymmetric_html_ga1b8e964c8d927e3d632325d762959eb7"><div class="ttname"><a href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7">psa_asymmetric_verify</a></div><div class="ttdeci">psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)</div><div class="ttdoc">Verify the signature a hash or short message using a public key. </div></div>
-<div class="ttc" id="group__cipher_html_gaddf8504e5367cd0efb4415bdec004f44"><div class="ttname"><a href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup</a></div><div class="ttdeci">psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__policy_html_ga7746662b7503e484774d0ecb5d8ac2ab"><div class="ttname"><a href="group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab">psa_key_policy_get_usage</a></div><div class="ttdeci">psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy)</div><div class="ttdoc">Retrieve the usage field of a policy structure. </div></div>
-<div class="ttc" id="group__derivation_html_gaf1b12eff66a1a0020b5bdc8d0e910006"><div class="ttname"><a href="group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006">psa_key_agreement_raw_shared_secret</a></div><div class="ttdeci">psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg, psa_key_handle_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)</div></div>
-<div class="ttc" id="group__aead_html_ga47265dc4852f1476f852752218fd12b2"><div class="ttname"><a href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup</a></div><div class="ttdeci">psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__MAC_html_ga08e2e8c21bfe762a907266f3bdd1d07c"><div class="ttname"><a href="group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c">psa_mac_verify</a></div><div class="ttdeci">psa_status_t psa_mac_verify(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *mac, const size_t mac_length)</div></div>
-<div class="ttc" id="group__random_html_ga72921520494b4f007a3afb904cd9ecdd"><div class="ttname"><a href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd">psa_generate_key</a></div><div class="ttdeci">psa_status_t psa_generate_key(psa_key_handle_t handle, psa_key_type_t type, size_t bits, const void *extra, size_t extra_size)</div><div class="ttdoc">Generate a key or key pair. </div></div>
-<div class="ttc" id="group__key__management_html_gaa09b720d299dfe6b9f41c36e448078eb"><div class="ttname"><a href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">psa_close_key</a></div><div class="ttdeci">psa_status_t psa_close_key(psa_key_handle_t handle)</div></div>
-<div class="ttc" id="group__cipher_html_ga43d5991711ec45c98af0c1d99f6e0216"><div class="ttname"><a href="group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216">psa_cipher_decrypt</a></div><div class="ttdeci">psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)</div></div>
-<div class="ttc" id="group__import__export_html_gad760d1f0d4e60972c78cbb4c8a528256"><div class="ttname"><a href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">psa_export_public_key</a></div><div class="ttdeci">psa_status_t psa_export_public_key(psa_key_handle_t handle, uint8_t *data, size_t data_size, size_t *data_length)</div><div class="ttdoc">Export a public key or the public part of a key pair in binary format. </div></div>
-<div class="ttc" id="group__aead_html_ga14f6a01afbaa8c5b3d8c5d345cbaa3ed"><div class="ttname"><a href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a></div><div class="ttdeci">struct psa_aead_operation_s psa_aead_operation_t</div><div class="ttdef"><b>Definition:</b> crypto.h:2080</div></div>
-<div class="ttc" id="group__derivation_html_ga1b30e888db65c71f5337900848e1b03f"><div class="ttname"><a href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes</a></div><div class="ttdeci">psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length)</div></div>
-<div class="ttc" id="group__import__export_html_gae260b92e32ac5d63f7dfc6ffdf6536f7"><div class="ttname"><a href="group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7">psa_get_key_domain_parameters</a></div><div class="ttdeci">psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle, uint8_t *data, size_t data_size, size_t *data_length)</div><div class="ttdoc">Get domain parameters for a key. </div></div>
-<div class="ttc" id="crypto__types_8h_html"><div class="ttname"><a href="crypto__types_8h.html">crypto_types.h</a></div><div class="ttdoc">PSA cryptography module: type aliases. </div></div>
-<div class="ttc" id="group__import__export_html_ga5c1c24176cfb1517a8806235b3162a9d"><div class="ttname"><a href="group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d">psa_copy_key</a></div><div class="ttdeci">psa_status_t psa_copy_key(psa_key_handle_t source_handle, psa_key_handle_t target_handle, const psa_key_policy_t *constraint)</div></div>
-<div class="ttc" id="group__generators_html_ga563ca64537d90368899286b36d8cf7f3"><div class="ttname"><a href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort</a></div><div class="ttdeci">psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)</div></div>
-<div class="ttc" id="group__derivation_html_gaac4eeacd36596c548b3a48fc06c5048b"><div class="ttname"><a href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a></div><div class="ttdeci">uint16_t psa_key_derivation_step_t</div><div class="ttdoc">Encoding of the step of a key derivation. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:106</div></div>
-<div class="ttc" id="group__key__lifetimes_html_ga11e986351c65bd3dc3c0fe2cd9926e4b"><div class="ttname"><a href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a></div><div class="ttdeci">uint32_t psa_key_id_t</div><div class="ttdef"><b>Definition:</b> crypto_types.h:88</div></div>
-<div class="ttc" id="group__hash_html_gac69f7f19d96a56c28cf3799d11b12156"><div class="ttname"><a href="group__hash.html#gac69f7f19d96a56c28cf3799d11b12156">psa_hash_compute</a></div><div class="ttdeci">psa_status_t psa_hash_compute(psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)</div></div>
-<div class="ttc" id="group__cipher_html_gafd0caea99cf1052527e4089d37f5ab91"><div class="ttname"><a href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update</a></div><div class="ttdeci">psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)</div></div>
-<div class="ttc" id="group__cipher_html_ga1359b2101f31637496ce7cc36c6e3d42"><div class="ttname"><a href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">psa_cipher_set_iv</a></div><div class="ttdeci">psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, const unsigned char *iv, size_t iv_length)</div></div>
-<div class="ttc" id="group__generators_html_gab5712ad29b78c2b170e64cc5bcfc1bce"><div class="ttname"><a href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">psa_generator_read</a></div><div class="ttdeci">psa_status_t psa_generator_read(psa_crypto_generator_t *generator, uint8_t *output, size_t output_length)</div></div>
-<div class="ttc" id="group__hash_html_ga65b16ef97d7f650899b7db4b7d1112ff"><div class="ttname"><a href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update</a></div><div class="ttdeci">psa_status_t psa_hash_update(psa_hash_operation_t *operation, const uint8_t *input, size_t input_length)</div></div>
-<div class="ttc" id="group__hash_html_ga0bb6dbd3c310648c3cf7d202413ff0bc"><div class="ttname"><a href="group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc">psa_hash_compare</a></div><div class="ttdeci">psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, const size_t hash_length)</div></div>
-<div class="ttc" id="group__aead_html_ga759791bbe1763b377c3b5447641f1fc8"><div class="ttname"><a href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish</a></div><div class="ttdeci">psa_status_t psa_aead_finish(psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length)</div></div>
-<div class="ttc" id="group__asymmetric_html_gad429293b7b0bf2a830b9540a02552004"><div class="ttname"><a href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004">psa_asymmetric_encrypt</a></div><div class="ttdeci">psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)</div><div class="ttdoc">Encrypt a short message with a public key. </div></div>
-<div class="ttc" id="group__asymmetric_html_ga34b55fbaee23dba1a677186fc66a556e"><div class="ttname"><a href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e">psa_asymmetric_decrypt</a></div><div class="ttdeci">psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)</div><div class="ttdoc">Decrypt a short message with a private key. </div></div>
-<div class="ttc" id="crypto__values_8h_html"><div class="ttname"><a href="crypto__values_8h.html">crypto_values.h</a></div><div class="ttdoc">PSA cryptography module: macros to build and analyze integer values. </div></div>
-<div class="ttc" id="group__import__export_html_ga091da8d3d39137fd6ad59f2b10234300"><div class="ttname"><a href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300">psa_set_key_domain_parameters</a></div><div class="ttdeci">psa_status_t psa_set_key_domain_parameters(psa_key_handle_t handle, psa_key_type_t type, const uint8_t *data, size_t data_length)</div><div class="ttdoc">Set domain parameters for a key. </div></div>
-<div class="ttc" id="group__MAC_html_gac22bc0125580c96724a09226cfbc97f2"><div class="ttname"><a href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish</a></div><div class="ttdeci">psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length)</div></div>
-<div class="ttc" id="group__cipher_html_ga1dcb58b8befe23f8a4d7a1d49c99249b"><div class="ttname"><a href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish</a></div><div class="ttdeci">psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length)</div></div>
-<div class="ttc" id="group__MAC_html_gaa721a59ae6d085ec90c7dc918879a027"><div class="ttname"><a href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup</a></div><div class="ttdeci">psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__cipher_html_ga44857cf5e0c3d134a3c560f8ff5b50aa"><div class="ttname"><a href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv</a></div><div class="ttdeci">psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, unsigned char *iv, size_t iv_size, size_t *iv_length)</div></div>
-<div class="ttc" id="group__aead_html_ga6d0eed03f832e5c9c91cb8adf2882569"><div class="ttname"><a href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad</a></div><div class="ttdeci">psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length)</div></div>
-<div class="ttc" id="group__hash_html_ga7be923c5700c9c70ef77ee9b76d1a5c0"><div class="ttname"><a href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify</a></div><div class="ttdeci">psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length)</div></div>
-<div class="ttc" id="group__derivation_html_ga9e5f549aa1f6f3863a07008d3d98f91a"><div class="ttname"><a href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key</a></div><div class="ttdeci">psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator, psa_key_derivation_step_t step, psa_key_handle_t handle)</div></div>
-<div class="ttc" id="group__aead_html_gad3431e28d05002c2a7b0760610176050"><div class="ttname"><a href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths</a></div><div class="ttdeci">psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length)</div></div>
-<div class="ttc" id="group__aead_html_gaa8ce6527f2e227f1071fadbf2099793b"><div class="ttname"><a href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">psa_aead_decrypt</a></div><div class="ttdeci">psa_status_t psa_aead_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)</div></div>
-<div class="ttc" id="group__generators_html_ga7fcdf07cd37279ca167db484053da894"><div class="ttname"><a href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">psa_generator_import_key</a></div><div class="ttdeci">psa_status_t psa_generator_import_key(psa_key_handle_t handle, psa_key_type_t type, size_t bits, psa_crypto_generator_t *generator)</div></div>
-<div class="ttc" id="group__hash_html_ga39673348f3302b4646bd780034a5aeda"><div class="ttname"><a href="group__hash.html#ga39673348f3302b4646bd780034a5aeda">psa_hash_clone</a></div><div class="ttdeci">psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, psa_hash_operation_t *target_operation)</div></div>
-<div class="ttc" id="group__policy_html_gaed087d1386b807edee66b2e445ba9111"><div class="ttname"><a href="group__policy.html#gaed087d1386b807edee66b2e445ba9111">psa_get_key_policy</a></div><div class="ttdeci">psa_status_t psa_get_key_policy(psa_key_handle_t handle, psa_key_policy_t *policy)</div><div class="ttdoc">Get the usage policy for a key slot. </div></div>
-<div class="ttc" id="structpsa__generate__key__extra__rsa_html_a53ccb9e4375f3c9af6e3ecfe111ce11d"><div class="ttname"><a href="structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d">psa_generate_key_extra_rsa::e</a></div><div class="ttdeci">uint32_t e</div><div class="ttdef"><b>Definition:</b> crypto.h:3256</div></div>
-<div class="ttc" id="group__crypto__types_html_gac2e4d47f1300d73c2f829a6d99252d69"><div class="ttname"><a href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a></div><div class="ttdeci">uint32_t psa_algorithm_t</div><div class="ttdoc">Encoding of a cryptographic algorithm. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:74</div></div>
-<div class="ttc" id="group__hash_html_ga3c4205d2ce66c4095fc5c78c25273fab"><div class="ttname"><a href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a></div><div class="ttdeci">struct psa_hash_operation_s psa_hash_operation_t</div><div class="ttdef"><b>Definition:</b> crypto.h:907</div></div>
-<div class="ttc" id="group__aead_html_ga44de092cf58bb6c820c5c80a6c51610d"><div class="ttname"><a href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">psa_aead_encrypt</a></div><div class="ttdeci">psa_status_t psa_aead_encrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)</div></div>
-<div class="ttc" id="group__MAC_html_gacd8dd54855ba1bc0a03f104f252884fd"><div class="ttname"><a href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort</a></div><div class="ttdeci">psa_status_t psa_mac_abort(psa_mac_operation_t *operation)</div></div>
-<div class="ttc" id="group__hash_html_ga8d72896cf70fc4d514c5c6b978912515"><div class="ttname"><a href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup</a></div><div class="ttdeci">psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__aead_html_ga439896519d4a367ec86b47f201884152"><div class="ttname"><a href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup</a></div><div class="ttdeci">psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__policy_html_ga7bb9de71337e0e98de843aa7f9b55f25"><div class="ttname"><a href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a></div><div class="ttdeci">uint32_t psa_key_usage_t</div><div class="ttdoc">Encoding of permitted usage on a key. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:97</div></div>
-<div class="ttc" id="group__policy_html_gaf553efd409845b6d09ff25ce2ba36607"><div class="ttname"><a href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a></div><div class="ttdeci">struct psa_key_policy_s psa_key_policy_t</div><div class="ttdef"><b>Definition:</b> crypto.h:128</div></div>
-<div class="ttc" id="group__import__export_html_ga165085fc1bc7a78b91792fdd94ae102c"><div class="ttname"><a href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c">psa_destroy_key</a></div><div class="ttdeci">psa_status_t psa_destroy_key(psa_key_handle_t handle)</div><div class="ttdoc">Destroy a key. </div></div>
-<div class="ttc" id="group__policy_html_gac16792fd6d375a5f76d372090df40607"><div class="ttname"><a href="group__policy.html#gac16792fd6d375a5f76d372090df40607">psa_key_policy_set_usage</a></div><div class="ttdeci">void psa_key_policy_set_usage(psa_key_policy_t *policy, psa_key_usage_t usage, psa_algorithm_t alg)</div><div class="ttdoc">Set the standard fields of a policy structure. </div></div>
-<div class="ttc" id="group__initialization_html_ga2de150803fc2f7dc6101d5af7e921dd9"><div class="ttname"><a href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9">psa_crypto_init</a></div><div class="ttdeci">psa_status_t psa_crypto_init(void)</div><div class="ttdoc">Library initialization. </div></div>
-<div class="ttc" id="group__platform_html_gabf6d5fd4e2ea89ecd425c88f057e7f75"><div class="ttname"><a href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a></div><div class="ttdeci">_unsigned_integral_type_ psa_key_handle_t</div><div class="ttdoc">Key handle. </div><div class="ttdef"><b>Definition:</b> crypto.h:47</div></div>
-<div class="ttc" id="group__MAC_html_gace78d9b51394f9d4f77952963665897a"><div class="ttname"><a href="group__MAC.html#gace78d9b51394f9d4f77952963665897a">psa_mac_compute</a></div><div class="ttdeci">psa_status_t psa_mac_compute(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length)</div></div>
-<div class="ttc" id="crypto__sizes_8h_html"><div class="ttname"><a href="crypto__sizes_8h.html">crypto_sizes.h</a></div><div class="ttdoc">PSA cryptography module: Mbed TLS buffer size macros. </div></div>
-<div class="ttc" id="group__derivation_html_ga2c7fe304cacc141ffb91553548abc5d2"><div class="ttname"><a href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">psa_key_agreement</a></div><div class="ttdeci">psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, size_t peer_key_length)</div></div>
-<div class="ttc" id="group__key__management_html_gaa9f1c848cf78b80fe2a7b18bb7ccec50"><div class="ttname"><a href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">psa_open_key</a></div><div class="ttdeci">psa_status_t psa_open_key(psa_key_lifetime_t lifetime, psa_key_id_t id, psa_key_handle_t *handle)</div></div>
-<div class="ttc" id="group__MAC_html_ga5560af371497babefe03c9da4e8a1c05"><div class="ttname"><a href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update</a></div><div class="ttdeci">psa_status_t psa_mac_update(psa_mac_operation_t *operation, const uint8_t *input, size_t input_length)</div></div>
-<div class="ttc" id="group__aead_html_ga40641d0721ca7fe01bbcd9ef635fbc46"><div class="ttname"><a href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce</a></div><div class="ttdeci">psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, const unsigned char *nonce, size_t nonce_length)</div></div>
-<div class="ttc" id="group__hash_html_gab0b4d5f9912a615559497a467b532928"><div class="ttname"><a href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort</a></div><div class="ttdeci">psa_status_t psa_hash_abort(psa_hash_operation_t *operation)</div></div>
-<div class="ttc" id="group__key__management_html_ga1e4825ab59260aeb3bdbb3ff07210022"><div class="ttname"><a href="group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022">psa_get_key_lifetime</a></div><div class="ttdeci">psa_status_t psa_get_key_lifetime(psa_key_handle_t handle, psa_key_lifetime_t *lifetime)</div><div class="ttdoc">Retrieve the lifetime of an open key. </div></div>
-<div class="ttc" id="group__aead_html_ga3b105de2088cef7c3d9e2fd8048c841c"><div class="ttname"><a href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update</a></div><div class="ttdeci">psa_status_t psa_aead_update(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)</div></div>
-<div class="ttc" id="group__cipher_html_ga1399de29db657e3737bb09927aae51fa"><div class="ttname"><a href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a></div><div class="ttdeci">struct psa_cipher_operation_s psa_cipher_operation_t</div><div class="ttdef"><b>Definition:</b> crypto.h:1622</div></div>
-<div class="ttc" id="group__crypto__types_html_ga578159487dfc7096cb191b0d2befe628"><div class="ttname"><a href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a></div><div class="ttdeci">uint32_t psa_key_type_t</div><div class="ttdoc">Encoding of a key type. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:61</div></div>
-<div class="ttc" id="group__aead_html_gaaed211fc61977c859d6ff07f39f59219"><div class="ttname"><a href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify</a></div><div class="ttdeci">psa_status_t psa_aead_verify(psa_aead_operation_t *operation, const uint8_t *tag, size_t tag_length)</div></div>
-<div class="ttc" id="group__MAC_html_ga78f0838b0c4e3db28b26355624d4bd37"><div class="ttname"><a href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a></div><div class="ttdeci">struct psa_mac_operation_s psa_mac_operation_t</div><div class="ttdef"><b>Definition:</b> crypto.h:1237</div></div>
-<div class="ttc" id="group__aead_html_gae8a5f93d92318c8f592ee9fbb9d36ba0"><div class="ttname"><a href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort</a></div><div class="ttdeci">psa_status_t psa_aead_abort(psa_aead_operation_t *operation)</div></div>
-<div class="ttc" id="group__policy_html_gaadf16b89ace53e1d2cb5bcb0aef24c86"><div class="ttname"><a href="group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86">psa_key_policy_get_algorithm</a></div><div class="ttdeci">psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)</div><div class="ttdoc">Retrieve the algorithm field of a policy structure. </div></div>
-<div class="ttc" id="group__key__lifetimes_html_ga6821ff6dd39dc2bc370ded760ad8b0cf"><div class="ttname"><a href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a></div><div class="ttdeci">uint32_t psa_key_lifetime_t</div><div class="ttdef"><b>Definition:</b> crypto_types.h:84</div></div>
-<div class="ttc" id="group__generators_html_ga7453491e3b440193be2c5dccc2040fd2"><div class="ttname"><a href="group__generators.html#ga7453491e3b440193be2c5dccc2040fd2">psa_get_generator_capacity</a></div><div class="ttdeci">psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, size_t *capacity)</div></div>
-<div class="ttc" id="group__policy_html_ga1e2a6e50b621864f95d438222a3c640b"><div class="ttname"><a href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b">psa_set_key_policy</a></div><div class="ttdeci">psa_status_t psa_set_key_policy(psa_key_handle_t handle, const psa_key_policy_t *policy)</div><div class="ttdoc">Set the usage policy on a key slot. </div></div>
-<div class="ttc" id="group__key__management_html_ga4108f255d3eaa6d23a7a14b684af8d7c"><div class="ttname"><a href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key</a></div><div class="ttdeci">psa_status_t psa_create_key(psa_key_lifetime_t lifetime, psa_key_id_t id, psa_key_handle_t *handle)</div></div>
-<div class="ttc" id="group__import__export_html_gac9f999cb4d098663d56095afe81a453a"><div class="ttname"><a href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a">psa_import_key</a></div><div class="ttdeci">psa_status_t psa_import_key(psa_key_handle_t handle, psa_key_type_t type, const uint8_t *data, size_t data_length)</div><div class="ttdoc">Import a key in binary format. </div></div>
-<div class="ttc" id="group__error_html_ga05676e70ba5c6a7565aff3c36677c1f9"><div class="ttname"><a href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a></div><div class="ttdeci">int32_t psa_status_t</div><div class="ttdoc">Function return status. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:51</div></div>
-<div class="ttc" id="group__cipher_html_gaad482cdca2098bca0620596aaa02eaa4"><div class="ttname"><a href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort</a></div><div class="ttdeci">psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)</div></div>
-<div class="ttc" id="group__generators_html_ga45676ec3c719622f95caaf926f44bb6e"><div class="ttname"><a href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">psa_set_generator_capacity</a></div><div class="ttdeci">psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator, size_t capacity)</div></div>
-<div class="ttc" id="group__cipher_html_gac76dda492d9a1ba6b327bff610ec17b2"><div class="ttname"><a href="group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2">psa_cipher_encrypt</a></div><div class="ttdeci">psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)</div></div>
-<div class="ttc" id="group__MAC_html_gad33f2b15119593571ca6b8e7c757ab0e"><div class="ttname"><a href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup</a></div><div class="ttdeci">psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__derivation_html_ga1825696be813dfac2b8d3d02717e71c5"><div class="ttname"><a href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup</a></div><div class="ttdeci">psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator, psa_algorithm_t alg)</div></div>
-<div class="ttc" id="group__import__export_html_gae8939902d6977ea8ad13eb7b4db9a042"><div class="ttname"><a href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">psa_get_key_information</a></div><div class="ttdeci">psa_status_t psa_get_key_information(psa_key_handle_t handle, psa_key_type_t *type, size_t *bits)</div><div class="ttdoc">Get basic metadata about a key. </div></div>
-<div class="ttc" id="group__asymmetric_html_ga1b0db9d345b5048cdd39357ac2d56c07"><div class="ttname"><a href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07">psa_asymmetric_sign</a></div><div class="ttdeci">psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)</div><div class="ttdoc">Sign a hash or short message with a private key. </div></div>
-<div class="ttc" id="group__generators_html_ga1f894c4fba202ef8e307d72caf489e3b"><div class="ttname"><a href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a></div><div class="ttdeci">struct psa_crypto_generator_s psa_crypto_generator_t</div><div class="ttdef"><b>Definition:</b> crypto.h:2805</div></div>
-<div class="ttc" id="group__hash_html_ga4795fd06a0067b0adcd92e9627b8c97e"><div class="ttname"><a href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish</a></div><div class="ttdeci">psa_status_t psa_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)</div></div>
-<div class="ttc" id="structpsa__generate__key__extra__rsa_html"><div class="ttname"><a href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a></div><div class="ttdef"><b>Definition:</b> crypto.h:3255</div></div>
-</div><!-- fragment --></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__enum_8h.html b/docs/html/crypto__enum_8h.html
deleted file mode 100644
index 851333c..0000000
--- a/docs/html/crypto__enum_8h.html
+++ /dev/null
@@ -1,697 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_enum.h File Reference</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">Working draft</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a>  </div>
-  <div class="headertitle">
-<div class="title">crypto_enum.h File Reference</div>  </div>
-</div><!--header-->
-<div class="contents">
-
-<p>PSA cryptography module: Integer encodings.  
-<a href="#details">More...</a></p>
-<div class="textblock"><code>#include &lt;stdint.h&gt;</code><br />
-</div><div class="textblock"><div class="dynheader">
-Include dependency graph for crypto_enum.h:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto__enum_8h__incl.png" border="0" usemap="#psa_2crypto__enum_8h" alt=""/></div>
-</div>
-</div><div class="textblock"><div class="dynheader">
-This graph shows which files directly or indirectly include this file:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto__enum_8h__dep__incl.png" border="0" usemap="#psa_2crypto__enum_8hdep" alt=""/></div>
-<map name="psa_2crypto__enum_8hdep" id="psa_2crypto__enum_8hdep">
-<area shape="rect" id="node2" href="crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="25,80,119,107"/>
-</map>
-</div>
-</div>
-<p><a href="crypto__enum_8h_source.html">Go to the source code of this file.</a></p>
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga4cc859e2c66ca381c7418db3527a65e1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)0)</td></tr>
-<tr class="separator:ga4cc859e2c66ca381c7418db3527a65e1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga24d5fdcdd759f846f79d9e581c63a83f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f">PSA_ERROR_UNKNOWN_ERROR</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)1)</td></tr>
-<tr class="separator:ga24d5fdcdd759f846f79d9e581c63a83f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1dcc6d130633ed5db8942257581b55dd"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)2)</td></tr>
-<tr class="separator:ga1dcc6d130633ed5db8942257581b55dd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4d1b8dd8526177a15a210b7afc1accb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)3)</td></tr>
-<tr class="separator:ga4d1b8dd8526177a15a210b7afc1accb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga695025f4ec11249aee7ea3d0f65e01c8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)4)</td></tr>
-<tr class="separator:ga695025f4ec11249aee7ea3d0f65e01c8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2fee3a51249fbea45360aaa911f3e58"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)5)</td></tr>
-<tr class="separator:gac2fee3a51249fbea45360aaa911f3e58"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaba00e3e6ceb2b12965a81e5ac02ae040"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)6)</td></tr>
-<tr class="separator:gaba00e3e6ceb2b12965a81e5ac02ae040"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga933d40fa2a591004f2e93aa91e11db84"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)7)</td></tr>
-<tr class="separator:ga933d40fa2a591004f2e93aa91e11db84"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga798df25a505ebf931f7bec1f80f1f85f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)8)</td></tr>
-<tr class="separator:ga798df25a505ebf931f7bec1f80f1f85f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga91b2ad8a867517a2651f1b076c5216e5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)9)</td></tr>
-<tr class="separator:ga91b2ad8a867517a2651f1b076c5216e5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga897a45eb206a6f6b7be7ffbe36f0d766"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)10)</td></tr>
-<tr class="separator:ga897a45eb206a6f6b7be7ffbe36f0d766"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5cdb6948371d49e916106249020ea3f7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)11)</td></tr>
-<tr class="separator:ga5cdb6948371d49e916106249020ea3f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadd169a1af2707862b95fb9df91dfc37d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">PSA_ERROR_STORAGE_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)12)</td></tr>
-<tr class="separator:gadd169a1af2707862b95fb9df91dfc37d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga08b10e70fa5ff0b05c631d9f8f6b2c6b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)13)</td></tr>
-<tr class="separator:ga08b10e70fa5ff0b05c631d9f8f6b2c6b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2c5dda1485cb54f2385cb9c1279a7004"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)14)</td></tr>
-<tr class="separator:ga2c5dda1485cb54f2385cb9c1279a7004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4deb59fec02297ec5d8b42178323f675"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)15)</td></tr>
-<tr class="separator:ga4deb59fec02297ec5d8b42178323f675"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga35927f755d232c4766de600f2c49e9f2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)16)</td></tr>
-<tr class="separator:ga35927f755d232c4766de600f2c49e9f2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabe29594edbfb152cf153975b0597ac48"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">PSA_ERROR_INVALID_PADDING</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)17)</td></tr>
-<tr class="separator:gabe29594edbfb152cf153975b0597ac48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf1fa61f72e9e5b4a848c991bea495767"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">PSA_ERROR_INSUFFICIENT_CAPACITY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)18)</td></tr>
-<tr class="separator:gaf1fa61f72e9e5b4a848c991bea495767"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadf22718935657c2c3168c228204085f9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)19)</td></tr>
-<tr class="separator:gadf22718935657c2c3168c228204085f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafce7ab2b54ce97ea5bff73f13a9f3e5b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b">PSA_KEY_TYPE_NONE</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x00000000)</td></tr>
-<tr class="separator:gafce7ab2b54ce97ea5bff73f13a9f3e5b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8dbaed2fdb1ebae8aa127ad3988516f7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x80000000)</td></tr>
-<tr class="separator:ga8dbaed2fdb1ebae8aa127ad3988516f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6eeda1b2a1550050cf68dbcac35ad8ac"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70000000)</td></tr>
-<tr class="separator:ga6eeda1b2a1550050cf68dbcac35ad8ac"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8f214beb04334be08f927f227f097ef1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_SYMMETRIC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000000)</td></tr>
-<tr class="separator:ga8f214beb04334be08f927f227f097ef1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab8af75718c5e7b8987720a3fe8abb18f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_RAW</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x50000000)</td></tr>
-<tr class="separator:gab8af75718c5e7b8987720a3fe8abb18f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58b975beeee1f937cecb71c8051c6357"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60000000)</td></tr>
-<tr class="separator:ga58b975beeee1f937cecb71c8051c6357"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga708196a91ec0384de98e092b9a16f5e8"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_KEY_PAIR</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70000000)</td></tr>
-<tr class="separator:ga708196a91ec0384de98e092b9a16f5e8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5a77cb4db2d02ffce77631339e3240f4"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x10000000)</td></tr>
-<tr class="separator:ga5a77cb4db2d02ffce77631339e3240f4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadbe4c086a6562aefe344bc79e51bdfd3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3">PSA_KEY_TYPE_IS_VENDOR_DEFINED</a>(type)&#160;&#160;&#160;(((type) &amp; <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a>) != 0)</td></tr>
-<tr class="separator:gadbe4c086a6562aefe344bc79e51bdfd3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaef86ce4e810e1c2c76068ac874bfef54"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type)</td></tr>
-<tr class="separator:gaef86ce4e810e1c2c76068ac874bfef54"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab138ae2ebf2905dfbaf4154db2620939"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type)</td></tr>
-<tr class="separator:gab138ae2ebf2905dfbaf4154db2620939"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac674a0f059bc0cb72b47f0c517b4f45b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">PSA_KEY_TYPE_IS_PUBLIC_KEY</a>(type)&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</td></tr>
-<tr class="separator:gac674a0f059bc0cb72b47f0c517b4f45b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac14c6d6e1b2b7f4a92a7b757465cff29"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29">PSA_KEY_TYPE_IS_KEYPAIR</a>(type)&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</td></tr>
-<tr class="separator:gac14c6d6e1b2b7f4a92a7b757465cff29"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf09f1ca1de6a7e7cff0fe516f3f6c91d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d">PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY</a>(type)&#160;&#160;&#160;((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td></tr>
-<tr class="separator:gaf09f1ca1de6a7e7cff0fe516f3f6c91d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gace08e46dd7cbf642d50d982a25d02bec"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type)&#160;&#160;&#160;((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td></tr>
-<tr class="separator:gace08e46dd7cbf642d50d982a25d02bec"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa97f92025533102616b32d571c940d80"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa97f92025533102616b32d571c940d80">PSA_KEY_TYPE_RAW_DATA</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x50000001)</td></tr>
-<tr class="separator:gaa97f92025533102616b32d571c940d80"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga92d989f4ca64abd00f463defd773a6f8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8">PSA_KEY_TYPE_HMAC</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x51000000)</td></tr>
-<tr class="separator:ga92d989f4ca64abd00f463defd773a6f8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae871b2357b8593f33bfd51abbf93ebb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">PSA_KEY_TYPE_DERIVE</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x52000000)</td></tr>
-<tr class="separator:gae871b2357b8593f33bfd51abbf93ebb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6ee54579dcf278c677eda4bb1a29575e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">PSA_KEY_TYPE_AES</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000001)</td></tr>
-<tr class="separator:ga6ee54579dcf278c677eda4bb1a29575e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga577562bfbbc691c820d55ec308333138"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">PSA_KEY_TYPE_DES</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000002)</td></tr>
-<tr class="separator:ga577562bfbbc691c820d55ec308333138"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8e5da742343fd5519f9d8a630c2ed81"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">PSA_KEY_TYPE_CAMELLIA</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000003)</td></tr>
-<tr class="separator:gad8e5da742343fd5519f9d8a630c2ed81"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae4d46e83f910dcaa126000a8ed03cde9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">PSA_KEY_TYPE_ARC4</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000004)</td></tr>
-<tr class="separator:gae4d46e83f910dcaa126000a8ed03cde9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9ba0878f56c8bcd1995ac017a74f513b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60010000)</td></tr>
-<tr class="separator:ga9ba0878f56c8bcd1995ac017a74f513b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga581f50687f5d650456925278948f2799"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">PSA_KEY_TYPE_RSA_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70010000)</td></tr>
-<tr class="separator:ga581f50687f5d650456925278948f2799"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0e1d8f241228e49c9cadadfb4579ef1a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga0e1d8f241228e49c9cadadfb4579ef1a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5e7439c2905136366c3a876e62e5ddfc"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60020000)</td></tr>
-<tr class="separator:ga5e7439c2905136366c3a876e62e5ddfc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga011010ee28c20388f3d89fb27088ed62"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">PSA_KEY_TYPE_DSA_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70020000)</td></tr>
-<tr class="separator:ga011010ee28c20388f3d89fb27088ed62"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga273fdfcf23eb0624f8b63d2321cf95c1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1">PSA_KEY_TYPE_IS_DSA</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga273fdfcf23eb0624f8b63d2321cf95c1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8d37a32a305dda9fb4af1707aace47c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60030000)</td></tr>
-<tr class="separator:gad8d37a32a305dda9fb4af1707aace47c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6754658749714c6ac674bdf6d2d40767"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_KEYPAIR_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70030000)</td></tr>
-<tr class="separator:ga6754658749714c6ac674bdf6d2d40767"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadc2a3c0041ac1d0a2b6f421d8e089b25"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_CURVE_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x0000ffff)</td></tr>
-<tr class="separator:gadc2a3c0041ac1d0a2b6f421d8e089b25"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadf3ad65d157bf5282849c954bf3f51af"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af">PSA_KEY_TYPE_ECC_KEYPAIR</a>(curve)&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))</td></tr>
-<tr class="separator:gadf3ad65d157bf5282849c954bf3f51af"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad54c03d3b47020e571a72cd01d978cf2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve)&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</td></tr>
-<tr class="separator:gad54c03d3b47020e571a72cd01d978cf2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga88e01fa06b585654689a99bcc06bbe66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a>(type)</td></tr>
-<tr class="separator:ga88e01fa06b585654689a99bcc06bbe66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7bf101b671e8cf26f4cb08fcb679db4b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">PSA_KEY_TYPE_IS_ECC_KEYPAIR</a>(type)</td></tr>
-<tr class="separator:ga7bf101b671e8cf26f4cb08fcb679db4b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5af146a173b0c84d7e737e2fb6a3c0a7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(type)</td></tr>
-<tr class="separator:ga5af146a173b0c84d7e737e2fb6a3c0a7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0c567210e6f80aa8f2aa87efa7a3a3f9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9">PSA_KEY_TYPE_GET_CURVE</a>(type)</td></tr>
-<tr class="separator:ga0c567210e6f80aa8f2aa87efa7a3a3f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4201013d5947c375fae7311b0f98bac7"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0001)</td></tr>
-<tr class="separator:ga4201013d5947c375fae7311b0f98bac7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaca8816b785f492a8795b5276977d1369"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0002)</td></tr>
-<tr class="separator:gaca8816b785f492a8795b5276977d1369"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4ab7a853ceb3ad0a525ecb571633a1ca"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0003)</td></tr>
-<tr class="separator:ga4ab7a853ceb3ad0a525ecb571633a1ca"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac9fd11da90ca67649a5f51a158afe5f3"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT193R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0004)</td></tr>
-<tr class="separator:gac9fd11da90ca67649a5f51a158afe5f3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7a77f5e385f6439dae5857a7f35756eb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT193R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0005)</td></tr>
-<tr class="separator:ga7a77f5e385f6439dae5857a7f35756eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga36e409c36983e41db5db202b1d2095b5"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT233K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0006)</td></tr>
-<tr class="separator:ga36e409c36983e41db5db202b1d2095b5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga54997a9f8ef752c6d717171e01c31019"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT233R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0007)</td></tr>
-<tr class="separator:ga54997a9f8ef752c6d717171e01c31019"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaabccf2759188c3e98d82faa5d8dfcd8c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT239K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0008)</td></tr>
-<tr class="separator:gaabccf2759188c3e98d82faa5d8dfcd8c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga28c765d75773b5fe083219e7c0b054f9"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT283K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0009)</td></tr>
-<tr class="separator:ga28c765d75773b5fe083219e7c0b054f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd8ecacea0d9e7e1a0247c047baf3372"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT283R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000a)</td></tr>
-<tr class="separator:gafd8ecacea0d9e7e1a0247c047baf3372"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2bf301617cc84a6f2b36a86cc29eaf4d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT409K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000b)</td></tr>
-<tr class="separator:ga2bf301617cc84a6f2b36a86cc29eaf4d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae41caa1cc16d3c35769b6edcb62c8957"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT409R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000c)</td></tr>
-<tr class="separator:gae41caa1cc16d3c35769b6edcb62c8957"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2043aa519549a6194d132d81816879bc"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT571K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000d)</td></tr>
-<tr class="separator:ga2043aa519549a6194d132d81816879bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1607d2cb9591b56dbe1295bedc33e19e"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT571R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000e)</td></tr>
-<tr class="separator:ga1607d2cb9591b56dbe1295bedc33e19e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2ad14935d244d93ee0e4cfe9b1f218a4"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000f)</td></tr>
-<tr class="separator:ga2ad14935d244d93ee0e4cfe9b1f218a4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga35ed41203039e94eb4855cc70f28f7f0"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0010)</td></tr>
-<tr class="separator:ga35ed41203039e94eb4855cc70f28f7f0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac465f57c34914a01aea8c220a613dfe6"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0011)</td></tr>
-<tr class="separator:gac465f57c34914a01aea8c220a613dfe6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58c806d45ab350287ddc49da833bd558"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP192K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0012)</td></tr>
-<tr class="separator:ga58c806d45ab350287ddc49da833bd558"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5aa3ceff4603fa3fafd8f2286c5d3e4a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP192R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0013)</td></tr>
-<tr class="separator:ga5aa3ceff4603fa3fafd8f2286c5d3e4a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabfaaab2eaab0ac360e41c1aff6133cdf"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP224K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0014)</td></tr>
-<tr class="separator:gabfaaab2eaab0ac360e41c1aff6133cdf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8d1d21b6b87ba4158235b876ae79031d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP224R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0015)</td></tr>
-<tr class="separator:ga8d1d21b6b87ba4158235b876ae79031d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaa61941f815aff976a1debd910b1704c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP256K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0016)</td></tr>
-<tr class="separator:gaaa61941f815aff976a1debd910b1704c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11224270225c2b2dbfa2ab01073a4e93"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP256R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0017)</td></tr>
-<tr class="separator:ga11224270225c2b2dbfa2ab01073a4e93"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3e870a36493143507a01a28c70790fa3"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP384R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0018)</td></tr>
-<tr class="separator:ga3e870a36493143507a01a28c70790fa3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4482ff6155006ff509071c32ce263fdf"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP521R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0019)</td></tr>
-<tr class="separator:ga4482ff6155006ff509071c32ce263fdf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa999b69c56af0cc1cebf4596f8578191"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P256R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001a)</td></tr>
-<tr class="separator:gaa999b69c56af0cc1cebf4596f8578191"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga79f95ed8050f2dc7750cbac212c6e687"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P384R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001b)</td></tr>
-<tr class="separator:ga79f95ed8050f2dc7750cbac212c6e687"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa03a2dc6096f336be3d68a1f7405e86c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P512R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001c)</td></tr>
-<tr class="separator:gaa03a2dc6096f336be3d68a1f7405e86c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac94faf3b8d9884221541f51f26b11c7a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_CURVE25519</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001d)</td></tr>
-<tr class="separator:gac94faf3b8d9884221541f51f26b11c7a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga902b0e91eff920873b3b59c740854305"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_CURVE448</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001e)</td></tr>
-<tr class="separator:ga902b0e91eff920873b3b59c740854305"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacaa366bdeb0413e63e87a667c5457b2e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">PSA_BLOCK_CIPHER_BLOCK_SIZE</a>(type)</td></tr>
-<tr class="separator:gacaa366bdeb0413e63e87a667c5457b2e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf5d76750b6cfe3e7f0c8e9eee1162318"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_VENDOR_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x80000000)</td></tr>
-<tr class="separator:gaf5d76750b6cfe3e7f0c8e9eee1162318"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga25e918c465b4421dbfaedad6b693d110"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x7f000000)</td></tr>
-<tr class="separator:ga25e918c465b4421dbfaedad6b693d110"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd048e1835b80e6daaff7fddce699757"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_HASH</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000000)</td></tr>
-<tr class="separator:gafd048e1835b80e6daaff7fddce699757"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5e6e0039d0b0d18afb3e13e5b9602b3a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_MAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02000000)</td></tr>
-<tr class="separator:ga5e6e0039d0b0d18afb3e13e5b9602b3a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga68228a619db59eba93fd13e9129dbfe2"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_CIPHER</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04000000)</td></tr>
-<tr class="separator:ga68228a619db59eba93fd13e9129dbfe2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga37fdd9cac2552f1568f38e091a826549"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_AEAD</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06000000)</td></tr>
-<tr class="separator:ga37fdd9cac2552f1568f38e091a826549"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga68a0af1dd89b33fb1e53139f654988f6"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_SIGN</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10000000)</td></tr>
-<tr class="separator:ga68a0af1dd89b33fb1e53139f654988f6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga72f46c8256b760b174e6db61a61cd608"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12000000)</td></tr>
-<tr class="separator:ga72f46c8256b760b174e6db61a61cd608"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga808e397a4891c612df4a5b20eebc2fac"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_KEY_AGREEMENT</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x22000000)</td></tr>
-<tr class="separator:ga808e397a4891c612df4a5b20eebc2fac"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac185b2274dd4e5f0b97c43334c2e478f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_KEY_DERIVATION</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30000000)</td></tr>
-<tr class="separator:gac185b2274dd4e5f0b97c43334c2e478f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga46ccba3464541e05a428ddc5c176e7af"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_KEY_SELECTION</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x31000000)</td></tr>
-<tr class="separator:ga46ccba3464541e05a428ddc5c176e7af"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2396d8ba67096b3ebc69bc351a74c78b"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_VENDOR_DEFINED</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_VENDOR_FLAG) != 0)</td></tr>
-<tr class="separator:ga2396d8ba67096b3ebc69bc351a74c78b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac9280662bb482590b4b33d1dcd32930f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</td></tr>
-<tr class="separator:gac9280662bb482590b4b33d1dcd32930f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaca7aee4c9dde316b3b1a150a26eab776"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</td></tr>
-<tr class="separator:gaca7aee4c9dde316b3b1a150a26eab776"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d1a5a402ad89a2e68f12bfb535490eb"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">PSA_ALG_IS_CIPHER</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</td></tr>
-<tr class="separator:ga1d1a5a402ad89a2e68f12bfb535490eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d44829d60065eaa4ac9a703e7d6abc8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</td></tr>
-<tr class="separator:ga1d44829d60065eaa4ac9a703e7d6abc8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d490d0904e0698f6c1268a89d72ff31"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">PSA_ALG_IS_SIGN</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</td></tr>
-<tr class="separator:ga6d490d0904e0698f6c1268a89d72ff31"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga41d2ee937d54efd76bd54a97b2ebc08a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</td></tr>
-<tr class="separator:ga41d2ee937d54efd76bd54a97b2ebc08a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab19961aac97f3856f83057b04ba7c5f5"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_SELECTION_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000000)</td></tr>
-<tr class="separator:gab19961aac97f3856f83057b04ba7c5f5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga59753742cb06553bd22751bbef472b6f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(alg)</td></tr>
-<tr class="separator:ga59753742cb06553bd22751bbef472b6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf8b90c648aa53dbd06c236695e300cd0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</td></tr>
-<tr class="separator:gaf8b90c648aa53dbd06c236695e300cd0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga51b1834ee5e98c6a83c2cfc7699f9077"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga51b1834ee5e98c6a83c2cfc7699f9077">PSA_ALG_IS_KEY_SELECTION</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_SELECTION)</td></tr>
-<tr class="separator:ga51b1834ee5e98c6a83c2cfc7699f9077"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac41a7077aef55bb20c629c8949d43c57"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HASH_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x000000ff)</td></tr>
-<tr class="separator:gac41a7077aef55bb20c629c8949d43c57"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab076ca67238cb4ebd81556db8f3dbac1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000001)</td></tr>
-<tr class="separator:gab076ca67238cb4ebd81556db8f3dbac1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaac7ab8c28c117ef4ddf01affc8d3ceb2"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD4</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000002)</td></tr>
-<tr class="separator:gaac7ab8c28c117ef4ddf01affc8d3ceb2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gade591d9286d23382eb5cec099c84180d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD5</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000003)</td></tr>
-<tr class="separator:gade591d9286d23382eb5cec099c84180d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6c5d3a32cda59086f07b85ef007033dd"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RIPEMD160</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000004)</td></tr>
-<tr class="separator:ga6c5d3a32cda59086f07b85ef007033dd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3fca4e9f9ad4a1158817d1850dee82e5"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_SHA_1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000005)</td></tr>
-<tr class="separator:ga3fca4e9f9ad4a1158817d1850dee82e5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga25d6a3244d10a7148fe6b026d1979f7b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">PSA_ALG_SHA_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000008)</td></tr>
-<tr class="separator:ga25d6a3244d10a7148fe6b026d1979f7b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga619471f978e13cdd0a1e37145e4bf341"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">PSA_ALG_SHA_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000009)</td></tr>
-<tr class="separator:ga619471f978e13cdd0a1e37145e4bf341"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58af64dd9a86a287e8da9ed7739eead4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">PSA_ALG_SHA_384</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000a)</td></tr>
-<tr class="separator:ga58af64dd9a86a287e8da9ed7739eead4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafba3ae409f46d3dd7f37a0910660c3e9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">PSA_ALG_SHA_512</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000b)</td></tr>
-<tr class="separator:gafba3ae409f46d3dd7f37a0910660c3e9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3fe2d7c3c80e3186ca78d16a35d5d931"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">PSA_ALG_SHA_512_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000c)</td></tr>
-<tr class="separator:ga3fe2d7c3c80e3186ca78d16a35d5d931"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5910b3964c14e9613e8643a45b09c2d4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">PSA_ALG_SHA_512_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000d)</td></tr>
-<tr class="separator:ga5910b3964c14e9613e8643a45b09c2d4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga16f5fe34ccce68c2fada1224c054a999"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">PSA_ALG_SHA3_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000010)</td></tr>
-<tr class="separator:ga16f5fe34ccce68c2fada1224c054a999"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaace70d9515489bbe3c5e7ac1b7d9155b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">PSA_ALG_SHA3_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000011)</td></tr>
-<tr class="separator:gaace70d9515489bbe3c5e7ac1b7d9155b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab0f079257ea75e2acfe2fc3b38c78cd8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">PSA_ALG_SHA3_384</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000012)</td></tr>
-<tr class="separator:gab0f079257ea75e2acfe2fc3b38c78cd8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga37e5dbe936dddb155e76f2997de27188"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">PSA_ALG_SHA3_512</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000013)</td></tr>
-<tr class="separator:ga37e5dbe936dddb155e76f2997de27188"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabba3fcfee55533b0e25350e78a942e07"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MAC_SUBCATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00c00000)</td></tr>
-<tr class="separator:gabba3fcfee55533b0e25350e78a942e07"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0675192b82720fb8c9037a95bdeb6c88"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HMAC_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02800000)</td></tr>
-<tr class="separator:ga0675192b82720fb8c9037a95bdeb6c88"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga70f397425684b3efcde1e0e34c28261f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">PSA_ALG_HMAC</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga70f397425684b3efcde1e0e34c28261f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaee84269106a947cb6ac353e15e6c4687"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HMAC_GET_HASH</b>(hmac_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hmac_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gaee84269106a947cb6ac353e15e6c4687"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4a050c3c3cbc6eb96418f18847601c8a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">PSA_ALG_IS_HMAC</a>(alg)</td></tr>
-<tr class="separator:ga4a050c3c3cbc6eb96418f18847601c8a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8c48784065c65c623a21b9a3ccc56b1d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MAC_TRUNCATION_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00003f00)</td></tr>
-<tr class="separator:ga8c48784065c65c623a21b9a3ccc56b1d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6db5ce573e6ad52068aba31c3afdce31"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_MAC_TRUNCATION_OFFSET</b>&#160;&#160;&#160;8</td></tr>
-<tr class="separator:ga6db5ce573e6ad52068aba31c3afdce31"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf36137110baf7bb13c5028fd62c64276"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276">PSA_ALG_TRUNCATED_MAC</a>(alg,  mac_length)</td></tr>
-<tr class="separator:gaf36137110baf7bb13c5028fd62c64276"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa05a8d99634f3350597ac9284fb70cb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1">PSA_ALG_FULL_LENGTH_MAC</a>(alg)&#160;&#160;&#160;((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</td></tr>
-<tr class="separator:gaa05a8d99634f3350597ac9284fb70cb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab03726c4476174e019a08e2a04018ce8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">PSA_MAC_TRUNCATED_LENGTH</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</td></tr>
-<tr class="separator:gab03726c4476174e019a08e2a04018ce8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaee0c29980b08305f6d0e7b3fbb588ade"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_MAC_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00000)</td></tr>
-<tr class="separator:gaee0c29980b08305f6d0e7b3fbb588ade"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga20bdc755de7b90f6621ccb1e6bb5d9e1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CBC_MAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00001)</td></tr>
-<tr class="separator:ga20bdc755de7b90f6621ccb1e6bb5d9e1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga146328a1e0023a02464e232d6ecefdc2"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CMAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00002)</td></tr>
-<tr class="separator:ga146328a1e0023a02464e232d6ecefdc2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga69a012ce150219a2d97c3ab5582f0004"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_GMAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00003)</td></tr>
-<tr class="separator:ga69a012ce150219a2d97c3ab5582f0004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae49d1eb601125d65a5c5b252aa45479e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg)</td></tr>
-<tr class="separator:gae49d1eb601125d65a5c5b252aa45479e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac79618293c4254143caa75f6c5c82fa1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_STREAM_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00800000)</td></tr>
-<tr class="separator:gac79618293c4254143caa75f6c5c82fa1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabc80d19d140032e3b138db4ed37d0bd7"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_FROM_BLOCK_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00400000)</td></tr>
-<tr class="separator:gabc80d19d140032e3b138db4ed37d0bd7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacfec68e0c6175e02e1b2ebc97df383c0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0">PSA_ALG_IS_STREAM_CIPHER</a>(alg)</td></tr>
-<tr class="separator:gacfec68e0c6175e02e1b2ebc97df383c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab6a5284decb0e5e1b5b8740a41ef3c5e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e">PSA_ALG_ARC4</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04800001)</td></tr>
-<tr class="separator:gab6a5284decb0e5e1b5b8740a41ef3c5e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad318309706a769cffdc64e4c7e06b2e9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">PSA_ALG_CTR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00001)</td></tr>
-<tr class="separator:gad318309706a769cffdc64e4c7e06b2e9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0088c933e01d671f263a9a1f177cb5bc"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CFB</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00002)</td></tr>
-<tr class="separator:ga0088c933e01d671f263a9a1f177cb5bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae96bb421fa634c6fa8f571f0112f1ddb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_OFB</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00003)</td></tr>
-<tr class="separator:gae96bb421fa634c6fa8f571f0112f1ddb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa722c0e426a797fd6d99623f59748125"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125">PSA_ALG_XTS</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x044000ff)</td></tr>
-<tr class="separator:gaa722c0e426a797fd6d99623f59748125"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacb332d72716958880ee7f97d8365ae66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66">PSA_ALG_CBC_NO_PADDING</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600100)</td></tr>
-<tr class="separator:gacb332d72716958880ee7f97d8365ae66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaef50d2e9716eb6d476046608e4e0c78c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c">PSA_ALG_CBC_PKCS7</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600101)</td></tr>
-<tr class="separator:gaef50d2e9716eb6d476046608e4e0c78c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2c0e7d21f1b2df5e76bcb4a8f84273c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CCM</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001001)</td></tr>
-<tr class="separator:gac2c0e7d21f1b2df5e76bcb4a8f84273c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0d7d02b15aaae490d38277d99f1c637c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_GCM</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001002)</td></tr>
-<tr class="separator:ga0d7d02b15aaae490d38277d99f1c637c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga575d9082463a06a86c2a22dd63c2e772"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_AEAD_TAG_LENGTH_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00003f00)</td></tr>
-<tr class="separator:ga575d9082463a06a86c2a22dd63c2e772"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga987d416146048906d40dd1d9572e3193"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_AEAD_TAG_LENGTH_OFFSET</b>&#160;&#160;&#160;8</td></tr>
-<tr class="separator:ga987d416146048906d40dd1d9572e3193"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa63c520b62ab001d54d28801742fc9db"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">PSA_ALG_AEAD_WITH_TAG_LENGTH</a>(alg,  tag_length)</td></tr>
-<tr class="separator:gaa63c520b62ab001d54d28801742fc9db"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaddea507e062250cda8a29407a9480d2b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</a>(alg)</td></tr>
-<tr class="separator:gaddea507e062250cda8a29407a9480d2b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6e52012ca3be6acb4c756c372f18c3eb"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</b>(alg,  ref)</td></tr>
-<tr class="separator:ga6e52012ca3be6acb4c756c372f18c3eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga819b23c9899e92e9f867c7b2ae8f264c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_PKCS1V15_SIGN_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10020000)</td></tr>
-<tr class="separator:ga819b23c9899e92e9f867c7b2ae8f264c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga702ff75385a6ae7d4247033f479439af"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga702ff75385a6ae7d4247033f479439af"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4215e2a78dcf834e9a625927faa2a817"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a>&#160;&#160;&#160;PSA_ALG_RSA_PKCS1V15_SIGN_BASE</td></tr>
-<tr class="separator:ga4215e2a78dcf834e9a625927faa2a817"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9d545279f23d43b1b2a744d0dd6826d0"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_PKCS1V15_SIGN</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)</td></tr>
-<tr class="separator:ga9d545279f23d43b1b2a744d0dd6826d0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga49d39a343790971b7a74644f4faea0c0"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_PSS_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10030000)</td></tr>
-<tr class="separator:ga49d39a343790971b7a74644f4faea0c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga62152bf4cb4bf6aace5e1be8f143564d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">PSA_ALG_RSA_PSS</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga62152bf4cb4bf6aace5e1be8f143564d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafa04fae7393a76d5161558768cb82a78"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_PSS</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)</td></tr>
-<tr class="separator:gafa04fae7393a76d5161558768cb82a78"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga863284106894476e3a8524805410b55b"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10040000)</td></tr>
-<tr class="separator:ga863284106894476e3a8524805410b55b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9a68efdddff5ae95f104a1416b12742e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e">PSA_ALG_DSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga9a68efdddff5ae95f104a1416b12742e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad3800dafc62d6a17bcae4bce98402e68"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DETERMINISTIC_DSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10050000)</td></tr>
-<tr class="separator:gad3800dafc62d6a17bcae4bce98402e68"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d2a96f788cce4f8fc156d13342e70de"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_DETERMINISTIC_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00010000)</td></tr>
-<tr class="separator:ga1d2a96f788cce4f8fc156d13342e70de"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab8eb98fb6d2e094e47f3b44dfe128f94"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DETERMINISTIC_DSA</b>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gab8eb98fb6d2e094e47f3b44dfe128f94"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacfc3cd50ef0c4bf694cf936079bcbaee"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DSA</b>(alg)</td></tr>
-<tr class="separator:gacfc3cd50ef0c4bf694cf936079bcbaee"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae01ae792228c16eac05102f8e900efd1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_IS_DETERMINISTIC</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</td></tr>
-<tr class="separator:gae01ae792228c16eac05102f8e900efd1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11f7d6fe7a4441143ed398420b7d1980"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DETERMINISTIC_DSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_DSA(alg) &amp;&amp; PSA_ALG_DSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:ga11f7d6fe7a4441143ed398420b7d1980"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga474c0582c4726d0c0274e470f4199cf9"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RANDOMIZED_DSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_DSA(alg) &amp;&amp; !PSA_ALG_DSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:ga474c0582c4726d0c0274e470f4199cf9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd9800fdbe6ea881e0ac0ce03d145928"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_ECDSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10060000)</td></tr>
-<tr class="separator:gafd9800fdbe6ea881e0ac0ce03d145928"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7e3ce9f514a227d5ba5d8318870452e3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga7e3ce9f514a227d5ba5d8318870452e3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga51d6b6044a62e33cae0cf64bfc3b22a4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4">PSA_ALG_ECDSA_ANY</a>&#160;&#160;&#160;PSA_ALG_ECDSA_BASE</td></tr>
-<tr class="separator:ga51d6b6044a62e33cae0cf64bfc3b22a4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6c08b65200140aeb46ee9db9c8ed878c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DETERMINISTIC_ECDSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10070000)</td></tr>
-<tr class="separator:ga6c08b65200140aeb46ee9db9c8ed878c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11da566bcd341661c8de921e2ca5ed03"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga11da566bcd341661c8de921e2ca5ed03"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafb92dc138c9d2388033ff5fc1dab7b48"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_ECDSA</b>(alg)</td></tr>
-<tr class="separator:gafb92dc138c9d2388033ff5fc1dab7b48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaced29d8e3a1740aaec01e9ef8211df4f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_ECDSA_IS_DETERMINISTIC</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</td></tr>
-<tr class="separator:gaced29d8e3a1740aaec01e9ef8211df4f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacd8766fe0fb8c1e2d32644e0d092c43a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DETERMINISTIC_ECDSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_ECDSA(alg) &amp;&amp; PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:gacd8766fe0fb8c1e2d32644e0d092c43a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae7b0fafebd139f6f815285b7cad622ea"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RANDOMIZED_ECDSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_ECDSA(alg) &amp;&amp; !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:gae7b0fafebd139f6f815285b7cad622ea"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga24cf6d7bcd2b9aeeeff86f07b6c674e3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">PSA_ALG_SIGN_GET_HASH</a>(alg)</td></tr>
-<tr class="separator:ga24cf6d7bcd2b9aeeeff86f07b6c674e3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4c540d3abe43fb9abcb94f2bc51acef9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9">PSA_ALG_RSA_PKCS1V15_CRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12020000)</td></tr>
-<tr class="separator:ga4c540d3abe43fb9abcb94f2bc51acef9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga67ba62fbd154f5d3098866ae68ba66eb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_OAEP_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12030000)</td></tr>
-<tr class="separator:ga67ba62fbd154f5d3098866ae68ba66eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa1235dc3fdd9839c6c1b1a9857344c76"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76">PSA_ALG_RSA_OAEP</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gaa1235dc3fdd9839c6c1b1a9857344c76"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9a85c05fd5c39ca63bbc47fb0755da39"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_OAEP</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)</td></tr>
-<tr class="separator:ga9a85c05fd5c39ca63bbc47fb0755da39"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae6b0b87aabe82a1b3113824f022c52e8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_OAEP_GET_HASH</b>(alg)</td></tr>
-<tr class="separator:gae6b0b87aabe82a1b3113824f022c52e8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga85fe668f95a1e65b573dc5acb798be6f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HKDF_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30000100)</td></tr>
-<tr class="separator:ga85fe668f95a1e65b573dc5acb798be6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga32a888fb360e6e25cab8a343772c4a82"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82">PSA_ALG_HKDF</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga32a888fb360e6e25cab8a343772c4a82"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1979d0a76fcee6164cf2e65960f38db2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2">PSA_ALG_IS_HKDF</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</td></tr>
-<tr class="separator:ga1979d0a76fcee6164cf2e65960f38db2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga643df48b529b176995927b697ff07a4c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HKDF_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga643df48b529b176995927b697ff07a4c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadb328698047e32da8e16551b28b50a35"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PRF_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30000200)</td></tr>
-<tr class="separator:gadb328698047e32da8e16551b28b50a35"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d5623c2ccda1d4a84e34351af8382d5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5">PSA_ALG_TLS12_PRF</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga6d5623c2ccda1d4a84e34351af8382d5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa3c18890c50222e5219f40ade8927e66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66">PSA_ALG_IS_TLS12_PRF</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</td></tr>
-<tr class="separator:gaa3c18890c50222e5219f40ade8927e66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga403b2695655c7e03d6c07c061c606ab7"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PRF_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga403b2695655c7e03d6c07c061c606ab7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaca4b1953a3f31f1a285a48454aa4a6f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PSK_TO_MS_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30000300)</td></tr>
-<tr class="separator:gaaca4b1953a3f31f1a285a48454aa4a6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga039ec797f15d1635d9b2e09a611f8a68"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga039ec797f15d1635d9b2e09a611f8a68"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab25ecc074a93fd11069bedfbba5a287b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</td></tr>
-<tr class="separator:gab25ecc074a93fd11069bedfbba5a287b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga49f873d8cf9fb0042118e626330eec9d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga49f873d8cf9fb0042118e626330eec9d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga914b52f4be62633b3350c5e03bf32ecb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_DERIVATION_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x010fffff)</td></tr>
-<tr class="separator:ga914b52f4be62633b3350c5e03bf32ecb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacbbcb60abf1714722f50f80ce9c21602"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacbbcb60abf1714722f50f80ce9c21602">PSA_ALG_SELECT_RAW</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x31000001)</td></tr>
-<tr class="separator:gacbbcb60abf1714722f50f80ce9c21602"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga56c1189add62b59e8e6a28a809b57037"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_GET_KDF</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)</td></tr>
-<tr class="separator:ga56c1189add62b59e8e6a28a809b57037"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf837c55ba698b488b6e63300e3470abf"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_GET_BASE</b>(alg)&#160;&#160;&#160;((alg) &amp; ~PSA_ALG_KEY_DERIVATION_MASK)</td></tr>
-<tr class="separator:gaf837c55ba698b488b6e63300e3470abf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf5e91b071f657a662ce546d4989e0067"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_FFDH_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x22100000)</td></tr>
-<tr class="separator:gaf5e91b071f657a662ce546d4989e0067"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga21037568ad0b2e97d76dfc700b6b4483"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga21037568ad0b2e97d76dfc700b6b4483">PSA_ALG_FFDH</a>(kdf_alg)&#160;&#160;&#160;(PSA_ALG_FFDH_BASE | ((kdf_alg) &amp; PSA_ALG_KEY_DERIVATION_MASK))</td></tr>
-<tr class="separator:ga21037568ad0b2e97d76dfc700b6b4483"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa3cf76164cd9375af4fb8a291078a19e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e">PSA_ALG_IS_FFDH</a>(alg)&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE)</td></tr>
-<tr class="separator:gaa3cf76164cd9375af4fb8a291078a19e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga856863cdf3b7881d7dcb2b0f8a72b5c8"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_ECDH_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x22200000)</td></tr>
-<tr class="separator:ga856863cdf3b7881d7dcb2b0f8a72b5c8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga974b73fccc5a9142256d8ce3092dff7f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga974b73fccc5a9142256d8ce3092dff7f">PSA_ALG_ECDH</a>(kdf_alg)&#160;&#160;&#160;(PSA_ALG_ECDH_BASE | ((kdf_alg) &amp; PSA_ALG_KEY_DERIVATION_MASK))</td></tr>
-<tr class="separator:ga974b73fccc5a9142256d8ce3092dff7f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9d9b6533d2a6bea7bac7ae01facb820d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d">PSA_ALG_IS_ECDH</a>(alg)&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE)</td></tr>
-<tr class="separator:ga9d9b6533d2a6bea7bac7ae01facb820d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8b438870ba69489b685730d346455108"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">PSA_KEY_LIFETIME_VOLATILE</a>&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000000)</td></tr>
-<tr class="separator:ga8b438870ba69489b685730d346455108"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3713a01c5fcd5f7eae46ff22ceaf6d02"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02">PSA_KEY_LIFETIME_PERSISTENT</a>&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000001)</td></tr>
-<tr class="separator:ga3713a01c5fcd5f7eae46ff22ceaf6d02"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7dddccdd1303176e87a4d20c87b589ed"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed">PSA_KEY_USAGE_EXPORT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000001)</td></tr>
-<tr class="separator:ga7dddccdd1303176e87a4d20c87b589ed"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga75153b296d045d529d97203a6a995dad"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga75153b296d045d529d97203a6a995dad">PSA_KEY_USAGE_ENCRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000100)</td></tr>
-<tr class="separator:ga75153b296d045d529d97203a6a995dad"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac3f2d2e5983db1edde9f142ca9bf8e6a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a">PSA_KEY_USAGE_DECRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000200)</td></tr>
-<tr class="separator:gac3f2d2e5983db1edde9f142ca9bf8e6a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga99b9f456cf59efc4b5579465407aef5a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga99b9f456cf59efc4b5579465407aef5a">PSA_KEY_USAGE_SIGN</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000400)</td></tr>
-<tr class="separator:ga99b9f456cf59efc4b5579465407aef5a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga39b54ffd5958b69634607924fa53cea6"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga39b54ffd5958b69634607924fa53cea6">PSA_KEY_USAGE_VERIFY</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000800)</td></tr>
-<tr class="separator:ga39b54ffd5958b69634607924fa53cea6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf19022acc5ef23cf12477f632b48a0b2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2">PSA_KEY_USAGE_DERIVE</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00001000)</td></tr>
-<tr class="separator:gaf19022acc5ef23cf12477f632b48a0b2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="memItemLeft" align="right" valign="top">typedef int32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a></td></tr>
-<tr class="memdesc:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="mdescLeft">&#160;</td><td class="mdescRight">Function return status.  <a href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">More...</a><br /></td></tr>
-<tr class="separator:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga578159487dfc7096cb191b0d2befe628"><td class="memItemLeft" align="right" valign="top">
-typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a></td></tr>
-<tr class="memdesc:ga578159487dfc7096cb191b0d2befe628"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of a key type. <br /></td></tr>
-<tr class="separator:ga578159487dfc7096cb191b0d2befe628"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4e8977c145cce5077c4bce7fec890ad9"><td class="memItemLeft" align="right" valign="top">typedef uint16_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a></td></tr>
-<tr class="separator:ga4e8977c145cce5077c4bce7fec890ad9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2e4d47f1300d73c2f829a6d99252d69"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a></td></tr>
-<tr class="memdesc:gac2e4d47f1300d73c2f829a6d99252d69"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of a cryptographic algorithm.  <a href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">More...</a><br /></td></tr>
-<tr class="separator:gac2e4d47f1300d73c2f829a6d99252d69"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6821ff6dd39dc2bc370ded760ad8b0cf"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a></td></tr>
-<tr class="separator:ga6821ff6dd39dc2bc370ded760ad8b0cf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11e986351c65bd3dc3c0fe2cd9926e4b"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a></td></tr>
-<tr class="separator:ga11e986351c65bd3dc3c0fe2cd9926e4b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="memItemLeft" align="right" valign="top">
-typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a></td></tr>
-<tr class="memdesc:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of permitted usage on a key. <br /></td></tr>
-<tr class="separator:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<div class="textblock"><p>PSA cryptography module: Integer encodings. </p>
-<dl class="section note"><dt>Note</dt><dd>This file may not be included directly. Applications must include <a class="el" href="crypto_8h.html" title="Platform Security Architecture cryptography module. ">psa/crypto.h</a>. Drivers must include the appropriate driver header file.</dd></dl>
-<p>This file contains portable definitions of integral types and macros to build and analyze values of these types. The types concerned are properties of cryptographic keys, designations of cryptographic algorithms, and error codes returned by the library.</p>
-<p>This header file does not declare any function. </p>
-</div></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__enum_8h__dep__incl.map b/docs/html/crypto__enum_8h__dep__incl.map
deleted file mode 100644
index 805e410..0000000
--- a/docs/html/crypto__enum_8h__dep__incl.map
+++ /dev/null
@@ -1,3 +0,0 @@
-<map id="psa/crypto_enum.h" name="psa/crypto_enum.h">
-<area shape="rect" id="node2" href="$crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="25,80,119,107"/>
-</map>
diff --git a/docs/html/crypto__enum_8h__dep__incl.md5 b/docs/html/crypto__enum_8h__dep__incl.md5
deleted file mode 100644
index 21c7ef7..0000000
--- a/docs/html/crypto__enum_8h__dep__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-13274746bc95b43464bdf033bcf1ced6
\ No newline at end of file
diff --git a/docs/html/crypto__enum_8h__dep__incl.png b/docs/html/crypto__enum_8h__dep__incl.png
deleted file mode 100644
index ac4a5c5..0000000
--- a/docs/html/crypto__enum_8h__dep__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto__enum_8h__incl.map b/docs/html/crypto__enum_8h__incl.map
deleted file mode 100644
index ee3647e..0000000
--- a/docs/html/crypto__enum_8h__incl.map
+++ /dev/null
@@ -1,2 +0,0 @@
-<map id="psa/crypto_enum.h" name="psa/crypto_enum.h">
-</map>
diff --git a/docs/html/crypto__enum_8h__incl.md5 b/docs/html/crypto__enum_8h__incl.md5
deleted file mode 100644
index cc108ec..0000000
--- a/docs/html/crypto__enum_8h__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-a4850a23fc9b42677d19279e04a16c71
\ No newline at end of file
diff --git a/docs/html/crypto__enum_8h__incl.png b/docs/html/crypto__enum_8h__incl.png
deleted file mode 100644
index dd745f9..0000000
--- a/docs/html/crypto__enum_8h__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto__enum_8h_source.html b/docs/html/crypto__enum_8h_source.html
deleted file mode 100644
index 2a7b432..0000000
--- a/docs/html/crypto__enum_8h_source.html
+++ /dev/null
@@ -1,108 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_enum.h Source File</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">Working draft</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="headertitle">
-<div class="title">crypto_enum.h</div>  </div>
-</div><!--header-->
-<div class="contents">
-<a href="crypto__enum_8h.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;</div><div class="line"><a name="l00017"></a><span class="lineno">   17</span>&#160;<span class="comment">/*</span></div><div class="line"><a name="l00018"></a><span class="lineno">   18</span>&#160;<span class="comment"> *  Copyright (C) 2018, ARM Limited, All Rights Reserved</span></div><div class="line"><a name="l00019"></a><span class="lineno">   19</span>&#160;<span class="comment"> *  SPDX-License-Identifier: Apache-2.0</span></div><div class="line"><a name="l00020"></a><span class="lineno">   20</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00021"></a><span class="lineno">   21</span>&#160;<span class="comment"> *  Licensed under the Apache License, Version 2.0 (the &quot;License&quot;); you may</span></div><div class="line"><a name="l00022"></a><span class="lineno">   22</span>&#160;<span class="comment"> *  not use this file except in compliance with the License.</span></div><div class="line"><a name="l00023"></a><span class="lineno">   23</span>&#160;<span class="comment"> *  You may obtain a copy of the License at</span></div><div class="line"><a name="l00024"></a><span class="lineno">   24</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00025"></a><span class="lineno">   25</span>&#160;<span class="comment"> *  http://www.apache.org/licenses/LICENSE-2.0</span></div><div class="line"><a name="l00026"></a><span class="lineno">   26</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00027"></a><span class="lineno">   27</span>&#160;<span class="comment"> *  Unless required by applicable law or agreed to in writing, software</span></div><div class="line"><a name="l00028"></a><span class="lineno">   28</span>&#160;<span class="comment"> *  distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT</span></div><div class="line"><a name="l00029"></a><span class="lineno">   29</span>&#160;<span class="comment"> *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></div><div class="line"><a name="l00030"></a><span class="lineno">   30</span>&#160;<span class="comment"> *  See the License for the specific language governing permissions and</span></div><div class="line"><a name="l00031"></a><span class="lineno">   31</span>&#160;<span class="comment"> *  limitations under the License.</span></div><div class="line"><a name="l00032"></a><span class="lineno">   32</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00033"></a><span class="lineno">   33</span>&#160;<span class="comment"> *  This file is part of mbed TLS (https://tls.mbed.org)</span></div><div class="line"><a name="l00034"></a><span class="lineno">   34</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00035"></a><span class="lineno">   35</span>&#160;</div><div class="line"><a name="l00036"></a><span class="lineno">   36</span>&#160;<span class="preprocessor">#ifndef PSA_CRYPTO_ENUM_H</span></div><div class="line"><a name="l00037"></a><span class="lineno">   37</span>&#160;<span class="preprocessor">#define PSA_CRYPTO_ENUM_H</span></div><div class="line"><a name="l00038"></a><span class="lineno">   38</span>&#160;</div><div class="line"><a name="l00039"></a><span class="lineno">   39</span>&#160;<span class="preprocessor">#include &lt;stdint.h&gt;</span></div><div class="line"><a name="l00040"></a><span class="lineno">   40</span>&#160;</div><div class="line"><a name="l00045"></a><span class="lineno">   45</span>&#160;<span class="preprocessor">#if defined(PSA_SUCCESS)</span></div><div class="line"><a name="l00046"></a><span class="lineno">   46</span>&#160;<span class="comment">/* If PSA_SUCCESS is defined, assume that PSA crypto is being used</span></div><div class="line"><a name="l00047"></a><span class="lineno">   47</span>&#160;<span class="comment"> * together with PSA IPC, which also defines the identifier</span></div><div class="line"><a name="l00048"></a><span class="lineno">   48</span>&#160;<span class="comment"> * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case;</span></div><div class="line"><a name="l00049"></a><span class="lineno">   49</span>&#160;<span class="comment"> * the other error code names don&#39;t clash. Also define psa_status_t as</span></div><div class="line"><a name="l00050"></a><span class="lineno">   50</span>&#160;<span class="comment"> * an alias for the type used by PSA IPC. This is a temporary hack</span></div><div class="line"><a name="l00051"></a><span class="lineno">   51</span>&#160;<span class="comment"> * until we unify error reporting in PSA IPC and PSA crypto.</span></div><div class="line"><a name="l00052"></a><span class="lineno">   52</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00053"></a><span class="lineno">   53</span>&#160;<span class="comment"> * Note that psa_defs.h must be included before this header!</span></div><div class="line"><a name="l00054"></a><span class="lineno">   54</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00055"></a><span class="lineno">   55</span>&#160;<span class="keyword">typedef</span> psa_error_t <a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>;</div><div class="line"><a name="l00056"></a><span class="lineno">   56</span>&#160;</div><div class="line"><a name="l00057"></a><span class="lineno">   57</span>&#160;<span class="preprocessor">#else </span><span class="comment">/* defined(PSA_SUCCESS) */</span><span class="preprocessor"></span></div><div class="line"><a name="l00058"></a><span class="lineno">   58</span>&#160;</div><div class="line"><a name="l00066"></a><span class="lineno"><a class="line" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">   66</a></span>&#160;<span class="keyword">typedef</span> int32_t <a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>;</div><div class="line"><a name="l00067"></a><span class="lineno">   67</span>&#160;</div><div class="line"><a name="l00069"></a><span class="lineno"><a class="line" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">   69</a></span>&#160;<span class="preprocessor">#define PSA_SUCCESS ((psa_status_t)0)</span></div><div class="line"><a name="l00070"></a><span class="lineno">   70</span>&#160;</div><div class="line"><a name="l00071"></a><span class="lineno">   71</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* !defined(PSA_SUCCESS) */</span><span class="preprocessor"></span></div><div class="line"><a name="l00072"></a><span class="lineno">   72</span>&#160;</div><div class="line"><a name="l00078"></a><span class="lineno"><a class="line" href="group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f">   78</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_UNKNOWN_ERROR         ((psa_status_t)1)</span></div><div class="line"><a name="l00079"></a><span class="lineno">   79</span>&#160;</div><div class="line"><a name="l00087"></a><span class="lineno"><a class="line" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">   87</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_NOT_SUPPORTED         ((psa_status_t)2)</span></div><div class="line"><a name="l00088"></a><span class="lineno">   88</span>&#160;</div><div class="line"><a name="l00100"></a><span class="lineno"><a class="line" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">  100</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_NOT_PERMITTED         ((psa_status_t)3)</span></div><div class="line"><a name="l00101"></a><span class="lineno">  101</span>&#160;</div><div class="line"><a name="l00112"></a><span class="lineno"><a class="line" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">  112</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_BUFFER_TOO_SMALL      ((psa_status_t)4)</span></div><div class="line"><a name="l00113"></a><span class="lineno">  113</span>&#160;</div><div class="line"><a name="l00120"></a><span class="lineno"><a class="line" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">  120</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_OCCUPIED_SLOT         ((psa_status_t)5)</span></div><div class="line"><a name="l00121"></a><span class="lineno">  121</span>&#160;</div><div class="line"><a name="l00128"></a><span class="lineno"><a class="line" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">  128</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_EMPTY_SLOT            ((psa_status_t)6)</span></div><div class="line"><a name="l00129"></a><span class="lineno">  129</span>&#160;</div><div class="line"><a name="l00140"></a><span class="lineno"><a class="line" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">  140</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_BAD_STATE             ((psa_status_t)7)</span></div><div class="line"><a name="l00141"></a><span class="lineno">  141</span>&#160;</div><div class="line"><a name="l00156"></a><span class="lineno"><a class="line" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">  156</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_ARGUMENT      ((psa_status_t)8)</span></div><div class="line"><a name="l00157"></a><span class="lineno">  157</span>&#160;</div><div class="line"><a name="l00162"></a><span class="lineno"><a class="line" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">  162</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_MEMORY   ((psa_status_t)9)</span></div><div class="line"><a name="l00163"></a><span class="lineno">  163</span>&#160;</div><div class="line"><a name="l00171"></a><span class="lineno"><a class="line" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">  171</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)10)</span></div><div class="line"><a name="l00172"></a><span class="lineno">  172</span>&#160;</div><div class="line"><a name="l00188"></a><span class="lineno"><a class="line" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">  188</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)</span></div><div class="line"><a name="l00189"></a><span class="lineno">  189</span>&#160;</div><div class="line"><a name="l00213"></a><span class="lineno"><a class="line" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">  213</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_STORAGE_FAILURE       ((psa_status_t)12)</span></div><div class="line"><a name="l00214"></a><span class="lineno">  214</span>&#160;</div><div class="line"><a name="l00219"></a><span class="lineno"><a class="line" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">  219</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_HARDWARE_FAILURE      ((psa_status_t)13)</span></div><div class="line"><a name="l00220"></a><span class="lineno">  220</span>&#160;</div><div class="line"><a name="l00250"></a><span class="lineno"><a class="line" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">  250</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_TAMPERING_DETECTED    ((psa_status_t)14)</span></div><div class="line"><a name="l00251"></a><span class="lineno">  251</span>&#160;</div><div class="line"><a name="l00269"></a><span class="lineno"><a class="line" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">  269</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)15)</span></div><div class="line"><a name="l00270"></a><span class="lineno">  270</span>&#160;</div><div class="line"><a name="l00279"></a><span class="lineno"><a class="line" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">  279</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)16)</span></div><div class="line"><a name="l00280"></a><span class="lineno">  280</span>&#160;</div><div class="line"><a name="l00295"></a><span class="lineno"><a class="line" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">  295</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_PADDING       ((psa_status_t)17)</span></div><div class="line"><a name="l00296"></a><span class="lineno">  296</span>&#160;</div><div class="line"><a name="l00301"></a><span class="lineno"><a class="line" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">  301</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)</span></div><div class="line"><a name="l00302"></a><span class="lineno">  302</span>&#160;</div><div class="line"><a name="l00305"></a><span class="lineno"><a class="line" href="group__error.html#gadf22718935657c2c3168c228204085f9">  305</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)19)</span></div><div class="line"><a name="l00306"></a><span class="lineno">  306</span>&#160;</div><div class="line"><a name="l00315"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">  315</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>;</div><div class="line"><a name="l00316"></a><span class="lineno">  316</span>&#160;</div><div class="line"><a name="l00321"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b">  321</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_NONE                       ((psa_key_type_t)0x00000000)</span></div><div class="line"><a name="l00322"></a><span class="lineno">  322</span>&#160;</div><div class="line"><a name="l00330"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">  330</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_VENDOR_FLAG                ((psa_key_type_t)0x80000000)</span></div><div class="line"><a name="l00331"></a><span class="lineno">  331</span>&#160;</div><div class="line"><a name="l00332"></a><span class="lineno">  332</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_MASK              ((psa_key_type_t)0x70000000)</span></div><div class="line"><a name="l00333"></a><span class="lineno">  333</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC         ((psa_key_type_t)0x40000000)</span></div><div class="line"><a name="l00334"></a><span class="lineno">  334</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_RAW               ((psa_key_type_t)0x50000000)</span></div><div class="line"><a name="l00335"></a><span class="lineno">  335</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY        ((psa_key_type_t)0x60000000)</span></div><div class="line"><a name="l00336"></a><span class="lineno">  336</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR          ((psa_key_type_t)0x70000000)</span></div><div class="line"><a name="l00337"></a><span class="lineno">  337</span>&#160;</div><div class="line"><a name="l00338"></a><span class="lineno">  338</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR         ((psa_key_type_t)0x10000000)</span></div><div class="line"><a name="l00339"></a><span class="lineno">  339</span>&#160;</div><div class="line"><a name="l00341"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3">  341</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \</span></div><div class="line"><a name="l00342"></a><span class="lineno">  342</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_VENDOR_FLAG) != 0)</span></div><div class="line"><a name="l00343"></a><span class="lineno">  343</span>&#160;</div><div class="line"><a name="l00348"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">  348</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \</span></div><div class="line"><a name="l00349"></a><span class="lineno">  349</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK &amp; ~(psa_key_type_t)0x10000000) == \</span></div><div class="line"><a name="l00350"></a><span class="lineno">  350</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_CATEGORY_SYMMETRIC)</span></div><div class="line"><a name="l00351"></a><span class="lineno">  351</span>&#160;</div><div class="line"><a name="l00353"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">  353</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ASYMMETRIC(type)                                \</span></div><div class="line"><a name="l00354"></a><span class="lineno">  354</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK                               \</span></div><div class="line"><a name="l00355"></a><span class="lineno">  355</span>&#160;<span class="preprocessor">      &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) ==                            \</span></div><div class="line"><a name="l00356"></a><span class="lineno">  356</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span></div><div class="line"><a name="l00357"></a><span class="lineno">  357</span>&#160;</div><div class="line"><a name="l00358"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">  358</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type)                                \</span></div><div class="line"><a name="l00359"></a><span class="lineno">  359</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span></div><div class="line"><a name="l00360"></a><span class="lineno">  360</span>&#160;</div><div class="line"><a name="l00362"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29">  362</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_KEYPAIR(type)                                   \</span></div><div class="line"><a name="l00363"></a><span class="lineno">  363</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</span></div><div class="line"><a name="l00364"></a><span class="lineno">  364</span>&#160;</div><div class="line"><a name="l00374"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d">  374</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY(type)        \</span></div><div class="line"><a name="l00375"></a><span class="lineno">  375</span>&#160;<span class="preprocessor">    ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span></div><div class="line"><a name="l00376"></a><span class="lineno">  376</span>&#160;</div><div class="line"><a name="l00386"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">  386</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type)        \</span></div><div class="line"><a name="l00387"></a><span class="lineno">  387</span>&#160;<span class="preprocessor">    ((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span></div><div class="line"><a name="l00388"></a><span class="lineno">  388</span>&#160;</div><div class="line"><a name="l00393"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa97f92025533102616b32d571c940d80">  393</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_RAW_DATA                   ((psa_key_type_t)0x50000001)</span></div><div class="line"><a name="l00394"></a><span class="lineno">  394</span>&#160;</div><div class="line"><a name="l00403"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8">  403</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_HMAC                       ((psa_key_type_t)0x51000000)</span></div><div class="line"><a name="l00404"></a><span class="lineno">  404</span>&#160;</div><div class="line"><a name="l00410"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">  410</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DERIVE                     ((psa_key_type_t)0x52000000)</span></div><div class="line"><a name="l00411"></a><span class="lineno">  411</span>&#160;</div><div class="line"><a name="l00417"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">  417</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_AES                        ((psa_key_type_t)0x40000001)</span></div><div class="line"><a name="l00418"></a><span class="lineno">  418</span>&#160;</div><div class="line"><a name="l00428"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">  428</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DES                        ((psa_key_type_t)0x40000002)</span></div><div class="line"><a name="l00429"></a><span class="lineno">  429</span>&#160;</div><div class="line"><a name="l00432"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">  432</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CAMELLIA                   ((psa_key_type_t)0x40000003)</span></div><div class="line"><a name="l00433"></a><span class="lineno">  433</span>&#160;</div><div class="line"><a name="l00438"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">  438</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ARC4                       ((psa_key_type_t)0x40000004)</span></div><div class="line"><a name="l00439"></a><span class="lineno">  439</span>&#160;</div><div class="line"><a name="l00441"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">  441</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_RSA_PUBLIC_KEY             ((psa_key_type_t)0x60010000)</span></div><div class="line"><a name="l00442"></a><span class="lineno">  442</span>&#160;</div><div class="line"><a name="l00443"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">  443</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_RSA_KEYPAIR                ((psa_key_type_t)0x70010000)</span></div><div class="line"><a name="l00444"></a><span class="lineno">  444</span>&#160;</div><div class="line"><a name="l00445"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">  445</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_RSA(type)                                       \</span></div><div class="line"><a name="l00446"></a><span class="lineno">  446</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)</span></div><div class="line"><a name="l00447"></a><span class="lineno">  447</span>&#160;</div><div class="line"><a name="l00449"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">  449</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DSA_PUBLIC_KEY             ((psa_key_type_t)0x60020000)</span></div><div class="line"><a name="l00450"></a><span class="lineno">  450</span>&#160;</div><div class="line"><a name="l00451"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">  451</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DSA_KEYPAIR                ((psa_key_type_t)0x70020000)</span></div><div class="line"><a name="l00452"></a><span class="lineno">  452</span>&#160;</div><div class="line"><a name="l00453"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1">  453</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_DSA(type)                                       \</span></div><div class="line"><a name="l00454"></a><span class="lineno">  454</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)</span></div><div class="line"><a name="l00455"></a><span class="lineno">  455</span>&#160;</div><div class="line"><a name="l00456"></a><span class="lineno">  456</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE        ((psa_key_type_t)0x60030000)</span></div><div class="line"><a name="l00457"></a><span class="lineno">  457</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE           ((psa_key_type_t)0x70030000)</span></div><div class="line"><a name="l00458"></a><span class="lineno">  458</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_CURVE_MASK             ((psa_key_type_t)0x0000ffff)</span></div><div class="line"><a name="l00459"></a><span class="lineno">  459</span>&#160;</div><div class="line"><a name="l00460"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af">  460</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_KEYPAIR(curve)         \</span></div><div class="line"><a name="l00461"></a><span class="lineno">  461</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))</span></div><div class="line"><a name="l00462"></a><span class="lineno">  462</span>&#160;</div><div class="line"><a name="l00463"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2">  463</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)              \</span></div><div class="line"><a name="l00464"></a><span class="lineno">  464</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</span></div><div class="line"><a name="l00465"></a><span class="lineno">  465</span>&#160;</div><div class="line"><a name="l00467"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">  467</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ECC(type)                                       \</span></div><div class="line"><a name="l00468"></a><span class="lineno">  468</span>&#160;<span class="preprocessor">    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) &amp;                        \</span></div><div class="line"><a name="l00469"></a><span class="lineno">  469</span>&#160;<span class="preprocessor">      ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span></div><div class="line"><a name="l00470"></a><span class="lineno">  470</span>&#160;</div><div class="line"><a name="l00471"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">  471</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type)                               \</span></div><div class="line"><a name="l00472"></a><span class="lineno">  472</span>&#160;<span class="preprocessor">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \</span></div><div class="line"><a name="l00473"></a><span class="lineno">  473</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_ECC_KEYPAIR_BASE)</span></div><div class="line"><a name="l00474"></a><span class="lineno">  474</span>&#160;</div><div class="line"><a name="l00475"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">  475</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)                            \</span></div><div class="line"><a name="l00476"></a><span class="lineno">  476</span>&#160;<span class="preprocessor">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \</span></div><div class="line"><a name="l00477"></a><span class="lineno">  477</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span></div><div class="line"><a name="l00478"></a><span class="lineno">  478</span>&#160;</div><div class="line"><a name="l00480"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">  480</a></span>&#160;<span class="keyword">typedef</span> uint16_t <a class="code" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>;</div><div class="line"><a name="l00482"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9">  482</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_GET_CURVE(type)                             \</span></div><div class="line"><a name="l00483"></a><span class="lineno">  483</span>&#160;<span class="preprocessor">    ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ?              \</span></div><div class="line"><a name="l00484"></a><span class="lineno">  484</span>&#160;<span class="preprocessor">                        ((type) &amp; PSA_KEY_TYPE_ECC_CURVE_MASK) : \</span></div><div class="line"><a name="l00485"></a><span class="lineno">  485</span>&#160;<span class="preprocessor">                        0))</span></div><div class="line"><a name="l00486"></a><span class="lineno">  486</span>&#160;</div><div class="line"><a name="l00487"></a><span class="lineno">  487</span>&#160;<span class="comment">/* The encoding of curve identifiers is currently aligned with the</span></div><div class="line"><a name="l00488"></a><span class="lineno">  488</span>&#160;<span class="comment"> * TLS Supported Groups Registry (formerly known as the</span></div><div class="line"><a name="l00489"></a><span class="lineno">  489</span>&#160;<span class="comment"> * TLS EC Named Curve Registry)</span></div><div class="line"><a name="l00490"></a><span class="lineno">  490</span>&#160;<span class="comment"> * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8</span></div><div class="line"><a name="l00491"></a><span class="lineno">  491</span>&#160;<span class="comment"> * The values are defined by RFC 8422 and RFC 7027. */</span></div><div class="line"><a name="l00492"></a><span class="lineno">  492</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT163K1         ((psa_ecc_curve_t) 0x0001)</span></div><div class="line"><a name="l00493"></a><span class="lineno">  493</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT163R1         ((psa_ecc_curve_t) 0x0002)</span></div><div class="line"><a name="l00494"></a><span class="lineno">  494</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT163R2         ((psa_ecc_curve_t) 0x0003)</span></div><div class="line"><a name="l00495"></a><span class="lineno">  495</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT193R1         ((psa_ecc_curve_t) 0x0004)</span></div><div class="line"><a name="l00496"></a><span class="lineno">  496</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT193R2         ((psa_ecc_curve_t) 0x0005)</span></div><div class="line"><a name="l00497"></a><span class="lineno">  497</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT233K1         ((psa_ecc_curve_t) 0x0006)</span></div><div class="line"><a name="l00498"></a><span class="lineno">  498</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT233R1         ((psa_ecc_curve_t) 0x0007)</span></div><div class="line"><a name="l00499"></a><span class="lineno">  499</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT239K1         ((psa_ecc_curve_t) 0x0008)</span></div><div class="line"><a name="l00500"></a><span class="lineno">  500</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT283K1         ((psa_ecc_curve_t) 0x0009)</span></div><div class="line"><a name="l00501"></a><span class="lineno">  501</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT283R1         ((psa_ecc_curve_t) 0x000a)</span></div><div class="line"><a name="l00502"></a><span class="lineno">  502</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT409K1         ((psa_ecc_curve_t) 0x000b)</span></div><div class="line"><a name="l00503"></a><span class="lineno">  503</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT409R1         ((psa_ecc_curve_t) 0x000c)</span></div><div class="line"><a name="l00504"></a><span class="lineno">  504</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT571K1         ((psa_ecc_curve_t) 0x000d)</span></div><div class="line"><a name="l00505"></a><span class="lineno">  505</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT571R1         ((psa_ecc_curve_t) 0x000e)</span></div><div class="line"><a name="l00506"></a><span class="lineno">  506</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP160K1         ((psa_ecc_curve_t) 0x000f)</span></div><div class="line"><a name="l00507"></a><span class="lineno">  507</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP160R1         ((psa_ecc_curve_t) 0x0010)</span></div><div class="line"><a name="l00508"></a><span class="lineno">  508</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP160R2         ((psa_ecc_curve_t) 0x0011)</span></div><div class="line"><a name="l00509"></a><span class="lineno">  509</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP192K1         ((psa_ecc_curve_t) 0x0012)</span></div><div class="line"><a name="l00510"></a><span class="lineno">  510</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP192R1         ((psa_ecc_curve_t) 0x0013)</span></div><div class="line"><a name="l00511"></a><span class="lineno">  511</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP224K1         ((psa_ecc_curve_t) 0x0014)</span></div><div class="line"><a name="l00512"></a><span class="lineno">  512</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP224R1         ((psa_ecc_curve_t) 0x0015)</span></div><div class="line"><a name="l00513"></a><span class="lineno">  513</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP256K1         ((psa_ecc_curve_t) 0x0016)</span></div><div class="line"><a name="l00514"></a><span class="lineno">  514</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP256R1         ((psa_ecc_curve_t) 0x0017)</span></div><div class="line"><a name="l00515"></a><span class="lineno">  515</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP384R1         ((psa_ecc_curve_t) 0x0018)</span></div><div class="line"><a name="l00516"></a><span class="lineno">  516</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP521R1         ((psa_ecc_curve_t) 0x0019)</span></div><div class="line"><a name="l00517"></a><span class="lineno">  517</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_BRAINPOOL_P256R1  ((psa_ecc_curve_t) 0x001a)</span></div><div class="line"><a name="l00518"></a><span class="lineno">  518</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_BRAINPOOL_P384R1  ((psa_ecc_curve_t) 0x001b)</span></div><div class="line"><a name="l00519"></a><span class="lineno">  519</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_BRAINPOOL_P512R1  ((psa_ecc_curve_t) 0x001c)</span></div><div class="line"><a name="l00520"></a><span class="lineno">  520</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_CURVE25519        ((psa_ecc_curve_t) 0x001d)</span></div><div class="line"><a name="l00521"></a><span class="lineno">  521</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_CURVE448          ((psa_ecc_curve_t) 0x001e)</span></div><div class="line"><a name="l00522"></a><span class="lineno">  522</span>&#160;</div><div class="line"><a name="l00541"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">  541</a></span>&#160;<span class="preprocessor">#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type)            \</span></div><div class="line"><a name="l00542"></a><span class="lineno">  542</span>&#160;<span class="preprocessor">    (                                                \</span></div><div class="line"><a name="l00543"></a><span class="lineno">  543</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_AES ? 16 :            \</span></div><div class="line"><a name="l00544"></a><span class="lineno">  544</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_DES ? 8 :             \</span></div><div class="line"><a name="l00545"></a><span class="lineno">  545</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_CAMELLIA ? 16 :       \</span></div><div class="line"><a name="l00546"></a><span class="lineno">  546</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_ARC4 ? 1 :            \</span></div><div class="line"><a name="l00547"></a><span class="lineno">  547</span>&#160;<span class="preprocessor">        0)</span></div><div class="line"><a name="l00548"></a><span class="lineno">  548</span>&#160;</div><div class="line"><a name="l00557"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">  557</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>;</div><div class="line"><a name="l00558"></a><span class="lineno">  558</span>&#160;</div><div class="line"><a name="l00559"></a><span class="lineno">  559</span>&#160;<span class="preprocessor">#define PSA_ALG_VENDOR_FLAG                     ((psa_algorithm_t)0x80000000)</span></div><div class="line"><a name="l00560"></a><span class="lineno">  560</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_MASK                   ((psa_algorithm_t)0x7f000000)</span></div><div class="line"><a name="l00561"></a><span class="lineno">  561</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_HASH                   ((psa_algorithm_t)0x01000000)</span></div><div class="line"><a name="l00562"></a><span class="lineno">  562</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_MAC                    ((psa_algorithm_t)0x02000000)</span></div><div class="line"><a name="l00563"></a><span class="lineno">  563</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_CIPHER                 ((psa_algorithm_t)0x04000000)</span></div><div class="line"><a name="l00564"></a><span class="lineno">  564</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_AEAD                   ((psa_algorithm_t)0x06000000)</span></div><div class="line"><a name="l00565"></a><span class="lineno">  565</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_SIGN                   ((psa_algorithm_t)0x10000000)</span></div><div class="line"><a name="l00566"></a><span class="lineno">  566</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION  ((psa_algorithm_t)0x12000000)</span></div><div class="line"><a name="l00567"></a><span class="lineno">  567</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_KEY_AGREEMENT          ((psa_algorithm_t)0x22000000)</span></div><div class="line"><a name="l00568"></a><span class="lineno">  568</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_KEY_DERIVATION         ((psa_algorithm_t)0x30000000)</span></div><div class="line"><a name="l00569"></a><span class="lineno">  569</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_KEY_SELECTION          ((psa_algorithm_t)0x31000000)</span></div><div class="line"><a name="l00570"></a><span class="lineno">  570</span>&#160;</div><div class="line"><a name="l00571"></a><span class="lineno">  571</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_VENDOR_DEFINED(alg)                                  \</span></div><div class="line"><a name="l00572"></a><span class="lineno">  572</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_VENDOR_FLAG) != 0)</span></div><div class="line"><a name="l00573"></a><span class="lineno">  573</span>&#160;</div><div class="line"><a name="l00582"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">  582</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_HASH(alg)                                            \</span></div><div class="line"><a name="l00583"></a><span class="lineno">  583</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</span></div><div class="line"><a name="l00584"></a><span class="lineno">  584</span>&#160;</div><div class="line"><a name="l00593"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">  593</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_MAC(alg)                                             \</span></div><div class="line"><a name="l00594"></a><span class="lineno">  594</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</span></div><div class="line"><a name="l00595"></a><span class="lineno">  595</span>&#160;</div><div class="line"><a name="l00604"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">  604</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_CIPHER(alg)                                          \</span></div><div class="line"><a name="l00605"></a><span class="lineno">  605</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</span></div><div class="line"><a name="l00606"></a><span class="lineno">  606</span>&#160;</div><div class="line"><a name="l00616"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">  616</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_AEAD(alg)                                            \</span></div><div class="line"><a name="l00617"></a><span class="lineno">  617</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</span></div><div class="line"><a name="l00618"></a><span class="lineno">  618</span>&#160;</div><div class="line"><a name="l00627"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">  627</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_SIGN(alg)                                            \</span></div><div class="line"><a name="l00628"></a><span class="lineno">  628</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</span></div><div class="line"><a name="l00629"></a><span class="lineno">  629</span>&#160;</div><div class="line"><a name="l00638"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a">  638</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)                           \</span></div><div class="line"><a name="l00639"></a><span class="lineno">  639</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</span></div><div class="line"><a name="l00640"></a><span class="lineno">  640</span>&#160;</div><div class="line"><a name="l00641"></a><span class="lineno">  641</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_SELECTION_FLAG              ((psa_algorithm_t)0x01000000)</span></div><div class="line"><a name="l00642"></a><span class="lineno">  642</span>&#160;</div><div class="line"><a name="l00650"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">  650</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_KEY_AGREEMENT(alg)                                   \</span></div><div class="line"><a name="l00651"></a><span class="lineno">  651</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK &amp; ~PSA_ALG_KEY_SELECTION_FLAG) ==   \</span></div><div class="line"><a name="l00652"></a><span class="lineno">  652</span>&#160;<span class="preprocessor">     PSA_ALG_CATEGORY_KEY_AGREEMENT)</span></div><div class="line"><a name="l00653"></a><span class="lineno">  653</span>&#160;</div><div class="line"><a name="l00662"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">  662</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_KEY_DERIVATION(alg)                                  \</span></div><div class="line"><a name="l00663"></a><span class="lineno">  663</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</span></div><div class="line"><a name="l00664"></a><span class="lineno">  664</span>&#160;</div><div class="line"><a name="l00673"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga51b1834ee5e98c6a83c2cfc7699f9077">  673</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_KEY_SELECTION(alg)                                   \</span></div><div class="line"><a name="l00674"></a><span class="lineno">  674</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_SELECTION)</span></div><div class="line"><a name="l00675"></a><span class="lineno">  675</span>&#160;</div><div class="line"><a name="l00676"></a><span class="lineno">  676</span>&#160;<span class="preprocessor">#define PSA_ALG_HASH_MASK                       ((psa_algorithm_t)0x000000ff)</span></div><div class="line"><a name="l00677"></a><span class="lineno">  677</span>&#160;<span class="preprocessor">#define PSA_ALG_MD2                             ((psa_algorithm_t)0x01000001)</span></div><div class="line"><a name="l00678"></a><span class="lineno">  678</span>&#160;<span class="preprocessor">#define PSA_ALG_MD4                             ((psa_algorithm_t)0x01000002)</span></div><div class="line"><a name="l00679"></a><span class="lineno">  679</span>&#160;<span class="preprocessor">#define PSA_ALG_MD5                             ((psa_algorithm_t)0x01000003)</span></div><div class="line"><a name="l00680"></a><span class="lineno">  680</span>&#160;<span class="preprocessor">#define PSA_ALG_RIPEMD160                       ((psa_algorithm_t)0x01000004)</span></div><div class="line"><a name="l00681"></a><span class="lineno">  681</span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_1                           ((psa_algorithm_t)0x01000005)</span></div><div class="line"><a name="l00682"></a><span class="lineno">  682</span>&#160;</div><div class="line"><a name="l00683"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">  683</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_224                         ((psa_algorithm_t)0x01000008)</span></div><div class="line"><a name="l00684"></a><span class="lineno">  684</span>&#160;</div><div class="line"><a name="l00685"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">  685</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_256                         ((psa_algorithm_t)0x01000009)</span></div><div class="line"><a name="l00686"></a><span class="lineno">  686</span>&#160;</div><div class="line"><a name="l00687"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">  687</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_384                         ((psa_algorithm_t)0x0100000a)</span></div><div class="line"><a name="l00688"></a><span class="lineno">  688</span>&#160;</div><div class="line"><a name="l00689"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">  689</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_512                         ((psa_algorithm_t)0x0100000b)</span></div><div class="line"><a name="l00690"></a><span class="lineno">  690</span>&#160;</div><div class="line"><a name="l00691"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">  691</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_512_224                     ((psa_algorithm_t)0x0100000c)</span></div><div class="line"><a name="l00692"></a><span class="lineno">  692</span>&#160;</div><div class="line"><a name="l00693"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">  693</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_512_256                     ((psa_algorithm_t)0x0100000d)</span></div><div class="line"><a name="l00694"></a><span class="lineno">  694</span>&#160;</div><div class="line"><a name="l00695"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">  695</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_224                        ((psa_algorithm_t)0x01000010)</span></div><div class="line"><a name="l00696"></a><span class="lineno">  696</span>&#160;</div><div class="line"><a name="l00697"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">  697</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_256                        ((psa_algorithm_t)0x01000011)</span></div><div class="line"><a name="l00698"></a><span class="lineno">  698</span>&#160;</div><div class="line"><a name="l00699"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">  699</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_384                        ((psa_algorithm_t)0x01000012)</span></div><div class="line"><a name="l00700"></a><span class="lineno">  700</span>&#160;</div><div class="line"><a name="l00701"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">  701</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_512                        ((psa_algorithm_t)0x01000013)</span></div><div class="line"><a name="l00702"></a><span class="lineno">  702</span>&#160;</div><div class="line"><a name="l00703"></a><span class="lineno">  703</span>&#160;<span class="preprocessor">#define PSA_ALG_MAC_SUBCATEGORY_MASK            ((psa_algorithm_t)0x00c00000)</span></div><div class="line"><a name="l00704"></a><span class="lineno">  704</span>&#160;<span class="preprocessor">#define PSA_ALG_HMAC_BASE                       ((psa_algorithm_t)0x02800000)</span></div><div class="line"><a name="l00705"></a><span class="lineno">  705</span>&#160;</div><div class="line"><a name="l00716"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">  716</a></span>&#160;<span class="preprocessor">#define PSA_ALG_HMAC(hash_alg)                                  \</span></div><div class="line"><a name="l00717"></a><span class="lineno">  717</span>&#160;<span class="preprocessor">    (PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00718"></a><span class="lineno">  718</span>&#160;</div><div class="line"><a name="l00719"></a><span class="lineno">  719</span>&#160;<span class="preprocessor">#define PSA_ALG_HMAC_GET_HASH(hmac_alg)                             \</span></div><div class="line"><a name="l00720"></a><span class="lineno">  720</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hmac_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00721"></a><span class="lineno">  721</span>&#160;</div><div class="line"><a name="l00732"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">  732</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_HMAC(alg)                                            \</span></div><div class="line"><a name="l00733"></a><span class="lineno">  733</span>&#160;<span class="preprocessor">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \</span></div><div class="line"><a name="l00734"></a><span class="lineno">  734</span>&#160;<span class="preprocessor">     PSA_ALG_HMAC_BASE)</span></div><div class="line"><a name="l00735"></a><span class="lineno">  735</span>&#160;</div><div class="line"><a name="l00736"></a><span class="lineno">  736</span>&#160;<span class="comment">/* In the encoding of a MAC algorithm, the bits corresponding to</span></div><div class="line"><a name="l00737"></a><span class="lineno">  737</span>&#160;<span class="comment"> * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is</span></div><div class="line"><a name="l00738"></a><span class="lineno">  738</span>&#160;<span class="comment"> * truncated. As an exception, the value 0 means the untruncated algorithm,</span></div><div class="line"><a name="l00739"></a><span class="lineno">  739</span>&#160;<span class="comment"> * whatever its length is. The length is encoded in 6 bits, so it can</span></div><div class="line"><a name="l00740"></a><span class="lineno">  740</span>&#160;<span class="comment"> * reach up to 63; the largest MAC is 64 bytes so its trivial truncation</span></div><div class="line"><a name="l00741"></a><span class="lineno">  741</span>&#160;<span class="comment"> * to full length is correctly encoded as 0 and any non-trivial truncation</span></div><div class="line"><a name="l00742"></a><span class="lineno">  742</span>&#160;<span class="comment"> * is correctly encoded as a value between 1 and 63. */</span></div><div class="line"><a name="l00743"></a><span class="lineno">  743</span>&#160;<span class="preprocessor">#define PSA_ALG_MAC_TRUNCATION_MASK             ((psa_algorithm_t)0x00003f00)</span></div><div class="line"><a name="l00744"></a><span class="lineno">  744</span>&#160;<span class="preprocessor">#define PSA_MAC_TRUNCATION_OFFSET 8</span></div><div class="line"><a name="l00745"></a><span class="lineno">  745</span>&#160;</div><div class="line"><a name="l00779"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276">  779</a></span>&#160;<span class="preprocessor">#define PSA_ALG_TRUNCATED_MAC(alg, mac_length)                          \</span></div><div class="line"><a name="l00780"></a><span class="lineno">  780</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK) |                           \</span></div><div class="line"><a name="l00781"></a><span class="lineno">  781</span>&#160;<span class="preprocessor">     ((mac_length) &lt;&lt; PSA_MAC_TRUNCATION_OFFSET &amp; PSA_ALG_MAC_TRUNCATION_MASK))</span></div><div class="line"><a name="l00782"></a><span class="lineno">  782</span>&#160;</div><div class="line"><a name="l00795"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1">  795</a></span>&#160;<span class="preprocessor">#define PSA_ALG_FULL_LENGTH_MAC(alg)            \</span></div><div class="line"><a name="l00796"></a><span class="lineno">  796</span>&#160;<span class="preprocessor">    ((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</span></div><div class="line"><a name="l00797"></a><span class="lineno">  797</span>&#160;</div><div class="line"><a name="l00809"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">  809</a></span>&#160;<span class="preprocessor">#define PSA_MAC_TRUNCATED_LENGTH(alg)           \</span></div><div class="line"><a name="l00810"></a><span class="lineno">  810</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</span></div><div class="line"><a name="l00811"></a><span class="lineno">  811</span>&#160;</div><div class="line"><a name="l00812"></a><span class="lineno">  812</span>&#160;<span class="preprocessor">#define PSA_ALG_CIPHER_MAC_BASE                 ((psa_algorithm_t)0x02c00000)</span></div><div class="line"><a name="l00813"></a><span class="lineno">  813</span>&#160;<span class="preprocessor">#define PSA_ALG_CBC_MAC                         ((psa_algorithm_t)0x02c00001)</span></div><div class="line"><a name="l00814"></a><span class="lineno">  814</span>&#160;<span class="preprocessor">#define PSA_ALG_CMAC                            ((psa_algorithm_t)0x02c00002)</span></div><div class="line"><a name="l00815"></a><span class="lineno">  815</span>&#160;<span class="preprocessor">#define PSA_ALG_GMAC                            ((psa_algorithm_t)0x02c00003)</span></div><div class="line"><a name="l00816"></a><span class="lineno">  816</span>&#160;</div><div class="line"><a name="l00825"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">  825</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg)                                \</span></div><div class="line"><a name="l00826"></a><span class="lineno">  826</span>&#160;<span class="preprocessor">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \</span></div><div class="line"><a name="l00827"></a><span class="lineno">  827</span>&#160;<span class="preprocessor">     PSA_ALG_CIPHER_MAC_BASE)</span></div><div class="line"><a name="l00828"></a><span class="lineno">  828</span>&#160;</div><div class="line"><a name="l00829"></a><span class="lineno">  829</span>&#160;<span class="preprocessor">#define PSA_ALG_CIPHER_STREAM_FLAG              ((psa_algorithm_t)0x00800000)</span></div><div class="line"><a name="l00830"></a><span class="lineno">  830</span>&#160;<span class="preprocessor">#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG          ((psa_algorithm_t)0x00400000)</span></div><div class="line"><a name="l00831"></a><span class="lineno">  831</span>&#160;</div><div class="line"><a name="l00844"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0">  844</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_STREAM_CIPHER(alg)            \</span></div><div class="line"><a name="l00845"></a><span class="lineno">  845</span>&#160;<span class="preprocessor">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \</span></div><div class="line"><a name="l00846"></a><span class="lineno">  846</span>&#160;<span class="preprocessor">        (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))</span></div><div class="line"><a name="l00847"></a><span class="lineno">  847</span>&#160;</div><div class="line"><a name="l00850"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e">  850</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ARC4                            ((psa_algorithm_t)0x04800001)</span></div><div class="line"><a name="l00851"></a><span class="lineno">  851</span>&#160;</div><div class="line"><a name="l00859"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">  859</a></span>&#160;<span class="preprocessor">#define PSA_ALG_CTR                             ((psa_algorithm_t)0x04c00001)</span></div><div class="line"><a name="l00860"></a><span class="lineno">  860</span>&#160;</div><div class="line"><a name="l00861"></a><span class="lineno">  861</span>&#160;<span class="preprocessor">#define PSA_ALG_CFB                             ((psa_algorithm_t)0x04c00002)</span></div><div class="line"><a name="l00862"></a><span class="lineno">  862</span>&#160;</div><div class="line"><a name="l00863"></a><span class="lineno">  863</span>&#160;<span class="preprocessor">#define PSA_ALG_OFB                             ((psa_algorithm_t)0x04c00003)</span></div><div class="line"><a name="l00864"></a><span class="lineno">  864</span>&#160;</div><div class="line"><a name="l00871"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125">  871</a></span>&#160;<span class="preprocessor">#define PSA_ALG_XTS                             ((psa_algorithm_t)0x044000ff)</span></div><div class="line"><a name="l00872"></a><span class="lineno">  872</span>&#160;</div><div class="line"><a name="l00880"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66">  880</a></span>&#160;<span class="preprocessor">#define PSA_ALG_CBC_NO_PADDING                  ((psa_algorithm_t)0x04600100)</span></div><div class="line"><a name="l00881"></a><span class="lineno">  881</span>&#160;</div><div class="line"><a name="l00888"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c">  888</a></span>&#160;<span class="preprocessor">#define PSA_ALG_CBC_PKCS7                       ((psa_algorithm_t)0x04600101)</span></div><div class="line"><a name="l00889"></a><span class="lineno">  889</span>&#160;</div><div class="line"><a name="l00890"></a><span class="lineno">  890</span>&#160;<span class="preprocessor">#define PSA_ALG_CCM                             ((psa_algorithm_t)0x06001001)</span></div><div class="line"><a name="l00891"></a><span class="lineno">  891</span>&#160;<span class="preprocessor">#define PSA_ALG_GCM                             ((psa_algorithm_t)0x06001002)</span></div><div class="line"><a name="l00892"></a><span class="lineno">  892</span>&#160;</div><div class="line"><a name="l00893"></a><span class="lineno">  893</span>&#160;<span class="comment">/* In the encoding of a AEAD algorithm, the bits corresponding to</span></div><div class="line"><a name="l00894"></a><span class="lineno">  894</span>&#160;<span class="comment"> * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.</span></div><div class="line"><a name="l00895"></a><span class="lineno">  895</span>&#160;<span class="comment"> * The constants for default lengths follow this encoding.</span></div><div class="line"><a name="l00896"></a><span class="lineno">  896</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00897"></a><span class="lineno">  897</span>&#160;<span class="preprocessor">#define PSA_ALG_AEAD_TAG_LENGTH_MASK            ((psa_algorithm_t)0x00003f00)</span></div><div class="line"><a name="l00898"></a><span class="lineno">  898</span>&#160;<span class="preprocessor">#define PSA_AEAD_TAG_LENGTH_OFFSET 8</span></div><div class="line"><a name="l00899"></a><span class="lineno">  899</span>&#160;</div><div class="line"><a name="l00918"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">  918</a></span>&#160;<span class="preprocessor">#define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length)                   \</span></div><div class="line"><a name="l00919"></a><span class="lineno">  919</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                          \</span></div><div class="line"><a name="l00920"></a><span class="lineno">  920</span>&#160;<span class="preprocessor">     ((tag_length) &lt;&lt; PSA_AEAD_TAG_LENGTH_OFFSET &amp;                      \</span></div><div class="line"><a name="l00921"></a><span class="lineno">  921</span>&#160;<span class="preprocessor">      PSA_ALG_AEAD_TAG_LENGTH_MASK))</span></div><div class="line"><a name="l00922"></a><span class="lineno">  922</span>&#160;</div><div class="line"><a name="l00931"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b">  931</a></span>&#160;<span class="preprocessor">#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg)                       \</span></div><div class="line"><a name="l00932"></a><span class="lineno">  932</span>&#160;<span class="preprocessor">    (                                                                   \</span></div><div class="line"><a name="l00933"></a><span class="lineno">  933</span>&#160;<span class="preprocessor">        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_CCM)   \</span></div><div class="line"><a name="l00934"></a><span class="lineno">  934</span>&#160;<span class="preprocessor">        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_GCM)   \</span></div><div class="line"><a name="l00935"></a><span class="lineno">  935</span>&#160;<span class="preprocessor">        0)</span></div><div class="line"><a name="l00936"></a><span class="lineno">  936</span>&#160;<span class="preprocessor">#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, ref) \</span></div><div class="line"><a name="l00937"></a><span class="lineno">  937</span>&#160;<span class="preprocessor">    PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, 0) == \</span></div><div class="line"><a name="l00938"></a><span class="lineno">  938</span>&#160;<span class="preprocessor">    PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ?  \</span></div><div class="line"><a name="l00939"></a><span class="lineno">  939</span>&#160;<span class="preprocessor">    ref :</span></div><div class="line"><a name="l00940"></a><span class="lineno">  940</span>&#160;</div><div class="line"><a name="l00941"></a><span class="lineno">  941</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE          ((psa_algorithm_t)0x10020000)</span></div><div class="line"><a name="l00942"></a><span class="lineno">  942</span>&#160;</div><div class="line"><a name="l00955"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">  955</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)                             \</span></div><div class="line"><a name="l00956"></a><span class="lineno">  956</span>&#160;<span class="preprocessor">    (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00957"></a><span class="lineno">  957</span>&#160;</div><div class="line"><a name="l00963"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817">  963</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></div><div class="line"><a name="l00964"></a><span class="lineno">  964</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)                               \</span></div><div class="line"><a name="l00965"></a><span class="lineno">  965</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)</span></div><div class="line"><a name="l00966"></a><span class="lineno">  966</span>&#160;</div><div class="line"><a name="l00967"></a><span class="lineno">  967</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PSS_BASE               ((psa_algorithm_t)0x10030000)</span></div><div class="line"><a name="l00968"></a><span class="lineno">  968</span>&#160;</div><div class="line"><a name="l00984"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">  984</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PSS(hash_alg)                               \</span></div><div class="line"><a name="l00985"></a><span class="lineno">  985</span>&#160;<span class="preprocessor">    (PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00986"></a><span class="lineno">  986</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RSA_PSS(alg)                                 \</span></div><div class="line"><a name="l00987"></a><span class="lineno">  987</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)</span></div><div class="line"><a name="l00988"></a><span class="lineno">  988</span>&#160;</div><div class="line"><a name="l00989"></a><span class="lineno">  989</span>&#160;<span class="preprocessor">#define PSA_ALG_DSA_BASE                        ((psa_algorithm_t)0x10040000)</span></div><div class="line"><a name="l00990"></a><span class="lineno">  990</span>&#160;</div><div class="line"><a name="l01002"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e"> 1002</a></span>&#160;<span class="preprocessor">#define PSA_ALG_DSA(hash_alg)                             \</span></div><div class="line"><a name="l01003"></a><span class="lineno"> 1003</span>&#160;<span class="preprocessor">    (PSA_ALG_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01004"></a><span class="lineno"> 1004</span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_DSA_BASE          ((psa_algorithm_t)0x10050000)</span></div><div class="line"><a name="l01005"></a><span class="lineno"> 1005</span>&#160;<span class="preprocessor">#define PSA_ALG_DSA_DETERMINISTIC_FLAG          ((psa_algorithm_t)0x00010000)</span></div><div class="line"><a name="l01006"></a><span class="lineno"> 1006</span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_DSA(hash_alg)                             \</span></div><div class="line"><a name="l01007"></a><span class="lineno"> 1007</span>&#160;<span class="preprocessor">    (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01008"></a><span class="lineno"> 1008</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_DSA(alg)                                             \</span></div><div class="line"><a name="l01009"></a><span class="lineno"> 1009</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \</span></div><div class="line"><a name="l01010"></a><span class="lineno"> 1010</span>&#160;<span class="preprocessor">     PSA_ALG_DSA_BASE)</span></div><div class="line"><a name="l01011"></a><span class="lineno"> 1011</span>&#160;<span class="preprocessor">#define PSA_ALG_DSA_IS_DETERMINISTIC(alg)               \</span></div><div class="line"><a name="l01012"></a><span class="lineno"> 1012</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</span></div><div class="line"><a name="l01013"></a><span class="lineno"> 1013</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_DETERMINISTIC_DSA(alg)                       \</span></div><div class="line"><a name="l01014"></a><span class="lineno"> 1014</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_DSA(alg) &amp;&amp; PSA_ALG_DSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01015"></a><span class="lineno"> 1015</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RANDOMIZED_DSA(alg)                          \</span></div><div class="line"><a name="l01016"></a><span class="lineno"> 1016</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_DSA(alg) &amp;&amp; !PSA_ALG_DSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01017"></a><span class="lineno"> 1017</span>&#160;</div><div class="line"><a name="l01018"></a><span class="lineno"> 1018</span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA_BASE                      ((psa_algorithm_t)0x10060000)</span></div><div class="line"><a name="l01019"></a><span class="lineno"> 1019</span>&#160;</div><div class="line"><a name="l01037"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3"> 1037</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA(hash_alg)                                 \</span></div><div class="line"><a name="l01038"></a><span class="lineno"> 1038</span>&#160;<span class="preprocessor">    (PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01039"></a><span class="lineno"> 1039</span>&#160;</div><div class="line"><a name="l01048"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4"> 1048</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE</span></div><div class="line"><a name="l01049"></a><span class="lineno"> 1049</span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_ECDSA_BASE        ((psa_algorithm_t)0x10070000)</span></div><div class="line"><a name="l01050"></a><span class="lineno"> 1050</span>&#160;</div><div class="line"><a name="l01070"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03"> 1070</a></span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)                           \</span></div><div class="line"><a name="l01071"></a><span class="lineno"> 1071</span>&#160;<span class="preprocessor">    (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01072"></a><span class="lineno"> 1072</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_ECDSA(alg)                                           \</span></div><div class="line"><a name="l01073"></a><span class="lineno"> 1073</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \</span></div><div class="line"><a name="l01074"></a><span class="lineno"> 1074</span>&#160;<span class="preprocessor">     PSA_ALG_ECDSA_BASE)</span></div><div class="line"><a name="l01075"></a><span class="lineno"> 1075</span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)             \</span></div><div class="line"><a name="l01076"></a><span class="lineno"> 1076</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</span></div><div class="line"><a name="l01077"></a><span class="lineno"> 1077</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)                             \</span></div><div class="line"><a name="l01078"></a><span class="lineno"> 1078</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01079"></a><span class="lineno"> 1079</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg)                                \</span></div><div class="line"><a name="l01080"></a><span class="lineno"> 1080</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01081"></a><span class="lineno"> 1081</span>&#160;</div><div class="line"><a name="l01100"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3"> 1100</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SIGN_GET_HASH(alg)                                     \</span></div><div class="line"><a name="l01101"></a><span class="lineno"> 1101</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||   \</span></div><div class="line"><a name="l01102"></a><span class="lineno"> 1102</span>&#160;<span class="preprocessor">     PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg) ?                    \</span></div><div class="line"><a name="l01103"></a><span class="lineno"> 1103</span>&#160;<span class="preprocessor">     ((alg) &amp; PSA_ALG_HASH_MASK) == 0 ? </span><span class="comment">/*&quot;raw&quot; algorithm*/</span><span class="preprocessor"> 0 :        \</span></div><div class="line"><a name="l01104"></a><span class="lineno"> 1104</span>&#160;<span class="preprocessor">     ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :             \</span></div><div class="line"><a name="l01105"></a><span class="lineno"> 1105</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l01106"></a><span class="lineno"> 1106</span>&#160;</div><div class="line"><a name="l01109"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9"> 1109</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_CRYPT              ((psa_algorithm_t)0x12020000)</span></div><div class="line"><a name="l01110"></a><span class="lineno"> 1110</span>&#160;</div><div class="line"><a name="l01111"></a><span class="lineno"> 1111</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_OAEP_BASE                   ((psa_algorithm_t)0x12030000)</span></div><div class="line"><a name="l01112"></a><span class="lineno"> 1112</span>&#160;</div><div class="line"><a name="l01126"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76"> 1126</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_OAEP(hash_alg)                              \</span></div><div class="line"><a name="l01127"></a><span class="lineno"> 1127</span>&#160;<span class="preprocessor">    (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01128"></a><span class="lineno"> 1128</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RSA_OAEP(alg)                                \</span></div><div class="line"><a name="l01129"></a><span class="lineno"> 1129</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)</span></div><div class="line"><a name="l01130"></a><span class="lineno"> 1130</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_OAEP_GET_HASH(alg)                          \</span></div><div class="line"><a name="l01131"></a><span class="lineno"> 1131</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_RSA_OAEP(alg) ?                                 \</span></div><div class="line"><a name="l01132"></a><span class="lineno"> 1132</span>&#160;<span class="preprocessor">     ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :      \</span></div><div class="line"><a name="l01133"></a><span class="lineno"> 1133</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l01134"></a><span class="lineno"> 1134</span>&#160;</div><div class="line"><a name="l01135"></a><span class="lineno"> 1135</span>&#160;<span class="preprocessor">#define PSA_ALG_HKDF_BASE                       ((psa_algorithm_t)0x30000100)</span></div><div class="line"><a name="l01136"></a><span class="lineno"> 1136</span>&#160;</div><div class="line"><a name="l01147"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82"> 1147</a></span>&#160;<span class="preprocessor">#define PSA_ALG_HKDF(hash_alg)                                  \</span></div><div class="line"><a name="l01148"></a><span class="lineno"> 1148</span>&#160;<span class="preprocessor">    (PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01149"></a><span class="lineno"> 1149</span>&#160;</div><div class="line"><a name="l01160"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2"> 1160</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_HKDF(alg)                            \</span></div><div class="line"><a name="l01161"></a><span class="lineno"> 1161</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</span></div><div class="line"><a name="l01162"></a><span class="lineno"> 1162</span>&#160;<span class="preprocessor">#define PSA_ALG_HKDF_GET_HASH(hkdf_alg)                         \</span></div><div class="line"><a name="l01163"></a><span class="lineno"> 1163</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01164"></a><span class="lineno"> 1164</span>&#160;</div><div class="line"><a name="l01165"></a><span class="lineno"> 1165</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PRF_BASE                     ((psa_algorithm_t)0x30000200)</span></div><div class="line"><a name="l01166"></a><span class="lineno"> 1166</span>&#160;</div><div class="line"><a name="l01188"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5"> 1188</a></span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PRF(hash_alg)                                  \</span></div><div class="line"><a name="l01189"></a><span class="lineno"> 1189</span>&#160;<span class="preprocessor">    (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01190"></a><span class="lineno"> 1190</span>&#160;</div><div class="line"><a name="l01199"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66"> 1199</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_TLS12_PRF(alg)                                    \</span></div><div class="line"><a name="l01200"></a><span class="lineno"> 1200</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</span></div><div class="line"><a name="l01201"></a><span class="lineno"> 1201</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg)                         \</span></div><div class="line"><a name="l01202"></a><span class="lineno"> 1202</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01203"></a><span class="lineno"> 1203</span>&#160;</div><div class="line"><a name="l01204"></a><span class="lineno"> 1204</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300)</span></div><div class="line"><a name="l01205"></a><span class="lineno"> 1205</span>&#160;</div><div class="line"><a name="l01228"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68"> 1228</a></span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg)                                  \</span></div><div class="line"><a name="l01229"></a><span class="lineno"> 1229</span>&#160;<span class="preprocessor">    (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01230"></a><span class="lineno"> 1230</span>&#160;</div><div class="line"><a name="l01239"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b"> 1239</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg)                                    \</span></div><div class="line"><a name="l01240"></a><span class="lineno"> 1240</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</span></div><div class="line"><a name="l01241"></a><span class="lineno"> 1241</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg)                         \</span></div><div class="line"><a name="l01242"></a><span class="lineno"> 1242</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01243"></a><span class="lineno"> 1243</span>&#160;</div><div class="line"><a name="l01244"></a><span class="lineno"> 1244</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_DERIVATION_MASK             ((psa_algorithm_t)0x010fffff)</span></div><div class="line"><a name="l01245"></a><span class="lineno"> 1245</span>&#160;</div><div class="line"><a name="l01256"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacbbcb60abf1714722f50f80ce9c21602"> 1256</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SELECT_RAW                      ((psa_algorithm_t)0x31000001)</span></div><div class="line"><a name="l01257"></a><span class="lineno"> 1257</span>&#160;</div><div class="line"><a name="l01258"></a><span class="lineno"> 1258</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg)                              \</span></div><div class="line"><a name="l01259"></a><span class="lineno"> 1259</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)</span></div><div class="line"><a name="l01260"></a><span class="lineno"> 1260</span>&#160;</div><div class="line"><a name="l01261"></a><span class="lineno"> 1261</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)                              \</span></div><div class="line"><a name="l01262"></a><span class="lineno"> 1262</span>&#160;<span class="preprocessor">    ((alg) &amp; ~PSA_ALG_KEY_DERIVATION_MASK)</span></div><div class="line"><a name="l01263"></a><span class="lineno"> 1263</span>&#160;</div><div class="line"><a name="l01264"></a><span class="lineno"> 1264</span>&#160;<span class="preprocessor">#define PSA_ALG_FFDH_BASE                       ((psa_algorithm_t)0x22100000)</span></div><div class="line"><a name="l01265"></a><span class="lineno"> 1265</span>&#160;</div><div class="line"><a name="l01287"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga21037568ad0b2e97d76dfc700b6b4483"> 1287</a></span>&#160;<span class="preprocessor">#define PSA_ALG_FFDH(kdf_alg) \</span></div><div class="line"><a name="l01288"></a><span class="lineno"> 1288</span>&#160;<span class="preprocessor">    (PSA_ALG_FFDH_BASE | ((kdf_alg) &amp; PSA_ALG_KEY_DERIVATION_MASK))</span></div><div class="line"><a name="l01289"></a><span class="lineno"> 1289</span>&#160;</div><div class="line"><a name="l01300"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e"> 1300</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_FFDH(alg) \</span></div><div class="line"><a name="l01301"></a><span class="lineno"> 1301</span>&#160;<span class="preprocessor">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE)</span></div><div class="line"><a name="l01302"></a><span class="lineno"> 1302</span>&#160;</div><div class="line"><a name="l01303"></a><span class="lineno"> 1303</span>&#160;<span class="preprocessor">#define PSA_ALG_ECDH_BASE                       ((psa_algorithm_t)0x22200000)</span></div><div class="line"><a name="l01304"></a><span class="lineno"> 1304</span>&#160;</div><div class="line"><a name="l01343"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga974b73fccc5a9142256d8ce3092dff7f"> 1343</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ECDH(kdf_alg) \</span></div><div class="line"><a name="l01344"></a><span class="lineno"> 1344</span>&#160;<span class="preprocessor">    (PSA_ALG_ECDH_BASE | ((kdf_alg) &amp; PSA_ALG_KEY_DERIVATION_MASK))</span></div><div class="line"><a name="l01345"></a><span class="lineno"> 1345</span>&#160;</div><div class="line"><a name="l01358"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d"> 1358</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_ECDH(alg) \</span></div><div class="line"><a name="l01359"></a><span class="lineno"> 1359</span>&#160;<span class="preprocessor">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE)</span></div><div class="line"><a name="l01360"></a><span class="lineno"> 1360</span>&#160;</div><div class="line"><a name="l01369"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf"> 1369</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>;</div><div class="line"><a name="l01370"></a><span class="lineno"> 1370</span>&#160;</div><div class="line"><a name="l01373"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b"> 1373</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a>;</div><div class="line"><a name="l01374"></a><span class="lineno"> 1374</span>&#160;</div><div class="line"><a name="l01378"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108"> 1378</a></span>&#160;<span class="preprocessor">#define PSA_KEY_LIFETIME_VOLATILE               ((psa_key_lifetime_t)0x00000000)</span></div><div class="line"><a name="l01379"></a><span class="lineno"> 1379</span>&#160;</div><div class="line"><a name="l01392"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02"> 1392</a></span>&#160;<span class="preprocessor">#define PSA_KEY_LIFETIME_PERSISTENT             ((psa_key_lifetime_t)0x00000001)</span></div><div class="line"><a name="l01393"></a><span class="lineno"> 1393</span>&#160;</div><div class="line"><a name="l01401"></a><span class="lineno"><a class="line" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25"> 1401</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>;</div><div class="line"><a name="l01402"></a><span class="lineno"> 1402</span>&#160;</div><div class="line"><a name="l01414"></a><span class="lineno"><a class="line" href="group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed"> 1414</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_EXPORT                    ((psa_key_usage_t)0x00000001)</span></div><div class="line"><a name="l01415"></a><span class="lineno"> 1415</span>&#160;</div><div class="line"><a name="l01425"></a><span class="lineno"><a class="line" href="group__policy.html#ga75153b296d045d529d97203a6a995dad"> 1425</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_ENCRYPT                   ((psa_key_usage_t)0x00000100)</span></div><div class="line"><a name="l01426"></a><span class="lineno"> 1426</span>&#160;</div><div class="line"><a name="l01436"></a><span class="lineno"><a class="line" href="group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a"> 1436</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_DECRYPT                   ((psa_key_usage_t)0x00000200)</span></div><div class="line"><a name="l01437"></a><span class="lineno"> 1437</span>&#160;</div><div class="line"><a name="l01446"></a><span class="lineno"><a class="line" href="group__policy.html#ga99b9f456cf59efc4b5579465407aef5a"> 1446</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_SIGN                      ((psa_key_usage_t)0x00000400)</span></div><div class="line"><a name="l01447"></a><span class="lineno"> 1447</span>&#160;</div><div class="line"><a name="l01456"></a><span class="lineno"><a class="line" href="group__policy.html#ga39b54ffd5958b69634607924fa53cea6"> 1456</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_VERIFY                    ((psa_key_usage_t)0x00000800)</span></div><div class="line"><a name="l01457"></a><span class="lineno"> 1457</span>&#160;</div><div class="line"><a name="l01460"></a><span class="lineno"><a class="line" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2"> 1460</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_DERIVE                    ((psa_key_usage_t)0x00001000)</span></div><div class="line"><a name="l01461"></a><span class="lineno"> 1461</span>&#160;</div><div class="line"><a name="l01464"></a><span class="lineno"> 1464</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* PSA_CRYPTO_ENUM_H */</span><span class="preprocessor"></span></div><div class="ttc" id="group__crypto__types_html_ga4e8977c145cce5077c4bce7fec890ad9"><div class="ttname"><a href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a></div><div class="ttdeci">uint16_t psa_ecc_curve_t</div><div class="ttdef"><b>Definition:</b> crypto_enum.h:480</div></div>
-<div class="ttc" id="group__key__lifetimes_html_ga11e986351c65bd3dc3c0fe2cd9926e4b"><div class="ttname"><a href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a></div><div class="ttdeci">uint32_t psa_key_id_t</div><div class="ttdef"><b>Definition:</b> crypto_enum.h:1373</div></div>
-<div class="ttc" id="group__crypto__types_html_gac2e4d47f1300d73c2f829a6d99252d69"><div class="ttname"><a href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a></div><div class="ttdeci">uint32_t psa_algorithm_t</div><div class="ttdoc">Encoding of a cryptographic algorithm. </div><div class="ttdef"><b>Definition:</b> crypto_enum.h:557</div></div>
-<div class="ttc" id="group__policy_html_ga7bb9de71337e0e98de843aa7f9b55f25"><div class="ttname"><a href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a></div><div class="ttdeci">uint32_t psa_key_usage_t</div><div class="ttdoc">Encoding of permitted usage on a key. </div><div class="ttdef"><b>Definition:</b> crypto_enum.h:1401</div></div>
-<div class="ttc" id="group__crypto__types_html_ga578159487dfc7096cb191b0d2befe628"><div class="ttname"><a href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a></div><div class="ttdeci">uint32_t psa_key_type_t</div><div class="ttdoc">Encoding of a key type. </div><div class="ttdef"><b>Definition:</b> crypto_enum.h:315</div></div>
-<div class="ttc" id="group__key__lifetimes_html_ga6821ff6dd39dc2bc370ded760ad8b0cf"><div class="ttname"><a href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a></div><div class="ttdeci">uint32_t psa_key_lifetime_t</div><div class="ttdef"><b>Definition:</b> crypto_enum.h:1369</div></div>
-<div class="ttc" id="group__error_html_ga05676e70ba5c6a7565aff3c36677c1f9"><div class="ttname"><a href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a></div><div class="ttdeci">int32_t psa_status_t</div><div class="ttdoc">Function return status. </div><div class="ttdef"><b>Definition:</b> crypto_enum.h:66</div></div>
-</div><!-- fragment --></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__sizes_8h.html b/docs/html/crypto__sizes_8h.html
deleted file mode 100644
index e09d0f1..0000000
--- a/docs/html/crypto__sizes_8h.html
+++ /dev/null
@@ -1,710 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_sizes.h File Reference</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a>  </div>
-  <div class="headertitle">
-<div class="title">crypto_sizes.h File Reference</div>  </div>
-</div><!--header-->
-<div class="contents">
-
-<p>PSA cryptography module: Mbed TLS buffer size macros.  
-<a href="#details">More...</a></p>
-<div class="textblock"><code>#include &quot;../mbedtls/config.h&quot;</code><br />
-</div><div class="textblock"><div class="dynheader">
-Include dependency graph for crypto_sizes.h:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto__sizes_8h__incl.png" border="0" usemap="#psa_2crypto__sizes_8h" alt=""/></div>
-</div>
-</div><div class="textblock"><div class="dynheader">
-This graph shows which files directly or indirectly include this file:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto__sizes_8h__dep__incl.png" border="0" usemap="#psa_2crypto__sizes_8hdep" alt=""/></div>
-<map name="psa_2crypto__sizes_8hdep" id="psa_2crypto__sizes_8hdep">
-<area shape="rect" id="node2" href="crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="24,80,119,107"/>
-</map>
-</div>
-</div>
-<p><a href="crypto__sizes_8h_source.html">Go to the source code of this file.</a></p>
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:af2edfe992db358f8eefd4bc82d069592"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="af2edfe992db358f8eefd4bc82d069592"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_BITS_TO_BYTES</b>(bits)&#160;&#160;&#160;(((bits) + 7) / 8)</td></tr>
-<tr class="separator:af2edfe992db358f8eefd4bc82d069592"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a997f71feb68cca794f7ed676600e06db"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a997f71feb68cca794f7ed676600e06db"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_BYTES_TO_BITS</b>(bytes)&#160;&#160;&#160;((bytes) * 8)</td></tr>
-<tr class="separator:a997f71feb68cca794f7ed676600e06db"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:aef340331ce3cba2b57e1fc5624bf1f99"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">PSA_HASH_SIZE</a>(alg)</td></tr>
-<tr class="separator:aef340331ce3cba2b57e1fc5624bf1f99"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a6ce1014efbbc0bcca286ef7f9a72cb29"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29">PSA_HASH_MAX_SIZE</a>&#160;&#160;&#160;64</td></tr>
-<tr class="separator:a6ce1014efbbc0bcca286ef7f9a72cb29"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a123539632874601194b1d86a398e14ff"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a123539632874601194b1d86a398e14ff"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_HMAC_MAX_HASH_BLOCK_SIZE</b>&#160;&#160;&#160;128</td></tr>
-<tr class="separator:a123539632874601194b1d86a398e14ff"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a4681cc4f6226883a2160122c562ca682"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a4681cc4f6226883a2160122c562ca682">PSA_MAC_MAX_SIZE</a>&#160;&#160;&#160;<a class="el" href="crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29">PSA_HASH_MAX_SIZE</a></td></tr>
-<tr class="separator:a4681cc4f6226883a2160122c562ca682"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a8e3079b2e624cb8d32b94843cddada49"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a>(alg)</td></tr>
-<tr class="separator:a8e3079b2e624cb8d32b94843cddada49"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a2ab9324235c63e9e8cdee5bb1793eabe"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a2ab9324235c63e9e8cdee5bb1793eabe"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_VENDOR_RSA_MAX_KEY_BITS</b>&#160;&#160;&#160;4096</td></tr>
-<tr class="separator:a2ab9324235c63e9e8cdee5bb1793eabe"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a81080a6cbbab87f35b114cb991e3f550"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a81080a6cbbab87f35b114cb991e3f550"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_VENDOR_ECC_MAX_CURVE_BITS</b>&#160;&#160;&#160;521</td></tr>
-<tr class="separator:a81080a6cbbab87f35b114cb991e3f550"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ab589ea3b86f2bfa18880459299c58f8a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#ab589ea3b86f2bfa18880459299c58f8a">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</a>&#160;&#160;&#160;128</td></tr>
-<tr class="separator:ab589ea3b86f2bfa18880459299c58f8a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ad755101764dba14589e5919ee41be7ca"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#ad755101764dba14589e5919ee41be7ca">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</a></td></tr>
-<tr class="separator:ad755101764dba14589e5919ee41be7ca"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:aa3cfcff0291d6da279fec8fe834d5dec"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#aa3cfcff0291d6da279fec8fe834d5dec">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</a>&#160;&#160;&#160;16</td></tr>
-<tr class="separator:aa3cfcff0291d6da279fec8fe834d5dec"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:aa84c5fb384ac7cb1bfc52adde96588ee"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee">PSA_MAC_FINAL_SIZE</a>(key_type,  key_bits,  alg)</td></tr>
-<tr class="separator:aa84c5fb384ac7cb1bfc52adde96588ee"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a85667d47a7aa6c7b99a80e5273671266"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a85667d47a7aa6c7b99a80e5273671266">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</a>(alg,  plaintext_length)</td></tr>
-<tr class="separator:a85667d47a7aa6c7b99a80e5273671266"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ab097f6e054f1a73e975d597ade9029a6"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#ab097f6e054f1a73e975d597ade9029a6">PSA_AEAD_FINISH_OUTPUT_SIZE</a>(alg)&#160;&#160;&#160;((size_t)0)</td></tr>
-<tr class="separator:ab097f6e054f1a73e975d597ade9029a6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a1d057796166c16eb673ad1997e48a60b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a1d057796166c16eb673ad1997e48a60b">PSA_AEAD_DECRYPT_OUTPUT_SIZE</a>(alg,  ciphertext_length)</td></tr>
-<tr class="separator:a1d057796166c16eb673ad1997e48a60b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:aec0bcba60e7514b83f967b171d494ed3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_RSA_MINIMUM_PADDING_SIZE</b>(alg)</td></tr>
-<tr class="separator:aec0bcba60e7514b83f967b171d494ed3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a10c472a35f04051add6b20cc228ffc11"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11">PSA_ECDSA_SIGNATURE_SIZE</a>(curve_bits)&#160;&#160;&#160;(PSA_BITS_TO_BYTES(curve_bits) * 2)</td></tr>
-<tr class="memdesc:a10c472a35f04051add6b20cc228ffc11"><td class="mdescLeft">&#160;</td><td class="mdescRight">ECDSA signature size for a given curve bit size.  <a href="#a10c472a35f04051add6b20cc228ffc11">More...</a><br /></td></tr>
-<tr class="separator:a10c472a35f04051add6b20cc228ffc11"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a77565b9b4fe6d8730fd2120f4c8378ab"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a77565b9b4fe6d8730fd2120f4c8378ab">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</a>(key_type,  key_bits,  alg)</td></tr>
-<tr class="separator:a77565b9b4fe6d8730fd2120f4c8378ab"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a66ba3bd93e5ec52870ccc3848778bad8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a66ba3bd93e5ec52870ccc3848778bad8">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</a>(key_type,  key_bits,  alg)</td></tr>
-<tr class="separator:a66ba3bd93e5ec52870ccc3848778bad8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a61a246f3eac41989821d982e56fea6c1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a61a246f3eac41989821d982e56fea6c1">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</a>(key_type,  key_bits,  alg)</td></tr>
-<tr class="separator:a61a246f3eac41989821d982e56fea6c1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a6a30ddc479486f4c5db1c759c3d052c2"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a6a30ddc479486f4c5db1c759c3d052c2"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</b>(bits)&#160;&#160;&#160;((bits) / 8 + 5)</td></tr>
-<tr class="separator:a6a30ddc479486f4c5db1c759c3d052c2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a0fffdb6216268eb6455cc83a854c8acf"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a0fffdb6216268eb6455cc83a854c8acf"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</b>(key_bits)&#160;&#160;&#160;(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36)</td></tr>
-<tr class="separator:a0fffdb6216268eb6455cc83a854c8acf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a590f9d3da465c0422d7ba60ac2e9d98d"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a590f9d3da465c0422d7ba60ac2e9d98d"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE</b>(key_bits)&#160;&#160;&#160;(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)</td></tr>
-<tr class="separator:a590f9d3da465c0422d7ba60ac2e9d98d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:aaee3efce949efb49d0d13110051ad2a0"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="aaee3efce949efb49d0d13110051ad2a0"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</b>(key_bits)&#160;&#160;&#160;(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)</td></tr>
-<tr class="separator:aaee3efce949efb49d0d13110051ad2a0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:aee0cfc7f7b7b80374a0d7b03c9b91e01"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="aee0cfc7f7b7b80374a0d7b03c9b91e01"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE</b>(key_bits)&#160;&#160;&#160;(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)</td></tr>
-<tr class="separator:aee0cfc7f7b7b80374a0d7b03c9b91e01"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a221b29f08b4e5e0509a1c7cc11b623d0"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a221b29f08b4e5e0509a1c7cc11b623d0"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</b>(key_bits)&#160;&#160;&#160;(2 * PSA_BITS_TO_BYTES(key_bits) + 36)</td></tr>
-<tr class="separator:a221b29f08b4e5e0509a1c7cc11b623d0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ae105bb3d5a09d323eb3e457d26bddd04"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ae105bb3d5a09d323eb3e457d26bddd04"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE</b>(key_bits)&#160;&#160;&#160;(PSA_BITS_TO_BYTES(key_bits))</td></tr>
-<tr class="separator:ae105bb3d5a09d323eb3e457d26bddd04"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a0aae885cc8ff92e00fb5248420b939c3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">PSA_KEY_EXPORT_MAX_SIZE</a>(key_type,  key_bits)</td></tr>
-<tr class="separator:a0aae885cc8ff92e00fb5248420b939c3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<div class="textblock"><p>PSA cryptography module: Mbed TLS buffer size macros. </p>
-<dl class="section note"><dt>Note</dt><dd>This file may not be included directly. Applications must include <a class="el" href="crypto_8h.html" title="Platform Security Architecture cryptography module. ">psa/crypto.h</a>.</dd></dl>
-<p>This file contains the definitions of macros that are useful to compute buffer sizes. The signatures and semantics of these macros are standardized, but the definitions are not, because they depend on the available algorithms and, in some cases, on permitted tolerances on buffer sizes.</p>
-<p>In implementations with isolation between the application and the cryptography module, implementers should take care to ensure that the definitions that are exposed to applications match what the module implements.</p>
-<p>Macros that compute sizes whose values do not depend on the implementation are in <a class="el" href="crypto_8h.html" title="Platform Security Architecture cryptography module. ">crypto.h</a>. </p>
-</div><h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="a1d057796166c16eb673ad1997e48a60b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_AEAD_DECRYPT_OUTPUT_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">ciphertext_length&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a>(alg) != 0 ?                              \</div><div class="line">     (plaintext_length) - <a class="code" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a>(alg) :              \</div><div class="line">     0)</div><div class="ttc" id="crypto__sizes_8h_html_a8e3079b2e624cb8d32b94843cddada49"><div class="ttname"><a href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a></div><div class="ttdeci">#define PSA_AEAD_TAG_LENGTH(alg)</div><div class="ttdef"><b>Definition:</b> crypto_sizes.h:138</div></div>
-</div><!-- fragment --><p>The maximum size of the output of <a class="el" href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">psa_aead_decrypt()</a>, in bytes.</p>
-<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="el" href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">psa_aead_decrypt()</a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext may be smaller.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An AEAD algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramname">ciphertext_length</td><td>Size of the plaintext in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="a85667d47a7aa6c7b99a80e5273671266"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">plaintext_length&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a>(alg) != 0 ?                              \</div><div class="line">     (plaintext_length) + <a class="code" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a>(alg) :              \</div><div class="line">     0)</div><div class="ttc" id="crypto__sizes_8h_html_a8e3079b2e624cb8d32b94843cddada49"><div class="ttname"><a href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a></div><div class="ttdeci">#define PSA_AEAD_TAG_LENGTH(alg)</div><div class="ttdef"><b>Definition:</b> crypto_sizes.h:138</div></div>
-</div><!-- fragment --><p>The maximum size of the output of <a class="el" href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">psa_aead_encrypt()</a>, in bytes.</p>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="el" href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">psa_aead_encrypt()</a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext may be smaller.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An AEAD algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramname">plaintext_length</td><td>Size of the plaintext in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ab097f6e054f1a73e975d597ade9029a6"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_AEAD_FINISH_OUTPUT_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;((size_t)0)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The maximum size of the output of <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish()</a>, in bytes.</p>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish()</a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext may be smaller.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An AEAD algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The maximum trailing ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="a8e3079b2e624cb8d32b94843cddada49"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_AEAD_TAG_LENGTH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(alg) ?                                             \</div><div class="line">     (((alg) &amp; PSA_ALG_AEAD_TAG_LENGTH_MASK) &gt;&gt; PSA_AEAD_TAG_LENGTH_OFFSET) : \</div><div class="line">     0)</div><div class="ttc" id="group__crypto__types_html_ga1d44829d60065eaa4ac9a703e7d6abc8"><div class="ttname"><a href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a></div><div class="ttdeci">#define PSA_ALG_IS_AEAD(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:591</div></div>
-</div><!-- fragment --><p>The tag size for an AEAD algorithm, in bytes.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An AEAD algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The tag size for the specified algorithm. If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return 0. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ab589ea3b86f2bfa18880459299c58f8a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN&#160;&#160;&#160;128</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>This macro returns the maximum length of the PSK supported by the TLS-1.2 PSK-to-MS key derivation.</p>
-<p>Quoting RFC 4279, Sect 5.3: TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.</p>
-<p>Therefore, no implementation should define a value smaller than 64 for <a class="el" href="crypto__sizes_8h.html#ab589ea3b86f2bfa18880459299c58f8a">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="a61a246f3eac41989821d982e56fea6c1"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_type, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_bits, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a>(key_type) ?                                    \</div><div class="line">     PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) :  \</div><div class="line">     0)</div><div class="ttc" id="group__crypto__types_html_ga0e1d8f241228e49c9cadadfb4579ef1a"><div class="ttname"><a href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_RSA(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:424</div></div>
-</div><!-- fragment --><p>Safe output buffer size for <a class="el" href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e" title="Decrypt a short message with a private key. ">psa_asymmetric_decrypt()</a>.</p>
-<p>This macro returns a safe buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.</p>
-<dl class="section warning"><dt>Warning</dt><dd>This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">key_type</td><td>An asymmetric key type (this may indifferently be a key pair type or a public key type). </td></tr>
-    <tr><td class="paramname">key_bits</td><td>The size of the key in bits. </td></tr>
-    <tr><td class="paramname">alg</td><td>The signature algorithm.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="el" href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e" title="Decrypt a short message with a private key. ">psa_asymmetric_decrypt()</a> will not fail with <a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a>. If the parameters are a valid combination that is not supported by the implementation, this macro either shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="a66ba3bd93e5ec52870ccc3848778bad8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_type, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_bits, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a>(key_type) ?                                    \</div><div class="line">     ((void)alg, PSA_BITS_TO_BYTES(key_bits)) :                         \</div><div class="line">     0)</div><div class="ttc" id="group__crypto__types_html_ga0e1d8f241228e49c9cadadfb4579ef1a"><div class="ttname"><a href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_RSA(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:424</div></div>
-</div><!-- fragment --><p>Safe output buffer size for <a class="el" href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004" title="Encrypt a short message with a public key. ">psa_asymmetric_encrypt()</a>.</p>
-<p>This macro returns a safe buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.</p>
-<dl class="section warning"><dt>Warning</dt><dd>This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">key_type</td><td>An asymmetric key type (this may indifferently be a key pair type or a public key type). </td></tr>
-    <tr><td class="paramname">key_bits</td><td>The size of the key in bits. </td></tr>
-    <tr><td class="paramname">alg</td><td>The signature algorithm.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="el" href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004" title="Encrypt a short message with a public key. ">psa_asymmetric_encrypt()</a> will not fail with <a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a>. If the parameters are a valid combination that is not supported by the implementation, this macro either shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="a77565b9b4fe6d8730fd2120f4c8378ab"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_type, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_bits, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a>(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \</div><div class="line">     <a class="code" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a>(key_type) ? <a class="code" href="crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11">PSA_ECDSA_SIGNATURE_SIZE</a>(key_bits) : \</div><div class="line">     ((void)alg, 0))</div><div class="ttc" id="group__crypto__types_html_ga0e1d8f241228e49c9cadadfb4579ef1a"><div class="ttname"><a href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_RSA(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:424</div></div>
-<div class="ttc" id="crypto__sizes_8h_html_a10c472a35f04051add6b20cc228ffc11"><div class="ttname"><a href="crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11">PSA_ECDSA_SIGNATURE_SIZE</a></div><div class="ttdeci">#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)</div><div class="ttdoc">ECDSA signature size for a given curve bit size. </div><div class="ttdef"><b>Definition:</b> crypto_sizes.h:329</div></div>
-<div class="ttc" id="group__crypto__types_html_ga88e01fa06b585654689a99bcc06bbe66"><div class="ttname"><a href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_ECC(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:446</div></div>
-</div><!-- fragment --><p>Safe signature buffer size for <a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07" title="Sign a hash or short message with a private key. ">psa_asymmetric_sign()</a>.</p>
-<p>This macro returns a safe buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature may be smaller (some algorithms produce a variable-size signature).</p>
-<dl class="section warning"><dt>Warning</dt><dd>This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">key_type</td><td>An asymmetric key type (this may indifferently be a key pair type or a public key type). </td></tr>
-    <tr><td class="paramname">key_bits</td><td>The size of the key in bits. </td></tr>
-    <tr><td class="paramname">alg</td><td>The signature algorithm.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07" title="Sign a hash or short message with a private key. ">psa_asymmetric_sign()</a> will not fail with <a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a>. If the parameters are a valid combination that is not supported by the implementation, this macro either shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ad755101764dba14589e5919ee41be7ca"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">PSA_BITS_TO_BYTES(                                                  \</div><div class="line">        PSA_VENDOR_RSA_MAX_KEY_BITS &gt; PSA_VENDOR_ECC_MAX_CURVE_BITS ?   \</div><div class="line">        PSA_VENDOR_RSA_MAX_KEY_BITS :                                   \</div><div class="line">        PSA_VENDOR_ECC_MAX_CURVE_BITS                                   \</div><div class="line">        )</div></div><!-- fragment --><p>Maximum size of an asymmetric signature.</p>
-<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum. </p>
-
-</div>
-</div>
-<a class="anchor" id="a10c472a35f04051add6b20cc228ffc11"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ECDSA_SIGNATURE_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">curve_bits</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_BITS_TO_BYTES(curve_bits) * 2)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>ECDSA signature size for a given curve bit size. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">curve_bits</td><td>Curve size in bits. </td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>Signature size in bytes.</dd></dl>
-<dl class="section note"><dt>Note</dt><dd>This macro returns a compile-time constant if its argument is one. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="a6ce1014efbbc0bcca286ef7f9a72cb29"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_HASH_MAX_SIZE&#160;&#160;&#160;64</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Maximum size of a hash.</p>
-<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a hash supported by the implementation, in bytes, and must be no smaller than this maximum. </p>
-
-</div>
-</div>
-<a class="anchor" id="aef340331ce3cba2b57e1fc5624bf1f99"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_HASH_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(                                                           \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 :            \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 :            \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 :            \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 :      \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 :          \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">PSA_ALG_SHA_224</a> ? 28 :        \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">PSA_ALG_SHA_256</a> ? 32 :        \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">PSA_ALG_SHA_384</a> ? 48 :        \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">PSA_ALG_SHA_512</a> ? 64 :        \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">PSA_ALG_SHA_512_224</a> ? 28 :    \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">PSA_ALG_SHA_512_256</a> ? 32 :    \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">PSA_ALG_SHA3_224</a> ? 28 :       \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">PSA_ALG_SHA3_256</a> ? 32 :       \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">PSA_ALG_SHA3_384</a> ? 48 :       \</div><div class="line">        PSA_ALG_HMAC_GET_HASH(alg) == <a class="code" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">PSA_ALG_SHA3_512</a> ? 64 :       \</div><div class="line">        0)</div><div class="ttc" id="group__crypto__types_html_gaace70d9515489bbe3c5e7ac1b7d9155b"><div class="ttname"><a href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">PSA_ALG_SHA3_256</a></div><div class="ttdeci">#define PSA_ALG_SHA3_256</div><div class="ttdef"><b>Definition:</b> crypto_values.h:660</div></div>
-<div class="ttc" id="group__crypto__types_html_ga16f5fe34ccce68c2fada1224c054a999"><div class="ttname"><a href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">PSA_ALG_SHA3_224</a></div><div class="ttdeci">#define PSA_ALG_SHA3_224</div><div class="ttdef"><b>Definition:</b> crypto_values.h:658</div></div>
-<div class="ttc" id="group__crypto__types_html_ga37e5dbe936dddb155e76f2997de27188"><div class="ttname"><a href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">PSA_ALG_SHA3_512</a></div><div class="ttdeci">#define PSA_ALG_SHA3_512</div><div class="ttdef"><b>Definition:</b> crypto_values.h:664</div></div>
-<div class="ttc" id="group__crypto__types_html_ga619471f978e13cdd0a1e37145e4bf341"><div class="ttname"><a href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">PSA_ALG_SHA_256</a></div><div class="ttdeci">#define PSA_ALG_SHA_256</div><div class="ttdef"><b>Definition:</b> crypto_values.h:648</div></div>
-<div class="ttc" id="group__crypto__types_html_gafba3ae409f46d3dd7f37a0910660c3e9"><div class="ttname"><a href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">PSA_ALG_SHA_512</a></div><div class="ttdeci">#define PSA_ALG_SHA_512</div><div class="ttdef"><b>Definition:</b> crypto_values.h:652</div></div>
-<div class="ttc" id="group__crypto__types_html_ga25d6a3244d10a7148fe6b026d1979f7b"><div class="ttname"><a href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">PSA_ALG_SHA_224</a></div><div class="ttdeci">#define PSA_ALG_SHA_224</div><div class="ttdef"><b>Definition:</b> crypto_values.h:646</div></div>
-<div class="ttc" id="group__crypto__types_html_ga58af64dd9a86a287e8da9ed7739eead4"><div class="ttname"><a href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">PSA_ALG_SHA_384</a></div><div class="ttdeci">#define PSA_ALG_SHA_384</div><div class="ttdef"><b>Definition:</b> crypto_values.h:650</div></div>
-<div class="ttc" id="group__crypto__types_html_ga3fe2d7c3c80e3186ca78d16a35d5d931"><div class="ttname"><a href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">PSA_ALG_SHA_512_224</a></div><div class="ttdeci">#define PSA_ALG_SHA_512_224</div><div class="ttdef"><b>Definition:</b> crypto_values.h:654</div></div>
-<div class="ttc" id="group__crypto__types_html_ga5910b3964c14e9613e8643a45b09c2d4"><div class="ttname"><a href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">PSA_ALG_SHA_512_256</a></div><div class="ttdeci">#define PSA_ALG_SHA_512_256</div><div class="ttdef"><b>Definition:</b> crypto_values.h:656</div></div>
-<div class="ttc" id="group__crypto__types_html_gab0f079257ea75e2acfe2fc3b38c78cd8"><div class="ttname"><a href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">PSA_ALG_SHA3_384</a></div><div class="ttdeci">#define PSA_ALG_SHA3_384</div><div class="ttdef"><b>Definition:</b> crypto_values.h:662</div></div>
-</div><!-- fragment --><p>The size of the output of <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish()</a>, in bytes.</p>
-<p>This is also the hash size that <a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify()</a> expects.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>alg</code>) is true), or an HMAC algorithm (<a class="el" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">PSA_ALG_HMAC</a>(<code>hash_alg</code>) where <code>hash_alg</code> is a hash algorithm).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The hash size for the specified hash algorithm. If the hash algorithm is not recognized, return 0. An implementation may return either 0 or the correct size for a hash algorithm that it recognizes, but does not support. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="a0aae885cc8ff92e00fb5248420b939c3"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_EXPORT_MAX_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_type, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_bits&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \</div><div class="line">     (key_type) == <a class="code" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">PSA_KEY_TYPE_RSA_KEYPAIR</a> ? PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) : \</div><div class="line">     (key_type) == <a class="code" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \</div><div class="line">     (key_type) == <a class="code" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">PSA_KEY_TYPE_DSA_KEYPAIR</a> ? PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) : \</div><div class="line">     (key_type) == <a class="code" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a> ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \</div><div class="line">     <a class="code" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">PSA_KEY_TYPE_IS_ECC_KEYPAIR</a>(key_type) ? PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) : \</div><div class="line">     <a class="code" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \</div><div class="line">     0)</div><div class="ttc" id="group__crypto__types_html_ga5e7439c2905136366c3a876e62e5ddfc"><div class="ttname"><a href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a></div><div class="ttdeci">#define PSA_KEY_TYPE_DSA_PUBLIC_KEY</div><div class="ttdef"><b>Definition:</b> crypto_values.h:428</div></div>
-<div class="ttc" id="group__crypto__types_html_ga581f50687f5d650456925278948f2799"><div class="ttname"><a href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">PSA_KEY_TYPE_RSA_KEYPAIR</a></div><div class="ttdeci">#define PSA_KEY_TYPE_RSA_KEYPAIR</div><div class="ttdef"><b>Definition:</b> crypto_values.h:422</div></div>
-<div class="ttc" id="group__crypto__types_html_gaef86ce4e810e1c2c76068ac874bfef54"><div class="ttname"><a href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">PSA_KEY_TYPE_IS_UNSTRUCTURED</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:327</div></div>
-<div class="ttc" id="group__crypto__types_html_ga9ba0878f56c8bcd1995ac017a74f513b"><div class="ttname"><a href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a></div><div class="ttdeci">#define PSA_KEY_TYPE_RSA_PUBLIC_KEY</div><div class="ttdef"><b>Definition:</b> crypto_values.h:420</div></div>
-<div class="ttc" id="group__crypto__types_html_ga011010ee28c20388f3d89fb27088ed62"><div class="ttname"><a href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">PSA_KEY_TYPE_DSA_KEYPAIR</a></div><div class="ttdeci">#define PSA_KEY_TYPE_DSA_KEYPAIR</div><div class="ttdef"><b>Definition:</b> crypto_values.h:430</div></div>
-<div class="ttc" id="group__crypto__types_html_ga5af146a173b0c84d7e737e2fb6a3c0a7"><div class="ttname"><a href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:454</div></div>
-<div class="ttc" id="group__crypto__types_html_ga7bf101b671e8cf26f4cb08fcb679db4b"><div class="ttname"><a href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">PSA_KEY_TYPE_IS_ECC_KEYPAIR</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:450</div></div>
-</div><!-- fragment --><p>Safe output buffer size for <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf" title="Export a key in binary format. ">psa_export_key()</a> or <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a>.</p>
-<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
-<dl class="section warning"><dt>Warning</dt><dd>This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</dd></dl>
-<p>The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime. </p><div class="fragment"><div class="line"><a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> key_type;</div><div class="line"><span class="keywordtype">size_t</span> key_bits;</div><div class="line"><a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> status;</div><div class="line">status = <a class="code" href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">psa_get_key_information</a>(key, &amp;key_type, &amp;key_bits);</div><div class="line"><span class="keywordflow">if</span> (status != <a class="code" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>) handle_error(...);</div><div class="line"><span class="keywordtype">size_t</span> buffer_size = <a class="code" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">PSA_KEY_EXPORT_MAX_SIZE</a>(key_type, key_bits);</div><div class="line"><span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *buffer = malloc(buffer_size);</div><div class="line"><span class="keywordflow">if</span> (buffer != NULL) handle_error(...);</div><div class="line"><span class="keywordtype">size_t</span> buffer_length;</div><div class="line">status = <a class="code" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">psa_export_key</a>(key, buffer, buffer_size, &amp;buffer_length);</div><div class="line"><span class="keywordflow">if</span> (status != <a class="code" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>) handle_error(...);</div></div><!-- fragment --><p>For <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a>, calculate the buffer size from the public key type. You can use the macro <a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a> to convert a key pair type to the corresponding public key type. </p><div class="fragment"><div class="line"><a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> key_type;</div><div class="line"><span class="keywordtype">size_t</span> key_bits;</div><div class="line"><a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> status;</div><div class="line">status = <a class="code" href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">psa_get_key_information</a>(key, &amp;key_type, &amp;key_bits);</div><div class="line"><span class="keywordflow">if</span> (status != <a class="code" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>) handle_error(...);</div><div class="line"><a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> public_key_type = <a class="code" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(key_type);</div><div class="line"><span class="keywordtype">size_t</span> buffer_size = <a class="code" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">PSA_KEY_EXPORT_MAX_SIZE</a>(public_key_type, key_bits);</div><div class="line"><span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *buffer = malloc(buffer_size);</div><div class="line"><span class="keywordflow">if</span> (buffer != NULL) handle_error(...);</div><div class="line"><span class="keywordtype">size_t</span> buffer_length;</div><div class="line">status = <a class="code" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">psa_export_public_key</a>(key, buffer, buffer_size, &amp;buffer_length);</div><div class="line"><span class="keywordflow">if</span> (status != <a class="code" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>) handle_error(...);</div></div><!-- fragment --><dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">key_type</td><td>A supported key type. </td></tr>
-    <tr><td class="paramname">key_bits</td><td>The size of the key in bits.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07" title="Sign a hash or short message with a private key. ">psa_asymmetric_sign()</a> will not fail with <a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a>. If the parameters are a valid combination that is not supported by the implementation, this macro either shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="aa84c5fb384ac7cb1bfc52adde96588ee"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_MAC_FINAL_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_type, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">key_bits, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK ? <a class="code" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">PSA_MAC_TRUNCATED_LENGTH</a>(alg) : <a class="code" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">\</a></div><div class="line"><a class="code" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">     PSA_ALG_IS_HMAC</a>(alg) ? <a class="code" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">PSA_HASH_SIZE</a>(PSA_ALG_HMAC_GET_HASH(alg)) : \</div><div class="line">     <a class="code" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg) ? <a class="code" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">PSA_BLOCK_CIPHER_BLOCK_SIZE</a>(key_type) : \</div><div class="line">     ((void)(key_type), (void)(key_bits), 0))</div><div class="ttc" id="crypto__sizes_8h_html_aef340331ce3cba2b57e1fc5624bf1f99"><div class="ttname"><a href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">PSA_HASH_SIZE</a></div><div class="ttdeci">#define PSA_HASH_SIZE(alg)</div><div class="ttdef"><b>Definition:</b> crypto_sizes.h:70</div></div>
-<div class="ttc" id="group__crypto__types_html_gae49d1eb601125d65a5c5b252aa45479e"><div class="ttname"><a href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">PSA_ALG_IS_BLOCK_CIPHER_MAC</a></div><div class="ttdeci">#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:823</div></div>
-<div class="ttc" id="group__crypto__types_html_gacaa366bdeb0413e63e87a667c5457b2e"><div class="ttname"><a href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">PSA_BLOCK_CIPHER_BLOCK_SIZE</a></div><div class="ttdeci">#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:527</div></div>
-<div class="ttc" id="group__crypto__types_html_gab03726c4476174e019a08e2a04018ce8"><div class="ttname"><a href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">PSA_MAC_TRUNCATED_LENGTH</a></div><div class="ttdeci">#define PSA_MAC_TRUNCATED_LENGTH(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:807</div></div>
-<div class="ttc" id="group__crypto__types_html_ga4a050c3c3cbc6eb96418f18847601c8a"><div class="ttname"><a href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">PSA_ALG_IS_HMAC</a></div><div class="ttdeci">#define PSA_ALG_IS_HMAC(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:730</div></div>
-</div><!-- fragment --><p>The size of the output of <a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish()</a>, in bytes.</p>
-<p>This is also the MAC size that <a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish()</a> expects.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">key_type</td><td>The type of the MAC key. </td></tr>
-    <tr><td class="paramname">key_bits</td><td>The size of the MAC key in bits. </td></tr>
-    <tr><td class="paramname">alg</td><td>A MAC algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The MAC size for the specified algorithm with the specified key parameters. </dd>
-<dd>
-0 if the MAC algorithm is not recognized. </dd>
-<dd>
-Either 0 or the correct size for a MAC algorithm that the implementation recognizes, but does not support. </dd>
-<dd>
-Unspecified if the key parameters are not consistent with the algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="a4681cc4f6226883a2160122c562ca682"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_MAC_MAX_SIZE&#160;&#160;&#160;<a class="el" href="crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29">PSA_HASH_MAX_SIZE</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Maximum size of a MAC.</p>
-<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum. </p>
-
-</div>
-</div>
-<a class="anchor" id="aa3cfcff0291d6da279fec8fe834d5dec"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE&#160;&#160;&#160;16</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The maximum size of a block cipher supported by the implementation. </p>
-
-</div>
-</div>
-<a class="anchor" id="aec0bcba60e7514b83f967b171d494ed3"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_RSA_MINIMUM_PADDING_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(PSA_ALG_IS_RSA_OAEP(alg) ?                                         \</div><div class="line">     2 * PSA_HASH_FINAL_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 :      \</div><div class="line">     11 <span class="comment">/*PKCS#1v1.5*/</span>)</div></div><!-- fragment -->
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__sizes_8h__dep__incl.map b/docs/html/crypto__sizes_8h__dep__incl.map
deleted file mode 100644
index 549dc4c..0000000
--- a/docs/html/crypto__sizes_8h__dep__incl.map
+++ /dev/null
@@ -1,3 +0,0 @@
-<map id="psa/crypto_sizes.h" name="psa/crypto_sizes.h">
-<area shape="rect" id="node2" href="$crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="24,80,119,107"/>
-</map>
diff --git a/docs/html/crypto__sizes_8h__dep__incl.md5 b/docs/html/crypto__sizes_8h__dep__incl.md5
deleted file mode 100644
index b4da281..0000000
--- a/docs/html/crypto__sizes_8h__dep__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-e32c7361c89b531f3dc3224bf18e2d1e
\ No newline at end of file
diff --git a/docs/html/crypto__sizes_8h__dep__incl.png b/docs/html/crypto__sizes_8h__dep__incl.png
deleted file mode 100644
index be24f96..0000000
--- a/docs/html/crypto__sizes_8h__dep__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto__sizes_8h__incl.map b/docs/html/crypto__sizes_8h__incl.map
deleted file mode 100644
index 8e2ba95..0000000
--- a/docs/html/crypto__sizes_8h__incl.map
+++ /dev/null
@@ -1,2 +0,0 @@
-<map id="psa/crypto_sizes.h" name="psa/crypto_sizes.h">
-</map>
diff --git a/docs/html/crypto__sizes_8h__incl.md5 b/docs/html/crypto__sizes_8h__incl.md5
deleted file mode 100644
index e3dab45..0000000
--- a/docs/html/crypto__sizes_8h__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-e658bed16c33e403901c0821826db5a9
\ No newline at end of file
diff --git a/docs/html/crypto__sizes_8h__incl.png b/docs/html/crypto__sizes_8h__incl.png
deleted file mode 100644
index f38fc21..0000000
--- a/docs/html/crypto__sizes_8h__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto__sizes_8h_source.html b/docs/html/crypto__sizes_8h_source.html
deleted file mode 100644
index 655f87b..0000000
--- a/docs/html/crypto__sizes_8h_source.html
+++ /dev/null
@@ -1,101 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_sizes.h Source File</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="headertitle">
-<div class="title">crypto_sizes.h</div>  </div>
-</div><!--header-->
-<div class="contents">
-<a href="crypto__sizes_8h.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;</div><div class="line"><a name="l00023"></a><span class="lineno">   23</span>&#160;<span class="comment">/*</span></div><div class="line"><a name="l00024"></a><span class="lineno">   24</span>&#160;<span class="comment"> *  Copyright (C) 2018, ARM Limited, All Rights Reserved</span></div><div class="line"><a name="l00025"></a><span class="lineno">   25</span>&#160;<span class="comment"> *  SPDX-License-Identifier: Apache-2.0</span></div><div class="line"><a name="l00026"></a><span class="lineno">   26</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00027"></a><span class="lineno">   27</span>&#160;<span class="comment"> *  Licensed under the Apache License, Version 2.0 (the &quot;License&quot;); you may</span></div><div class="line"><a name="l00028"></a><span class="lineno">   28</span>&#160;<span class="comment"> *  not use this file except in compliance with the License.</span></div><div class="line"><a name="l00029"></a><span class="lineno">   29</span>&#160;<span class="comment"> *  You may obtain a copy of the License at</span></div><div class="line"><a name="l00030"></a><span class="lineno">   30</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00031"></a><span class="lineno">   31</span>&#160;<span class="comment"> *  http://www.apache.org/licenses/LICENSE-2.0</span></div><div class="line"><a name="l00032"></a><span class="lineno">   32</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00033"></a><span class="lineno">   33</span>&#160;<span class="comment"> *  Unless required by applicable law or agreed to in writing, software</span></div><div class="line"><a name="l00034"></a><span class="lineno">   34</span>&#160;<span class="comment"> *  distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT</span></div><div class="line"><a name="l00035"></a><span class="lineno">   35</span>&#160;<span class="comment"> *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></div><div class="line"><a name="l00036"></a><span class="lineno">   36</span>&#160;<span class="comment"> *  See the License for the specific language governing permissions and</span></div><div class="line"><a name="l00037"></a><span class="lineno">   37</span>&#160;<span class="comment"> *  limitations under the License.</span></div><div class="line"><a name="l00038"></a><span class="lineno">   38</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00039"></a><span class="lineno">   39</span>&#160;<span class="comment"> *  This file is part of mbed TLS (https://tls.mbed.org)</span></div><div class="line"><a name="l00040"></a><span class="lineno">   40</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00041"></a><span class="lineno">   41</span>&#160;</div><div class="line"><a name="l00042"></a><span class="lineno">   42</span>&#160;<span class="preprocessor">#ifndef PSA_CRYPTO_SIZES_H</span></div><div class="line"><a name="l00043"></a><span class="lineno">   43</span>&#160;<span class="preprocessor">#define PSA_CRYPTO_SIZES_H</span></div><div class="line"><a name="l00044"></a><span class="lineno">   44</span>&#160;</div><div class="line"><a name="l00045"></a><span class="lineno">   45</span>&#160;<span class="comment">/* Include the Mbed TLS configuration file, the way Mbed TLS does it</span></div><div class="line"><a name="l00046"></a><span class="lineno">   46</span>&#160;<span class="comment"> * in each of its header files. */</span></div><div class="line"><a name="l00047"></a><span class="lineno">   47</span>&#160;<span class="preprocessor">#if !defined(MBEDTLS_CONFIG_FILE)</span></div><div class="line"><a name="l00048"></a><span class="lineno">   48</span>&#160;<span class="preprocessor">#include &quot;../mbedtls/config.h&quot;</span></div><div class="line"><a name="l00049"></a><span class="lineno">   49</span>&#160;<span class="preprocessor">#else</span></div><div class="line"><a name="l00050"></a><span class="lineno">   50</span>&#160;<span class="preprocessor">#include MBEDTLS_CONFIG_FILE</span></div><div class="line"><a name="l00051"></a><span class="lineno">   51</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l00052"></a><span class="lineno">   52</span>&#160;</div><div class="line"><a name="l00053"></a><span class="lineno">   53</span>&#160;<span class="preprocessor">#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)</span></div><div class="line"><a name="l00054"></a><span class="lineno">   54</span>&#160;<span class="preprocessor">#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)</span></div><div class="line"><a name="l00055"></a><span class="lineno">   55</span>&#160;</div><div class="line"><a name="l00070"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">   70</a></span>&#160;<span class="preprocessor">#define PSA_HASH_SIZE(alg)                                      \</span></div><div class="line"><a name="l00071"></a><span class="lineno">   71</span>&#160;<span class="preprocessor">    (                                                           \</span></div><div class="line"><a name="l00072"></a><span class="lineno">   72</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 :            \</span></div><div class="line"><a name="l00073"></a><span class="lineno">   73</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 :            \</span></div><div class="line"><a name="l00074"></a><span class="lineno">   74</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 :            \</span></div><div class="line"><a name="l00075"></a><span class="lineno">   75</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 :      \</span></div><div class="line"><a name="l00076"></a><span class="lineno">   76</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 :          \</span></div><div class="line"><a name="l00077"></a><span class="lineno">   77</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 :        \</span></div><div class="line"><a name="l00078"></a><span class="lineno">   78</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 :        \</span></div><div class="line"><a name="l00079"></a><span class="lineno">   79</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 :        \</span></div><div class="line"><a name="l00080"></a><span class="lineno">   80</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 :        \</span></div><div class="line"><a name="l00081"></a><span class="lineno">   81</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 :    \</span></div><div class="line"><a name="l00082"></a><span class="lineno">   82</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 :    \</span></div><div class="line"><a name="l00083"></a><span class="lineno">   83</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 :       \</span></div><div class="line"><a name="l00084"></a><span class="lineno">   84</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 :       \</span></div><div class="line"><a name="l00085"></a><span class="lineno">   85</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 :       \</span></div><div class="line"><a name="l00086"></a><span class="lineno">   86</span>&#160;<span class="preprocessor">        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 :       \</span></div><div class="line"><a name="l00087"></a><span class="lineno">   87</span>&#160;<span class="preprocessor">        0)</span></div><div class="line"><a name="l00088"></a><span class="lineno">   88</span>&#160;</div><div class="line"><a name="l00097"></a><span class="lineno">   97</span>&#160;<span class="comment">/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,</span></div><div class="line"><a name="l00098"></a><span class="lineno">   98</span>&#160;<span class="comment"> * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for</span></div><div class="line"><a name="l00099"></a><span class="lineno">   99</span>&#160;<span class="comment"> * HMAC-SHA3-512. */</span></div><div class="line"><a name="l00100"></a><span class="lineno">  100</span>&#160;<span class="preprocessor">#if defined(MBEDTLS_SHA512_C)</span></div><div class="line"><a name="l00101"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29">  101</a></span>&#160;<span class="preprocessor">#define PSA_HASH_MAX_SIZE 64</span></div><div class="line"><a name="l00102"></a><span class="lineno">  102</span>&#160;<span class="preprocessor">#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128</span></div><div class="line"><a name="l00103"></a><span class="lineno">  103</span>&#160;<span class="preprocessor">#else</span></div><div class="line"><a name="l00104"></a><span class="lineno">  104</span>&#160;<span class="preprocessor">#define PSA_HASH_MAX_SIZE 32</span></div><div class="line"><a name="l00105"></a><span class="lineno">  105</span>&#160;<span class="preprocessor">#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64</span></div><div class="line"><a name="l00106"></a><span class="lineno">  106</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l00107"></a><span class="lineno">  107</span>&#160;</div><div class="line"><a name="l00116"></a><span class="lineno">  116</span>&#160;<span class="comment">/* All non-HMAC MACs have a maximum size that&#39;s smaller than the</span></div><div class="line"><a name="l00117"></a><span class="lineno">  117</span>&#160;<span class="comment"> * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */</span></div><div class="line"><a name="l00118"></a><span class="lineno">  118</span>&#160;<span class="comment">/* Note that the encoding of truncated MAC algorithms limits this value</span></div><div class="line"><a name="l00119"></a><span class="lineno">  119</span>&#160;<span class="comment"> * to 64 bytes.</span></div><div class="line"><a name="l00120"></a><span class="lineno">  120</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00121"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a4681cc4f6226883a2160122c562ca682">  121</a></span>&#160;<span class="preprocessor">#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE</span></div><div class="line"><a name="l00122"></a><span class="lineno">  122</span>&#160;</div><div class="line"><a name="l00138"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">  138</a></span>&#160;<span class="preprocessor">#define PSA_AEAD_TAG_LENGTH(alg)                                        \</span></div><div class="line"><a name="l00139"></a><span class="lineno">  139</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_AEAD(alg) ?                                             \</span></div><div class="line"><a name="l00140"></a><span class="lineno">  140</span>&#160;<span class="preprocessor">     (((alg) &amp; PSA_ALG_AEAD_TAG_LENGTH_MASK) &gt;&gt; PSA_AEAD_TAG_LENGTH_OFFSET) : \</span></div><div class="line"><a name="l00141"></a><span class="lineno">  141</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l00142"></a><span class="lineno">  142</span>&#160;</div><div class="line"><a name="l00143"></a><span class="lineno">  143</span>&#160;<span class="comment">/* The maximum size of an RSA key on this implementation, in bits.</span></div><div class="line"><a name="l00144"></a><span class="lineno">  144</span>&#160;<span class="comment"> * This is a vendor-specific macro.</span></div><div class="line"><a name="l00145"></a><span class="lineno">  145</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00146"></a><span class="lineno">  146</span>&#160;<span class="comment"> * Mbed TLS does not set a hard limit on the size of RSA keys: any key</span></div><div class="line"><a name="l00147"></a><span class="lineno">  147</span>&#160;<span class="comment"> * whose parameters fit in a bignum is accepted. However large keys can</span></div><div class="line"><a name="l00148"></a><span class="lineno">  148</span>&#160;<span class="comment"> * induce a large memory usage and long computation times. Unlike other</span></div><div class="line"><a name="l00149"></a><span class="lineno">  149</span>&#160;<span class="comment"> * auxiliary macros in this file and in crypto.h, which reflect how the</span></div><div class="line"><a name="l00150"></a><span class="lineno">  150</span>&#160;<span class="comment"> * library is configured, this macro defines how the library is</span></div><div class="line"><a name="l00151"></a><span class="lineno">  151</span>&#160;<span class="comment"> * configured. This implementation refuses to import or generate an</span></div><div class="line"><a name="l00152"></a><span class="lineno">  152</span>&#160;<span class="comment"> * RSA key whose size is larger than the value defined here.</span></div><div class="line"><a name="l00153"></a><span class="lineno">  153</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00154"></a><span class="lineno">  154</span>&#160;<span class="comment"> * Note that an implementation may set different size limits for different</span></div><div class="line"><a name="l00155"></a><span class="lineno">  155</span>&#160;<span class="comment"> * operations, and does not need to accept all key sizes up to the limit. */</span></div><div class="line"><a name="l00156"></a><span class="lineno">  156</span>&#160;<span class="preprocessor">#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096</span></div><div class="line"><a name="l00157"></a><span class="lineno">  157</span>&#160;</div><div class="line"><a name="l00158"></a><span class="lineno">  158</span>&#160;<span class="comment">/* The maximum size of an ECC key on this implementation, in bits.</span></div><div class="line"><a name="l00159"></a><span class="lineno">  159</span>&#160;<span class="comment"> * This is a vendor-specific macro. */</span></div><div class="line"><a name="l00160"></a><span class="lineno">  160</span>&#160;<span class="preprocessor">#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)</span></div><div class="line"><a name="l00161"></a><span class="lineno">  161</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521</span></div><div class="line"><a name="l00162"></a><span class="lineno">  162</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)</span></div><div class="line"><a name="l00163"></a><span class="lineno">  163</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512</span></div><div class="line"><a name="l00164"></a><span class="lineno">  164</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)</span></div><div class="line"><a name="l00165"></a><span class="lineno">  165</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448</span></div><div class="line"><a name="l00166"></a><span class="lineno">  166</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)</span></div><div class="line"><a name="l00167"></a><span class="lineno">  167</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384</span></div><div class="line"><a name="l00168"></a><span class="lineno">  168</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)</span></div><div class="line"><a name="l00169"></a><span class="lineno">  169</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384</span></div><div class="line"><a name="l00170"></a><span class="lineno">  170</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)</span></div><div class="line"><a name="l00171"></a><span class="lineno">  171</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256</span></div><div class="line"><a name="l00172"></a><span class="lineno">  172</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)</span></div><div class="line"><a name="l00173"></a><span class="lineno">  173</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256</span></div><div class="line"><a name="l00174"></a><span class="lineno">  174</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)</span></div><div class="line"><a name="l00175"></a><span class="lineno">  175</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256</span></div><div class="line"><a name="l00176"></a><span class="lineno">  176</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)</span></div><div class="line"><a name="l00177"></a><span class="lineno">  177</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255</span></div><div class="line"><a name="l00178"></a><span class="lineno">  178</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)</span></div><div class="line"><a name="l00179"></a><span class="lineno">  179</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224</span></div><div class="line"><a name="l00180"></a><span class="lineno">  180</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)</span></div><div class="line"><a name="l00181"></a><span class="lineno">  181</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224</span></div><div class="line"><a name="l00182"></a><span class="lineno">  182</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)</span></div><div class="line"><a name="l00183"></a><span class="lineno">  183</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192</span></div><div class="line"><a name="l00184"></a><span class="lineno">  184</span>&#160;<span class="preprocessor">#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)</span></div><div class="line"><a name="l00185"></a><span class="lineno">  185</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192</span></div><div class="line"><a name="l00186"></a><span class="lineno">  186</span>&#160;<span class="preprocessor">#else</span></div><div class="line"><a name="l00187"></a><span class="lineno">  187</span>&#160;<span class="preprocessor">#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0</span></div><div class="line"><a name="l00188"></a><span class="lineno">  188</span>&#160;<span class="preprocessor">#endif</span></div><div class="line"><a name="l00189"></a><span class="lineno">  189</span>&#160;</div><div class="line"><a name="l00204"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#ab589ea3b86f2bfa18880459299c58f8a">  204</a></span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128</span></div><div class="line"><a name="l00205"></a><span class="lineno">  205</span>&#160;</div><div class="line"><a name="l00214"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#ad755101764dba14589e5919ee41be7ca">  214</a></span>&#160;<span class="preprocessor">#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE                               \</span></div><div class="line"><a name="l00215"></a><span class="lineno">  215</span>&#160;<span class="preprocessor">    PSA_BITS_TO_BYTES(                                                  \</span></div><div class="line"><a name="l00216"></a><span class="lineno">  216</span>&#160;<span class="preprocessor">        PSA_VENDOR_RSA_MAX_KEY_BITS &gt; PSA_VENDOR_ECC_MAX_CURVE_BITS ?   \</span></div><div class="line"><a name="l00217"></a><span class="lineno">  217</span>&#160;<span class="preprocessor">        PSA_VENDOR_RSA_MAX_KEY_BITS :                                   \</span></div><div class="line"><a name="l00218"></a><span class="lineno">  218</span>&#160;<span class="preprocessor">        PSA_VENDOR_ECC_MAX_CURVE_BITS                                   \</span></div><div class="line"><a name="l00219"></a><span class="lineno">  219</span>&#160;<span class="preprocessor">        )</span></div><div class="line"><a name="l00220"></a><span class="lineno">  220</span>&#160;</div><div class="line"><a name="l00222"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#aa3cfcff0291d6da279fec8fe834d5dec">  222</a></span>&#160;<span class="preprocessor">#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16</span></div><div class="line"><a name="l00223"></a><span class="lineno">  223</span>&#160;</div><div class="line"><a name="l00241"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee">  241</a></span>&#160;<span class="preprocessor">#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg)                     \</span></div><div class="line"><a name="l00242"></a><span class="lineno">  242</span>&#160;<span class="preprocessor">    ((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \</span></div><div class="line"><a name="l00243"></a><span class="lineno">  243</span>&#160;<span class="preprocessor">     PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \</span></div><div class="line"><a name="l00244"></a><span class="lineno">  244</span>&#160;<span class="preprocessor">     PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \</span></div><div class="line"><a name="l00245"></a><span class="lineno">  245</span>&#160;<span class="preprocessor">     ((void)(key_type), (void)(key_bits), 0))</span></div><div class="line"><a name="l00246"></a><span class="lineno">  246</span>&#160;</div><div class="line"><a name="l00266"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a85667d47a7aa6c7b99a80e5273671266">  266</a></span>&#160;<span class="preprocessor">#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length)       \</span></div><div class="line"><a name="l00267"></a><span class="lineno">  267</span>&#160;<span class="preprocessor">    (PSA_AEAD_TAG_LENGTH(alg) != 0 ?                              \</span></div><div class="line"><a name="l00268"></a><span class="lineno">  268</span>&#160;<span class="preprocessor">     (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) :              \</span></div><div class="line"><a name="l00269"></a><span class="lineno">  269</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l00270"></a><span class="lineno">  270</span>&#160;</div><div class="line"><a name="l00289"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#ab097f6e054f1a73e975d597ade9029a6">  289</a></span>&#160;<span class="preprocessor">#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg)      \</span></div><div class="line"><a name="l00290"></a><span class="lineno">  290</span>&#160;<span class="preprocessor">    ((size_t)0)</span></div><div class="line"><a name="l00291"></a><span class="lineno">  291</span>&#160;</div><div class="line"><a name="l00311"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a1d057796166c16eb673ad1997e48a60b">  311</a></span>&#160;<span class="preprocessor">#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length)      \</span></div><div class="line"><a name="l00312"></a><span class="lineno">  312</span>&#160;<span class="preprocessor">    (PSA_AEAD_TAG_LENGTH(alg) != 0 ?                              \</span></div><div class="line"><a name="l00313"></a><span class="lineno">  313</span>&#160;<span class="preprocessor">     (plaintext_length) - PSA_AEAD_TAG_LENGTH(alg) :              \</span></div><div class="line"><a name="l00314"></a><span class="lineno">  314</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l00315"></a><span class="lineno">  315</span>&#160;</div><div class="line"><a name="l00316"></a><span class="lineno">  316</span>&#160;<span class="preprocessor">#define PSA_RSA_MINIMUM_PADDING_SIZE(alg)                               \</span></div><div class="line"><a name="l00317"></a><span class="lineno">  317</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_RSA_OAEP(alg) ?                                         \</span></div><div class="line"><a name="l00318"></a><span class="lineno">  318</span>&#160;<span class="preprocessor">     2 * PSA_HASH_FINAL_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 :      \</span></div><div class="line"><a name="l00319"></a><span class="lineno">  319</span>&#160;<span class="preprocessor">     11 </span><span class="comment">/*PKCS#1v1.5*/</span><span class="preprocessor">)</span></div><div class="line"><a name="l00320"></a><span class="lineno">  320</span>&#160;</div><div class="line"><a name="l00329"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11">  329</a></span>&#160;<span class="preprocessor">#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)    \</span></div><div class="line"><a name="l00330"></a><span class="lineno">  330</span>&#160;<span class="preprocessor">    (PSA_BITS_TO_BYTES(curve_bits) * 2)</span></div><div class="line"><a name="l00331"></a><span class="lineno">  331</span>&#160;</div><div class="line"><a name="l00358"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a77565b9b4fe6d8730fd2120f4c8378ab">  358</a></span>&#160;<span class="preprocessor">#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)        \</span></div><div class="line"><a name="l00359"></a><span class="lineno">  359</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \</span></div><div class="line"><a name="l00360"></a><span class="lineno">  360</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \</span></div><div class="line"><a name="l00361"></a><span class="lineno">  361</span>&#160;<span class="preprocessor">     ((void)alg, 0))</span></div><div class="line"><a name="l00362"></a><span class="lineno">  362</span>&#160;</div><div class="line"><a name="l00389"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a66ba3bd93e5ec52870ccc3848778bad8">  389</a></span>&#160;<span class="preprocessor">#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)     \</span></div><div class="line"><a name="l00390"></a><span class="lineno">  390</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \</span></div><div class="line"><a name="l00391"></a><span class="lineno">  391</span>&#160;<span class="preprocessor">     ((void)alg, PSA_BITS_TO_BYTES(key_bits)) :                         \</span></div><div class="line"><a name="l00392"></a><span class="lineno">  392</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l00393"></a><span class="lineno">  393</span>&#160;</div><div class="line"><a name="l00420"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a61a246f3eac41989821d982e56fea6c1">  420</a></span>&#160;<span class="preprocessor">#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)     \</span></div><div class="line"><a name="l00421"></a><span class="lineno">  421</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \</span></div><div class="line"><a name="l00422"></a><span class="lineno">  422</span>&#160;<span class="preprocessor">     PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) :  \</span></div><div class="line"><a name="l00423"></a><span class="lineno">  423</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l00424"></a><span class="lineno">  424</span>&#160;</div><div class="line"><a name="l00425"></a><span class="lineno">  425</span>&#160;<span class="comment">/* Maximum size of the ASN.1 encoding of an INTEGER with the specified</span></div><div class="line"><a name="l00426"></a><span class="lineno">  426</span>&#160;<span class="comment"> * number of bits.</span></div><div class="line"><a name="l00427"></a><span class="lineno">  427</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00428"></a><span class="lineno">  428</span>&#160;<span class="comment"> * This definition assumes that bits &lt;= 2^19 - 9 so that the length field</span></div><div class="line"><a name="l00429"></a><span class="lineno">  429</span>&#160;<span class="comment"> * is at most 3 bytes. The length of the encoding is the length of the</span></div><div class="line"><a name="l00430"></a><span class="lineno">  430</span>&#160;<span class="comment"> * bit string padded to a whole number of bytes plus:</span></div><div class="line"><a name="l00431"></a><span class="lineno">  431</span>&#160;<span class="comment"> * - 1 type byte;</span></div><div class="line"><a name="l00432"></a><span class="lineno">  432</span>&#160;<span class="comment"> * - 1 to 3 length bytes;</span></div><div class="line"><a name="l00433"></a><span class="lineno">  433</span>&#160;<span class="comment"> * - 0 to 1 bytes of leading 0 due to the sign bit.</span></div><div class="line"><a name="l00434"></a><span class="lineno">  434</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00435"></a><span class="lineno">  435</span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits)      \</span></div><div class="line"><a name="l00436"></a><span class="lineno">  436</span>&#160;<span class="preprocessor">    ((bits) / 8 + 5)</span></div><div class="line"><a name="l00437"></a><span class="lineno">  437</span>&#160;</div><div class="line"><a name="l00438"></a><span class="lineno">  438</span>&#160;<span class="comment">/* Maximum size of the export encoding of an RSA public key.</span></div><div class="line"><a name="l00439"></a><span class="lineno">  439</span>&#160;<span class="comment"> * Assumes that the public exponent is less than 2^32.</span></div><div class="line"><a name="l00440"></a><span class="lineno">  440</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00441"></a><span class="lineno">  441</span>&#160;<span class="comment"> * SubjectPublicKeyInfo  ::=  SEQUENCE  {</span></div><div class="line"><a name="l00442"></a><span class="lineno">  442</span>&#160;<span class="comment"> *      algorithm            AlgorithmIdentifier,</span></div><div class="line"><a name="l00443"></a><span class="lineno">  443</span>&#160;<span class="comment"> *      subjectPublicKey     BIT STRING  } -- contains RSAPublicKey</span></div><div class="line"><a name="l00444"></a><span class="lineno">  444</span>&#160;<span class="comment"> * AlgorithmIdentifier  ::=  SEQUENCE  {</span></div><div class="line"><a name="l00445"></a><span class="lineno">  445</span>&#160;<span class="comment"> *      algorithm               OBJECT IDENTIFIER,</span></div><div class="line"><a name="l00446"></a><span class="lineno">  446</span>&#160;<span class="comment"> *      parameters              NULL  }</span></div><div class="line"><a name="l00447"></a><span class="lineno">  447</span>&#160;<span class="comment"> * RSAPublicKey  ::=  SEQUENCE  {</span></div><div class="line"><a name="l00448"></a><span class="lineno">  448</span>&#160;<span class="comment"> *    modulus            INTEGER,    -- n</span></div><div class="line"><a name="l00449"></a><span class="lineno">  449</span>&#160;<span class="comment"> *    publicExponent     INTEGER  }  -- e</span></div><div class="line"><a name="l00450"></a><span class="lineno">  450</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00451"></a><span class="lineno">  451</span>&#160;<span class="comment"> * - 3 * 4 bytes of SEQUENCE overhead;</span></div><div class="line"><a name="l00452"></a><span class="lineno">  452</span>&#160;<span class="comment"> * - 1 + 1 + 9 bytes of algorithm (RSA OID);</span></div><div class="line"><a name="l00453"></a><span class="lineno">  453</span>&#160;<span class="comment"> * - 2 bytes of NULL;</span></div><div class="line"><a name="l00454"></a><span class="lineno">  454</span>&#160;<span class="comment"> * - 4 bytes of BIT STRING overhead;</span></div><div class="line"><a name="l00455"></a><span class="lineno">  455</span>&#160;<span class="comment"> * - n : INTEGER;</span></div><div class="line"><a name="l00456"></a><span class="lineno">  456</span>&#160;<span class="comment"> * - 7 bytes for the public exponent.</span></div><div class="line"><a name="l00457"></a><span class="lineno">  457</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00458"></a><span class="lineno">  458</span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \</span></div><div class="line"><a name="l00459"></a><span class="lineno">  459</span>&#160;<span class="preprocessor">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36)</span></div><div class="line"><a name="l00460"></a><span class="lineno">  460</span>&#160;</div><div class="line"><a name="l00461"></a><span class="lineno">  461</span>&#160;<span class="comment">/* Maximum size of the export encoding of an RSA key pair.</span></div><div class="line"><a name="l00462"></a><span class="lineno">  462</span>&#160;<span class="comment"> * Assumes thatthe public exponent is less than 2^32 and that the size</span></div><div class="line"><a name="l00463"></a><span class="lineno">  463</span>&#160;<span class="comment"> * difference between the two primes is at most 1 bit.</span></div><div class="line"><a name="l00464"></a><span class="lineno">  464</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00465"></a><span class="lineno">  465</span>&#160;<span class="comment"> * RSAPrivateKey ::= SEQUENCE {</span></div><div class="line"><a name="l00466"></a><span class="lineno">  466</span>&#160;<span class="comment"> *     version           Version,  -- 0</span></div><div class="line"><a name="l00467"></a><span class="lineno">  467</span>&#160;<span class="comment"> *     modulus           INTEGER,  -- N-bit</span></div><div class="line"><a name="l00468"></a><span class="lineno">  468</span>&#160;<span class="comment"> *     publicExponent    INTEGER,  -- 32-bit</span></div><div class="line"><a name="l00469"></a><span class="lineno">  469</span>&#160;<span class="comment"> *     privateExponent   INTEGER,  -- N-bit</span></div><div class="line"><a name="l00470"></a><span class="lineno">  470</span>&#160;<span class="comment"> *     prime1            INTEGER,  -- N/2-bit</span></div><div class="line"><a name="l00471"></a><span class="lineno">  471</span>&#160;<span class="comment"> *     prime2            INTEGER,  -- N/2-bit</span></div><div class="line"><a name="l00472"></a><span class="lineno">  472</span>&#160;<span class="comment"> *     exponent1         INTEGER,  -- N/2-bit</span></div><div class="line"><a name="l00473"></a><span class="lineno">  473</span>&#160;<span class="comment"> *     exponent2         INTEGER,  -- N/2-bit</span></div><div class="line"><a name="l00474"></a><span class="lineno">  474</span>&#160;<span class="comment"> *     coefficient       INTEGER,  -- N/2-bit</span></div><div class="line"><a name="l00475"></a><span class="lineno">  475</span>&#160;<span class="comment"> * }</span></div><div class="line"><a name="l00476"></a><span class="lineno">  476</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00477"></a><span class="lineno">  477</span>&#160;<span class="comment"> * - 4 bytes of SEQUENCE overhead;</span></div><div class="line"><a name="l00478"></a><span class="lineno">  478</span>&#160;<span class="comment"> * - 3 bytes of version;</span></div><div class="line"><a name="l00479"></a><span class="lineno">  479</span>&#160;<span class="comment"> * - 7 half-size INTEGERs plus 2 full-size INTEGERs,</span></div><div class="line"><a name="l00480"></a><span class="lineno">  480</span>&#160;<span class="comment"> *   overapproximated as 9 half-size INTEGERS;</span></div><div class="line"><a name="l00481"></a><span class="lineno">  481</span>&#160;<span class="comment"> * - 7 bytes for the public exponent.</span></div><div class="line"><a name="l00482"></a><span class="lineno">  482</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00483"></a><span class="lineno">  483</span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits)   \</span></div><div class="line"><a name="l00484"></a><span class="lineno">  484</span>&#160;<span class="preprocessor">    (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)</span></div><div class="line"><a name="l00485"></a><span class="lineno">  485</span>&#160;</div><div class="line"><a name="l00486"></a><span class="lineno">  486</span>&#160;<span class="comment">/* Maximum size of the export encoding of a DSA public key.</span></div><div class="line"><a name="l00487"></a><span class="lineno">  487</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00488"></a><span class="lineno">  488</span>&#160;<span class="comment"> * SubjectPublicKeyInfo  ::=  SEQUENCE  {</span></div><div class="line"><a name="l00489"></a><span class="lineno">  489</span>&#160;<span class="comment"> *      algorithm            AlgorithmIdentifier,</span></div><div class="line"><a name="l00490"></a><span class="lineno">  490</span>&#160;<span class="comment"> *      subjectPublicKey     BIT STRING  } -- contains DSAPublicKey</span></div><div class="line"><a name="l00491"></a><span class="lineno">  491</span>&#160;<span class="comment"> * AlgorithmIdentifier  ::=  SEQUENCE  {</span></div><div class="line"><a name="l00492"></a><span class="lineno">  492</span>&#160;<span class="comment"> *      algorithm               OBJECT IDENTIFIER,</span></div><div class="line"><a name="l00493"></a><span class="lineno">  493</span>&#160;<span class="comment"> *      parameters              Dss-Parms  } -- SEQUENCE of 3 INTEGERs</span></div><div class="line"><a name="l00494"></a><span class="lineno">  494</span>&#160;<span class="comment"> * DSAPublicKey  ::=  INTEGER -- public key, Y</span></div><div class="line"><a name="l00495"></a><span class="lineno">  495</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00496"></a><span class="lineno">  496</span>&#160;<span class="comment"> * - 3 * 4 bytes of SEQUENCE overhead;</span></div><div class="line"><a name="l00497"></a><span class="lineno">  497</span>&#160;<span class="comment"> * - 1 + 1 + 7 bytes of algorithm (DSA OID);</span></div><div class="line"><a name="l00498"></a><span class="lineno">  498</span>&#160;<span class="comment"> * - 4 bytes of BIT STRING overhead;</span></div><div class="line"><a name="l00499"></a><span class="lineno">  499</span>&#160;<span class="comment"> * - 3 full-size INTEGERs (p, g, y);</span></div><div class="line"><a name="l00500"></a><span class="lineno">  500</span>&#160;<span class="comment"> * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q &lt;= 256 bits).</span></div><div class="line"><a name="l00501"></a><span class="lineno">  501</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00502"></a><span class="lineno">  502</span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \</span></div><div class="line"><a name="l00503"></a><span class="lineno">  503</span>&#160;<span class="preprocessor">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)</span></div><div class="line"><a name="l00504"></a><span class="lineno">  504</span>&#160;</div><div class="line"><a name="l00505"></a><span class="lineno">  505</span>&#160;<span class="comment">/* Maximum size of the export encoding of a DSA key pair.</span></div><div class="line"><a name="l00506"></a><span class="lineno">  506</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00507"></a><span class="lineno">  507</span>&#160;<span class="comment"> * DSAPrivateKey ::= SEQUENCE {</span></div><div class="line"><a name="l00508"></a><span class="lineno">  508</span>&#160;<span class="comment"> *     version             Version,  -- 0</span></div><div class="line"><a name="l00509"></a><span class="lineno">  509</span>&#160;<span class="comment"> *     prime               INTEGER,  -- p</span></div><div class="line"><a name="l00510"></a><span class="lineno">  510</span>&#160;<span class="comment"> *     subprime            INTEGER,  -- q</span></div><div class="line"><a name="l00511"></a><span class="lineno">  511</span>&#160;<span class="comment"> *     generator           INTEGER,  -- g</span></div><div class="line"><a name="l00512"></a><span class="lineno">  512</span>&#160;<span class="comment"> *     public              INTEGER,  -- y</span></div><div class="line"><a name="l00513"></a><span class="lineno">  513</span>&#160;<span class="comment"> *     private             INTEGER,  -- x</span></div><div class="line"><a name="l00514"></a><span class="lineno">  514</span>&#160;<span class="comment"> * }</span></div><div class="line"><a name="l00515"></a><span class="lineno">  515</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00516"></a><span class="lineno">  516</span>&#160;<span class="comment"> * - 4 bytes of SEQUENCE overhead;</span></div><div class="line"><a name="l00517"></a><span class="lineno">  517</span>&#160;<span class="comment"> * - 3 bytes of version;</span></div><div class="line"><a name="l00518"></a><span class="lineno">  518</span>&#160;<span class="comment"> * - 3 full-size INTEGERs (p, g, y);</span></div><div class="line"><a name="l00519"></a><span class="lineno">  519</span>&#160;<span class="comment"> * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x &lt;= 256 bits).</span></div><div class="line"><a name="l00520"></a><span class="lineno">  520</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00521"></a><span class="lineno">  521</span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits)   \</span></div><div class="line"><a name="l00522"></a><span class="lineno">  522</span>&#160;<span class="preprocessor">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)</span></div><div class="line"><a name="l00523"></a><span class="lineno">  523</span>&#160;</div><div class="line"><a name="l00524"></a><span class="lineno">  524</span>&#160;<span class="comment">/* Maximum size of the export encoding of an ECC public key.</span></div><div class="line"><a name="l00525"></a><span class="lineno">  525</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00526"></a><span class="lineno">  526</span>&#160;<span class="comment"> * SubjectPublicKeyInfo  ::=  SEQUENCE  {</span></div><div class="line"><a name="l00527"></a><span class="lineno">  527</span>&#160;<span class="comment"> *      algorithm            AlgorithmIdentifier,</span></div><div class="line"><a name="l00528"></a><span class="lineno">  528</span>&#160;<span class="comment"> *      subjectPublicKey     BIT STRING  } -- contains ECPoint</span></div><div class="line"><a name="l00529"></a><span class="lineno">  529</span>&#160;<span class="comment"> * AlgorithmIdentifier  ::=  SEQUENCE  {</span></div><div class="line"><a name="l00530"></a><span class="lineno">  530</span>&#160;<span class="comment"> *      algorithm               OBJECT IDENTIFIER,</span></div><div class="line"><a name="l00531"></a><span class="lineno">  531</span>&#160;<span class="comment"> *      parameters              OBJECT IDENTIFIER } -- namedCurve</span></div><div class="line"><a name="l00532"></a><span class="lineno">  532</span>&#160;<span class="comment"> * ECPoint ::= ...</span></div><div class="line"><a name="l00533"></a><span class="lineno">  533</span>&#160;<span class="comment"> *    -- first 8 bits: 0x04;</span></div><div class="line"><a name="l00534"></a><span class="lineno">  534</span>&#160;<span class="comment"> *    -- then x_P as a `ceiling(m/8)`-byte string, big endian;</span></div><div class="line"><a name="l00535"></a><span class="lineno">  535</span>&#160;<span class="comment"> *    -- then y_P as a `ceiling(m/8)`-byte string, big endian;</span></div><div class="line"><a name="l00536"></a><span class="lineno">  536</span>&#160;<span class="comment"> *    -- where `m` is the bit size associated with the curve.</span></div><div class="line"><a name="l00537"></a><span class="lineno">  537</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00538"></a><span class="lineno">  538</span>&#160;<span class="comment"> * - 2 * 4 bytes of SEQUENCE overhead;</span></div><div class="line"><a name="l00539"></a><span class="lineno">  539</span>&#160;<span class="comment"> * - 1 + 1 + 7 bytes of algorithm (id-ecPublicKey OID);</span></div><div class="line"><a name="l00540"></a><span class="lineno">  540</span>&#160;<span class="comment"> * - 1 + 1 + 12 bytes of namedCurve OID;</span></div><div class="line"><a name="l00541"></a><span class="lineno">  541</span>&#160;<span class="comment"> * - 4 bytes of BIT STRING overhead;</span></div><div class="line"><a name="l00542"></a><span class="lineno">  542</span>&#160;<span class="comment"> * - 1 byte + 2 * point size in ECPoint.</span></div><div class="line"><a name="l00543"></a><span class="lineno">  543</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00544"></a><span class="lineno">  544</span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)        \</span></div><div class="line"><a name="l00545"></a><span class="lineno">  545</span>&#160;<span class="preprocessor">    (2 * PSA_BITS_TO_BYTES(key_bits) + 36)</span></div><div class="line"><a name="l00546"></a><span class="lineno">  546</span>&#160;</div><div class="line"><a name="l00547"></a><span class="lineno">  547</span>&#160;<span class="comment">/* Maximum size of the export encoding of an ECC key pair.</span></div><div class="line"><a name="l00548"></a><span class="lineno">  548</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00549"></a><span class="lineno">  549</span>&#160;<span class="comment"> * An ECC key pair is represented by the secret value.</span></div><div class="line"><a name="l00550"></a><span class="lineno">  550</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00551"></a><span class="lineno">  551</span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits)   \</span></div><div class="line"><a name="l00552"></a><span class="lineno">  552</span>&#160;<span class="preprocessor">    (PSA_BITS_TO_BYTES(key_bits))</span></div><div class="line"><a name="l00553"></a><span class="lineno">  553</span>&#160;</div><div class="line"><a name="l00610"></a><span class="lineno"><a class="line" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">  610</a></span>&#160;<span class="preprocessor">#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits)                     \</span></div><div class="line"><a name="l00611"></a><span class="lineno">  611</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \</span></div><div class="line"><a name="l00612"></a><span class="lineno">  612</span>&#160;<span class="preprocessor">     (key_type) == PSA_KEY_TYPE_RSA_KEYPAIR ? PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) : \</span></div><div class="line"><a name="l00613"></a><span class="lineno">  613</span>&#160;<span class="preprocessor">     (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \</span></div><div class="line"><a name="l00614"></a><span class="lineno">  614</span>&#160;<span class="preprocessor">     (key_type) == PSA_KEY_TYPE_DSA_KEYPAIR ? PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) : \</span></div><div class="line"><a name="l00615"></a><span class="lineno">  615</span>&#160;<span class="preprocessor">     (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \</span></div><div class="line"><a name="l00616"></a><span class="lineno">  616</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_IS_ECC_KEYPAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) : \</span></div><div class="line"><a name="l00617"></a><span class="lineno">  617</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \</span></div><div class="line"><a name="l00618"></a><span class="lineno">  618</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l00619"></a><span class="lineno">  619</span>&#160;</div><div class="line"><a name="l00620"></a><span class="lineno">  620</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* PSA_CRYPTO_SIZES_H */</span><span class="preprocessor"></span></div></div><!-- fragment --></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__types_8h.html b/docs/html/crypto__types_8h.html
deleted file mode 100644
index a7f6955..0000000
--- a/docs/html/crypto__types_8h.html
+++ /dev/null
@@ -1,155 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_types.h File Reference</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="summary">
-<a href="#typedef-members">Typedefs</a>  </div>
-  <div class="headertitle">
-<div class="title">crypto_types.h File Reference</div>  </div>
-</div><!--header-->
-<div class="contents">
-
-<p>PSA cryptography module: type aliases.  
-<a href="#details">More...</a></p>
-<div class="textblock"><code>#include &lt;stdint.h&gt;</code><br />
-</div><div class="textblock"><div class="dynheader">
-Include dependency graph for crypto_types.h:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto__types_8h__incl.png" border="0" usemap="#psa_2crypto__types_8h" alt=""/></div>
-</div>
-</div><div class="textblock"><div class="dynheader">
-This graph shows which files directly or indirectly include this file:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto__types_8h__dep__incl.png" border="0" usemap="#psa_2crypto__types_8hdep" alt=""/></div>
-<map name="psa_2crypto__types_8hdep" id="psa_2crypto__types_8hdep">
-<area shape="rect" id="node2" href="crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="25,80,119,107"/>
-</map>
-</div>
-</div>
-<p><a href="crypto__types_8h_source.html">Go to the source code of this file.</a></p>
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="memItemLeft" align="right" valign="top">typedef int32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a></td></tr>
-<tr class="memdesc:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="mdescLeft">&#160;</td><td class="mdescRight">Function return status.  <a href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">More...</a><br /></td></tr>
-<tr class="separator:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga578159487dfc7096cb191b0d2befe628"><td class="memItemLeft" align="right" valign="top">
-typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a></td></tr>
-<tr class="memdesc:ga578159487dfc7096cb191b0d2befe628"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of a key type. <br /></td></tr>
-<tr class="separator:ga578159487dfc7096cb191b0d2befe628"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4e8977c145cce5077c4bce7fec890ad9"><td class="memItemLeft" align="right" valign="top">typedef uint16_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a></td></tr>
-<tr class="separator:ga4e8977c145cce5077c4bce7fec890ad9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2e4d47f1300d73c2f829a6d99252d69"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a></td></tr>
-<tr class="memdesc:gac2e4d47f1300d73c2f829a6d99252d69"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of a cryptographic algorithm.  <a href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">More...</a><br /></td></tr>
-<tr class="separator:gac2e4d47f1300d73c2f829a6d99252d69"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6821ff6dd39dc2bc370ded760ad8b0cf"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a></td></tr>
-<tr class="separator:ga6821ff6dd39dc2bc370ded760ad8b0cf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11e986351c65bd3dc3c0fe2cd9926e4b"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a></td></tr>
-<tr class="separator:ga11e986351c65bd3dc3c0fe2cd9926e4b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="memItemLeft" align="right" valign="top">
-typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a></td></tr>
-<tr class="memdesc:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of permitted usage on a key. <br /></td></tr>
-<tr class="separator:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaac4eeacd36596c548b3a48fc06c5048b"><td class="memItemLeft" align="right" valign="top">
-typedef uint16_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a></td></tr>
-<tr class="memdesc:gaac4eeacd36596c548b3a48fc06c5048b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of the step of a key derivation. <br /></td></tr>
-<tr class="separator:gaac4eeacd36596c548b3a48fc06c5048b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<div class="textblock"><p>PSA cryptography module: type aliases. </p>
-<dl class="section note"><dt>Note</dt><dd>This file may not be included directly. Applications must include <a class="el" href="crypto_8h.html" title="Platform Security Architecture cryptography module. ">psa/crypto.h</a>. Drivers must include the appropriate driver header file.</dd></dl>
-<p>This file contains portable definitions of integral types for properties of cryptographic keys, designations of cryptographic algorithms, and error codes returned by the library.</p>
-<p>This header file does not declare any function. </p>
-</div></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__types_8h__dep__incl.map b/docs/html/crypto__types_8h__dep__incl.map
deleted file mode 100644
index 016a938..0000000
--- a/docs/html/crypto__types_8h__dep__incl.map
+++ /dev/null
@@ -1,3 +0,0 @@
-<map id="psa/crypto_types.h" name="psa/crypto_types.h">
-<area shape="rect" id="node2" href="$crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="25,80,119,107"/>
-</map>
diff --git a/docs/html/crypto__types_8h__dep__incl.md5 b/docs/html/crypto__types_8h__dep__incl.md5
deleted file mode 100644
index cc8e252..0000000
--- a/docs/html/crypto__types_8h__dep__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-19ffd65c9274efafd90318d61b94f227
\ No newline at end of file
diff --git a/docs/html/crypto__types_8h__dep__incl.png b/docs/html/crypto__types_8h__dep__incl.png
deleted file mode 100644
index c1bd721..0000000
--- a/docs/html/crypto__types_8h__dep__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto__types_8h__incl.map b/docs/html/crypto__types_8h__incl.map
deleted file mode 100644
index 11067e3..0000000
--- a/docs/html/crypto__types_8h__incl.map
+++ /dev/null
@@ -1,2 +0,0 @@
-<map id="psa/crypto_types.h" name="psa/crypto_types.h">
-</map>
diff --git a/docs/html/crypto__types_8h__incl.md5 b/docs/html/crypto__types_8h__incl.md5
deleted file mode 100644
index a8f817c..0000000
--- a/docs/html/crypto__types_8h__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-db0e3c891220b01bcf6c8127efbdc53b
\ No newline at end of file
diff --git a/docs/html/crypto__types_8h__incl.png b/docs/html/crypto__types_8h__incl.png
deleted file mode 100644
index f23f127..0000000
--- a/docs/html/crypto__types_8h__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto__types_8h_source.html b/docs/html/crypto__types_8h_source.html
deleted file mode 100644
index 6eedd36..0000000
--- a/docs/html/crypto__types_8h_source.html
+++ /dev/null
@@ -1,109 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_types.h Source File</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="headertitle">
-<div class="title">crypto_types.h</div>  </div>
-</div><!--header-->
-<div class="contents">
-<a href="crypto__types_8h.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;</div><div class="line"><a name="l00016"></a><span class="lineno">   16</span>&#160;<span class="comment">/*</span></div><div class="line"><a name="l00017"></a><span class="lineno">   17</span>&#160;<span class="comment"> *  Copyright (C) 2018, ARM Limited, All Rights Reserved</span></div><div class="line"><a name="l00018"></a><span class="lineno">   18</span>&#160;<span class="comment"> *  SPDX-License-Identifier: Apache-2.0</span></div><div class="line"><a name="l00019"></a><span class="lineno">   19</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00020"></a><span class="lineno">   20</span>&#160;<span class="comment"> *  Licensed under the Apache License, Version 2.0 (the &quot;License&quot;); you may</span></div><div class="line"><a name="l00021"></a><span class="lineno">   21</span>&#160;<span class="comment"> *  not use this file except in compliance with the License.</span></div><div class="line"><a name="l00022"></a><span class="lineno">   22</span>&#160;<span class="comment"> *  You may obtain a copy of the License at</span></div><div class="line"><a name="l00023"></a><span class="lineno">   23</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00024"></a><span class="lineno">   24</span>&#160;<span class="comment"> *  http://www.apache.org/licenses/LICENSE-2.0</span></div><div class="line"><a name="l00025"></a><span class="lineno">   25</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00026"></a><span class="lineno">   26</span>&#160;<span class="comment"> *  Unless required by applicable law or agreed to in writing, software</span></div><div class="line"><a name="l00027"></a><span class="lineno">   27</span>&#160;<span class="comment"> *  distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT</span></div><div class="line"><a name="l00028"></a><span class="lineno">   28</span>&#160;<span class="comment"> *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></div><div class="line"><a name="l00029"></a><span class="lineno">   29</span>&#160;<span class="comment"> *  See the License for the specific language governing permissions and</span></div><div class="line"><a name="l00030"></a><span class="lineno">   30</span>&#160;<span class="comment"> *  limitations under the License.</span></div><div class="line"><a name="l00031"></a><span class="lineno">   31</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00032"></a><span class="lineno">   32</span>&#160;<span class="comment"> *  This file is part of mbed TLS (https://tls.mbed.org)</span></div><div class="line"><a name="l00033"></a><span class="lineno">   33</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00034"></a><span class="lineno">   34</span>&#160;</div><div class="line"><a name="l00035"></a><span class="lineno">   35</span>&#160;<span class="preprocessor">#ifndef PSA_CRYPTO_TYPES_H</span></div><div class="line"><a name="l00036"></a><span class="lineno">   36</span>&#160;<span class="preprocessor">#define PSA_CRYPTO_TYPES_H</span></div><div class="line"><a name="l00037"></a><span class="lineno">   37</span>&#160;</div><div class="line"><a name="l00038"></a><span class="lineno">   38</span>&#160;<span class="preprocessor">#include &lt;stdint.h&gt;</span></div><div class="line"><a name="l00039"></a><span class="lineno">   39</span>&#160;</div><div class="line"><a name="l00051"></a><span class="lineno"><a class="line" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">   51</a></span>&#160;<span class="keyword">typedef</span> int32_t <a class="code" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>;</div><div class="line"><a name="l00052"></a><span class="lineno">   52</span>&#160;</div><div class="line"><a name="l00061"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">   61</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>;</div><div class="line"><a name="l00062"></a><span class="lineno">   62</span>&#160;</div><div class="line"><a name="l00064"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">   64</a></span>&#160;<span class="keyword">typedef</span> uint16_t <a class="code" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>;</div><div class="line"><a name="l00065"></a><span class="lineno">   65</span>&#160;</div><div class="line"><a name="l00074"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">   74</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>;</div><div class="line"><a name="l00075"></a><span class="lineno">   75</span>&#160;</div><div class="line"><a name="l00084"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">   84</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>;</div><div class="line"><a name="l00085"></a><span class="lineno">   85</span>&#160;</div><div class="line"><a name="l00088"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">   88</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a>;</div><div class="line"><a name="l00089"></a><span class="lineno">   89</span>&#160;</div><div class="line"><a name="l00097"></a><span class="lineno"><a class="line" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">   97</a></span>&#160;<span class="keyword">typedef</span> uint32_t <a class="code" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>;</div><div class="line"><a name="l00098"></a><span class="lineno">   98</span>&#160;</div><div class="line"><a name="l00106"></a><span class="lineno"><a class="line" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">  106</a></span>&#160;<span class="keyword">typedef</span> uint16_t <a class="code" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>;</div><div class="line"><a name="l00107"></a><span class="lineno">  107</span>&#160;</div><div class="line"><a name="l00110"></a><span class="lineno">  110</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* PSA_CRYPTO_TYPES_H */</span><span class="preprocessor"></span></div><div class="ttc" id="group__crypto__types_html_ga4e8977c145cce5077c4bce7fec890ad9"><div class="ttname"><a href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a></div><div class="ttdeci">uint16_t psa_ecc_curve_t</div><div class="ttdef"><b>Definition:</b> crypto_types.h:64</div></div>
-<div class="ttc" id="group__derivation_html_gaac4eeacd36596c548b3a48fc06c5048b"><div class="ttname"><a href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a></div><div class="ttdeci">uint16_t psa_key_derivation_step_t</div><div class="ttdoc">Encoding of the step of a key derivation. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:106</div></div>
-<div class="ttc" id="group__key__lifetimes_html_ga11e986351c65bd3dc3c0fe2cd9926e4b"><div class="ttname"><a href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a></div><div class="ttdeci">uint32_t psa_key_id_t</div><div class="ttdef"><b>Definition:</b> crypto_types.h:88</div></div>
-<div class="ttc" id="group__crypto__types_html_gac2e4d47f1300d73c2f829a6d99252d69"><div class="ttname"><a href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a></div><div class="ttdeci">uint32_t psa_algorithm_t</div><div class="ttdoc">Encoding of a cryptographic algorithm. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:74</div></div>
-<div class="ttc" id="group__policy_html_ga7bb9de71337e0e98de843aa7f9b55f25"><div class="ttname"><a href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a></div><div class="ttdeci">uint32_t psa_key_usage_t</div><div class="ttdoc">Encoding of permitted usage on a key. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:97</div></div>
-<div class="ttc" id="group__crypto__types_html_ga578159487dfc7096cb191b0d2befe628"><div class="ttname"><a href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a></div><div class="ttdeci">uint32_t psa_key_type_t</div><div class="ttdoc">Encoding of a key type. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:61</div></div>
-<div class="ttc" id="group__key__lifetimes_html_ga6821ff6dd39dc2bc370ded760ad8b0cf"><div class="ttname"><a href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a></div><div class="ttdeci">uint32_t psa_key_lifetime_t</div><div class="ttdef"><b>Definition:</b> crypto_types.h:84</div></div>
-<div class="ttc" id="group__error_html_ga05676e70ba5c6a7565aff3c36677c1f9"><div class="ttname"><a href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a></div><div class="ttdeci">int32_t psa_status_t</div><div class="ttdoc">Function return status. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:51</div></div>
-</div><!-- fragment --></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__values_8h.html b/docs/html/crypto__values_8h.html
deleted file mode 100644
index 59328e4..0000000
--- a/docs/html/crypto__values_8h.html
+++ /dev/null
@@ -1,678 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_values.h File Reference</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a>  </div>
-  <div class="headertitle">
-<div class="title">crypto_values.h File Reference</div>  </div>
-</div><!--header-->
-<div class="contents">
-
-<p>PSA cryptography module: macros to build and analyze integer values.  
-<a href="#details">More...</a></p>
-<div class="textblock"><div class="dynheader">
-This graph shows which files directly or indirectly include this file:</div>
-<div class="dyncontent">
-<div class="center"><img src="crypto__values_8h__dep__incl.png" border="0" usemap="#psa_2crypto__values_8hdep" alt=""/></div>
-<map name="psa_2crypto__values_8hdep" id="psa_2crypto__values_8hdep">
-<area shape="rect" id="node2" href="crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="27,80,122,107"/>
-</map>
-</div>
-</div>
-<p><a href="crypto__values_8h_source.html">Go to the source code of this file.</a></p>
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga4cc859e2c66ca381c7418db3527a65e1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)0)</td></tr>
-<tr class="separator:ga4cc859e2c66ca381c7418db3527a65e1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga24d5fdcdd759f846f79d9e581c63a83f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f">PSA_ERROR_UNKNOWN_ERROR</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)1)</td></tr>
-<tr class="separator:ga24d5fdcdd759f846f79d9e581c63a83f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1dcc6d130633ed5db8942257581b55dd"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)2)</td></tr>
-<tr class="separator:ga1dcc6d130633ed5db8942257581b55dd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4d1b8dd8526177a15a210b7afc1accb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)3)</td></tr>
-<tr class="separator:ga4d1b8dd8526177a15a210b7afc1accb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga695025f4ec11249aee7ea3d0f65e01c8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)4)</td></tr>
-<tr class="separator:ga695025f4ec11249aee7ea3d0f65e01c8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2fee3a51249fbea45360aaa911f3e58"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)5)</td></tr>
-<tr class="separator:gac2fee3a51249fbea45360aaa911f3e58"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaba00e3e6ceb2b12965a81e5ac02ae040"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)6)</td></tr>
-<tr class="separator:gaba00e3e6ceb2b12965a81e5ac02ae040"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga933d40fa2a591004f2e93aa91e11db84"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)7)</td></tr>
-<tr class="separator:ga933d40fa2a591004f2e93aa91e11db84"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga798df25a505ebf931f7bec1f80f1f85f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)8)</td></tr>
-<tr class="separator:ga798df25a505ebf931f7bec1f80f1f85f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga91b2ad8a867517a2651f1b076c5216e5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)9)</td></tr>
-<tr class="separator:ga91b2ad8a867517a2651f1b076c5216e5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga897a45eb206a6f6b7be7ffbe36f0d766"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)10)</td></tr>
-<tr class="separator:ga897a45eb206a6f6b7be7ffbe36f0d766"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5cdb6948371d49e916106249020ea3f7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)11)</td></tr>
-<tr class="separator:ga5cdb6948371d49e916106249020ea3f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadd169a1af2707862b95fb9df91dfc37d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">PSA_ERROR_STORAGE_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)12)</td></tr>
-<tr class="separator:gadd169a1af2707862b95fb9df91dfc37d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga08b10e70fa5ff0b05c631d9f8f6b2c6b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)13)</td></tr>
-<tr class="separator:ga08b10e70fa5ff0b05c631d9f8f6b2c6b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2c5dda1485cb54f2385cb9c1279a7004"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)14)</td></tr>
-<tr class="separator:ga2c5dda1485cb54f2385cb9c1279a7004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4deb59fec02297ec5d8b42178323f675"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)15)</td></tr>
-<tr class="separator:ga4deb59fec02297ec5d8b42178323f675"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga35927f755d232c4766de600f2c49e9f2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)16)</td></tr>
-<tr class="separator:ga35927f755d232c4766de600f2c49e9f2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabe29594edbfb152cf153975b0597ac48"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">PSA_ERROR_INVALID_PADDING</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)17)</td></tr>
-<tr class="separator:gabe29594edbfb152cf153975b0597ac48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf1fa61f72e9e5b4a848c991bea495767"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">PSA_ERROR_INSUFFICIENT_CAPACITY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)18)</td></tr>
-<tr class="separator:gaf1fa61f72e9e5b4a848c991bea495767"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadf22718935657c2c3168c228204085f9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)19)</td></tr>
-<tr class="separator:gadf22718935657c2c3168c228204085f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafce7ab2b54ce97ea5bff73f13a9f3e5b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b">PSA_KEY_TYPE_NONE</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x00000000)</td></tr>
-<tr class="separator:gafce7ab2b54ce97ea5bff73f13a9f3e5b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8dbaed2fdb1ebae8aa127ad3988516f7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x80000000)</td></tr>
-<tr class="separator:ga8dbaed2fdb1ebae8aa127ad3988516f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6eeda1b2a1550050cf68dbcac35ad8ac"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70000000)</td></tr>
-<tr class="separator:ga6eeda1b2a1550050cf68dbcac35ad8ac"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8f214beb04334be08f927f227f097ef1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_SYMMETRIC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000000)</td></tr>
-<tr class="separator:ga8f214beb04334be08f927f227f097ef1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab8af75718c5e7b8987720a3fe8abb18f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_RAW</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x50000000)</td></tr>
-<tr class="separator:gab8af75718c5e7b8987720a3fe8abb18f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58b975beeee1f937cecb71c8051c6357"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60000000)</td></tr>
-<tr class="separator:ga58b975beeee1f937cecb71c8051c6357"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga708196a91ec0384de98e092b9a16f5e8"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_KEY_PAIR</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70000000)</td></tr>
-<tr class="separator:ga708196a91ec0384de98e092b9a16f5e8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5a77cb4db2d02ffce77631339e3240f4"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x10000000)</td></tr>
-<tr class="separator:ga5a77cb4db2d02ffce77631339e3240f4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadbe4c086a6562aefe344bc79e51bdfd3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3">PSA_KEY_TYPE_IS_VENDOR_DEFINED</a>(type)&#160;&#160;&#160;(((type) &amp; <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a>) != 0)</td></tr>
-<tr class="separator:gadbe4c086a6562aefe344bc79e51bdfd3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaef86ce4e810e1c2c76068ac874bfef54"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type)</td></tr>
-<tr class="separator:gaef86ce4e810e1c2c76068ac874bfef54"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab138ae2ebf2905dfbaf4154db2620939"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type)</td></tr>
-<tr class="separator:gab138ae2ebf2905dfbaf4154db2620939"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac674a0f059bc0cb72b47f0c517b4f45b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">PSA_KEY_TYPE_IS_PUBLIC_KEY</a>(type)&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</td></tr>
-<tr class="separator:gac674a0f059bc0cb72b47f0c517b4f45b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac14c6d6e1b2b7f4a92a7b757465cff29"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29">PSA_KEY_TYPE_IS_KEYPAIR</a>(type)&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</td></tr>
-<tr class="separator:gac14c6d6e1b2b7f4a92a7b757465cff29"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf09f1ca1de6a7e7cff0fe516f3f6c91d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d">PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY</a>(type)&#160;&#160;&#160;((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td></tr>
-<tr class="separator:gaf09f1ca1de6a7e7cff0fe516f3f6c91d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gace08e46dd7cbf642d50d982a25d02bec"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type)&#160;&#160;&#160;((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td></tr>
-<tr class="separator:gace08e46dd7cbf642d50d982a25d02bec"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa97f92025533102616b32d571c940d80"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa97f92025533102616b32d571c940d80">PSA_KEY_TYPE_RAW_DATA</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x50000001)</td></tr>
-<tr class="separator:gaa97f92025533102616b32d571c940d80"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga92d989f4ca64abd00f463defd773a6f8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8">PSA_KEY_TYPE_HMAC</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x51000000)</td></tr>
-<tr class="separator:ga92d989f4ca64abd00f463defd773a6f8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae871b2357b8593f33bfd51abbf93ebb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">PSA_KEY_TYPE_DERIVE</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x52000000)</td></tr>
-<tr class="separator:gae871b2357b8593f33bfd51abbf93ebb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6ee54579dcf278c677eda4bb1a29575e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">PSA_KEY_TYPE_AES</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000001)</td></tr>
-<tr class="separator:ga6ee54579dcf278c677eda4bb1a29575e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga577562bfbbc691c820d55ec308333138"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">PSA_KEY_TYPE_DES</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000002)</td></tr>
-<tr class="separator:ga577562bfbbc691c820d55ec308333138"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8e5da742343fd5519f9d8a630c2ed81"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">PSA_KEY_TYPE_CAMELLIA</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000003)</td></tr>
-<tr class="separator:gad8e5da742343fd5519f9d8a630c2ed81"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae4d46e83f910dcaa126000a8ed03cde9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">PSA_KEY_TYPE_ARC4</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000004)</td></tr>
-<tr class="separator:gae4d46e83f910dcaa126000a8ed03cde9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9ba0878f56c8bcd1995ac017a74f513b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60010000)</td></tr>
-<tr class="separator:ga9ba0878f56c8bcd1995ac017a74f513b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga581f50687f5d650456925278948f2799"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">PSA_KEY_TYPE_RSA_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70010000)</td></tr>
-<tr class="separator:ga581f50687f5d650456925278948f2799"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0e1d8f241228e49c9cadadfb4579ef1a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga0e1d8f241228e49c9cadadfb4579ef1a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5e7439c2905136366c3a876e62e5ddfc"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60020000)</td></tr>
-<tr class="separator:ga5e7439c2905136366c3a876e62e5ddfc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga011010ee28c20388f3d89fb27088ed62"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">PSA_KEY_TYPE_DSA_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70020000)</td></tr>
-<tr class="separator:ga011010ee28c20388f3d89fb27088ed62"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga273fdfcf23eb0624f8b63d2321cf95c1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1">PSA_KEY_TYPE_IS_DSA</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga273fdfcf23eb0624f8b63d2321cf95c1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8d37a32a305dda9fb4af1707aace47c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60030000)</td></tr>
-<tr class="separator:gad8d37a32a305dda9fb4af1707aace47c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6754658749714c6ac674bdf6d2d40767"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_KEYPAIR_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70030000)</td></tr>
-<tr class="separator:ga6754658749714c6ac674bdf6d2d40767"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadc2a3c0041ac1d0a2b6f421d8e089b25"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_CURVE_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x0000ffff)</td></tr>
-<tr class="separator:gadc2a3c0041ac1d0a2b6f421d8e089b25"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadf3ad65d157bf5282849c954bf3f51af"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af">PSA_KEY_TYPE_ECC_KEYPAIR</a>(curve)&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))</td></tr>
-<tr class="separator:gadf3ad65d157bf5282849c954bf3f51af"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad54c03d3b47020e571a72cd01d978cf2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve)&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</td></tr>
-<tr class="separator:gad54c03d3b47020e571a72cd01d978cf2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga88e01fa06b585654689a99bcc06bbe66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a>(type)</td></tr>
-<tr class="separator:ga88e01fa06b585654689a99bcc06bbe66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7bf101b671e8cf26f4cb08fcb679db4b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">PSA_KEY_TYPE_IS_ECC_KEYPAIR</a>(type)</td></tr>
-<tr class="separator:ga7bf101b671e8cf26f4cb08fcb679db4b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5af146a173b0c84d7e737e2fb6a3c0a7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(type)</td></tr>
-<tr class="separator:ga5af146a173b0c84d7e737e2fb6a3c0a7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0c567210e6f80aa8f2aa87efa7a3a3f9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9">PSA_KEY_TYPE_GET_CURVE</a>(type)</td></tr>
-<tr class="separator:ga0c567210e6f80aa8f2aa87efa7a3a3f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4201013d5947c375fae7311b0f98bac7"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0001)</td></tr>
-<tr class="separator:ga4201013d5947c375fae7311b0f98bac7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaca8816b785f492a8795b5276977d1369"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0002)</td></tr>
-<tr class="separator:gaca8816b785f492a8795b5276977d1369"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4ab7a853ceb3ad0a525ecb571633a1ca"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0003)</td></tr>
-<tr class="separator:ga4ab7a853ceb3ad0a525ecb571633a1ca"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac9fd11da90ca67649a5f51a158afe5f3"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT193R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0004)</td></tr>
-<tr class="separator:gac9fd11da90ca67649a5f51a158afe5f3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7a77f5e385f6439dae5857a7f35756eb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT193R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0005)</td></tr>
-<tr class="separator:ga7a77f5e385f6439dae5857a7f35756eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga36e409c36983e41db5db202b1d2095b5"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT233K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0006)</td></tr>
-<tr class="separator:ga36e409c36983e41db5db202b1d2095b5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga54997a9f8ef752c6d717171e01c31019"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT233R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0007)</td></tr>
-<tr class="separator:ga54997a9f8ef752c6d717171e01c31019"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaabccf2759188c3e98d82faa5d8dfcd8c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT239K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0008)</td></tr>
-<tr class="separator:gaabccf2759188c3e98d82faa5d8dfcd8c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga28c765d75773b5fe083219e7c0b054f9"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT283K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0009)</td></tr>
-<tr class="separator:ga28c765d75773b5fe083219e7c0b054f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd8ecacea0d9e7e1a0247c047baf3372"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT283R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000a)</td></tr>
-<tr class="separator:gafd8ecacea0d9e7e1a0247c047baf3372"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2bf301617cc84a6f2b36a86cc29eaf4d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT409K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000b)</td></tr>
-<tr class="separator:ga2bf301617cc84a6f2b36a86cc29eaf4d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae41caa1cc16d3c35769b6edcb62c8957"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT409R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000c)</td></tr>
-<tr class="separator:gae41caa1cc16d3c35769b6edcb62c8957"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2043aa519549a6194d132d81816879bc"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT571K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000d)</td></tr>
-<tr class="separator:ga2043aa519549a6194d132d81816879bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1607d2cb9591b56dbe1295bedc33e19e"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT571R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000e)</td></tr>
-<tr class="separator:ga1607d2cb9591b56dbe1295bedc33e19e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2ad14935d244d93ee0e4cfe9b1f218a4"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000f)</td></tr>
-<tr class="separator:ga2ad14935d244d93ee0e4cfe9b1f218a4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga35ed41203039e94eb4855cc70f28f7f0"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0010)</td></tr>
-<tr class="separator:ga35ed41203039e94eb4855cc70f28f7f0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac465f57c34914a01aea8c220a613dfe6"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0011)</td></tr>
-<tr class="separator:gac465f57c34914a01aea8c220a613dfe6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58c806d45ab350287ddc49da833bd558"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP192K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0012)</td></tr>
-<tr class="separator:ga58c806d45ab350287ddc49da833bd558"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5aa3ceff4603fa3fafd8f2286c5d3e4a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP192R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0013)</td></tr>
-<tr class="separator:ga5aa3ceff4603fa3fafd8f2286c5d3e4a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabfaaab2eaab0ac360e41c1aff6133cdf"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP224K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0014)</td></tr>
-<tr class="separator:gabfaaab2eaab0ac360e41c1aff6133cdf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8d1d21b6b87ba4158235b876ae79031d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP224R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0015)</td></tr>
-<tr class="separator:ga8d1d21b6b87ba4158235b876ae79031d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaa61941f815aff976a1debd910b1704c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP256K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0016)</td></tr>
-<tr class="separator:gaaa61941f815aff976a1debd910b1704c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11224270225c2b2dbfa2ab01073a4e93"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP256R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0017)</td></tr>
-<tr class="separator:ga11224270225c2b2dbfa2ab01073a4e93"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3e870a36493143507a01a28c70790fa3"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP384R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0018)</td></tr>
-<tr class="separator:ga3e870a36493143507a01a28c70790fa3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4482ff6155006ff509071c32ce263fdf"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP521R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0019)</td></tr>
-<tr class="separator:ga4482ff6155006ff509071c32ce263fdf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa999b69c56af0cc1cebf4596f8578191"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P256R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001a)</td></tr>
-<tr class="separator:gaa999b69c56af0cc1cebf4596f8578191"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga79f95ed8050f2dc7750cbac212c6e687"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P384R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001b)</td></tr>
-<tr class="separator:ga79f95ed8050f2dc7750cbac212c6e687"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa03a2dc6096f336be3d68a1f7405e86c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P512R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001c)</td></tr>
-<tr class="separator:gaa03a2dc6096f336be3d68a1f7405e86c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac94faf3b8d9884221541f51f26b11c7a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_CURVE25519</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001d)</td></tr>
-<tr class="separator:gac94faf3b8d9884221541f51f26b11c7a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga902b0e91eff920873b3b59c740854305"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_CURVE448</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001e)</td></tr>
-<tr class="separator:ga902b0e91eff920873b3b59c740854305"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga325a340d7c72d99d3a678eb210bf6e0a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60040000)</td></tr>
-<tr class="separator:ga325a340d7c72d99d3a678eb210bf6e0a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga39b63c6b97a62a316c0660bf72b2fdd5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5">PSA_KEY_TYPE_DH_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70040000)</td></tr>
-<tr class="separator:ga39b63c6b97a62a316c0660bf72b2fdd5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga248ae35c0e2becaebbf479fc1c3a3b0e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga248ae35c0e2becaebbf479fc1c3a3b0e">PSA_KEY_TYPE_IS_DH</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga248ae35c0e2becaebbf479fc1c3a3b0e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacaa366bdeb0413e63e87a667c5457b2e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">PSA_BLOCK_CIPHER_BLOCK_SIZE</a>(type)</td></tr>
-<tr class="separator:gacaa366bdeb0413e63e87a667c5457b2e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf5d76750b6cfe3e7f0c8e9eee1162318"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_VENDOR_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x80000000)</td></tr>
-<tr class="separator:gaf5d76750b6cfe3e7f0c8e9eee1162318"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga25e918c465b4421dbfaedad6b693d110"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x7f000000)</td></tr>
-<tr class="separator:ga25e918c465b4421dbfaedad6b693d110"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd048e1835b80e6daaff7fddce699757"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_HASH</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000000)</td></tr>
-<tr class="separator:gafd048e1835b80e6daaff7fddce699757"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5e6e0039d0b0d18afb3e13e5b9602b3a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_MAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02000000)</td></tr>
-<tr class="separator:ga5e6e0039d0b0d18afb3e13e5b9602b3a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga68228a619db59eba93fd13e9129dbfe2"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_CIPHER</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04000000)</td></tr>
-<tr class="separator:ga68228a619db59eba93fd13e9129dbfe2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga37fdd9cac2552f1568f38e091a826549"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_AEAD</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06000000)</td></tr>
-<tr class="separator:ga37fdd9cac2552f1568f38e091a826549"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga68a0af1dd89b33fb1e53139f654988f6"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_SIGN</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10000000)</td></tr>
-<tr class="separator:ga68a0af1dd89b33fb1e53139f654988f6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga72f46c8256b760b174e6db61a61cd608"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12000000)</td></tr>
-<tr class="separator:ga72f46c8256b760b174e6db61a61cd608"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac185b2274dd4e5f0b97c43334c2e478f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_KEY_DERIVATION</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000000)</td></tr>
-<tr class="separator:gac185b2274dd4e5f0b97c43334c2e478f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga808e397a4891c612df4a5b20eebc2fac"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_KEY_AGREEMENT</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30000000)</td></tr>
-<tr class="separator:ga808e397a4891c612df4a5b20eebc2fac"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2396d8ba67096b3ebc69bc351a74c78b"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_VENDOR_DEFINED</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_VENDOR_FLAG) != 0)</td></tr>
-<tr class="separator:ga2396d8ba67096b3ebc69bc351a74c78b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac9280662bb482590b4b33d1dcd32930f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</td></tr>
-<tr class="separator:gac9280662bb482590b4b33d1dcd32930f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaca7aee4c9dde316b3b1a150a26eab776"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</td></tr>
-<tr class="separator:gaca7aee4c9dde316b3b1a150a26eab776"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d1a5a402ad89a2e68f12bfb535490eb"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">PSA_ALG_IS_CIPHER</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</td></tr>
-<tr class="separator:ga1d1a5a402ad89a2e68f12bfb535490eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d44829d60065eaa4ac9a703e7d6abc8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</td></tr>
-<tr class="separator:ga1d44829d60065eaa4ac9a703e7d6abc8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d490d0904e0698f6c1268a89d72ff31"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">PSA_ALG_IS_SIGN</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</td></tr>
-<tr class="separator:ga6d490d0904e0698f6c1268a89d72ff31"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga41d2ee937d54efd76bd54a97b2ebc08a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</td></tr>
-<tr class="separator:ga41d2ee937d54efd76bd54a97b2ebc08a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga59753742cb06553bd22751bbef472b6f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)</td></tr>
-<tr class="separator:ga59753742cb06553bd22751bbef472b6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf8b90c648aa53dbd06c236695e300cd0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</td></tr>
-<tr class="separator:gaf8b90c648aa53dbd06c236695e300cd0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac41a7077aef55bb20c629c8949d43c57"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HASH_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x000000ff)</td></tr>
-<tr class="separator:gac41a7077aef55bb20c629c8949d43c57"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab076ca67238cb4ebd81556db8f3dbac1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000001)</td></tr>
-<tr class="separator:gab076ca67238cb4ebd81556db8f3dbac1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaac7ab8c28c117ef4ddf01affc8d3ceb2"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD4</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000002)</td></tr>
-<tr class="separator:gaac7ab8c28c117ef4ddf01affc8d3ceb2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gade591d9286d23382eb5cec099c84180d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD5</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000003)</td></tr>
-<tr class="separator:gade591d9286d23382eb5cec099c84180d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6c5d3a32cda59086f07b85ef007033dd"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RIPEMD160</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000004)</td></tr>
-<tr class="separator:ga6c5d3a32cda59086f07b85ef007033dd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3fca4e9f9ad4a1158817d1850dee82e5"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_SHA_1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000005)</td></tr>
-<tr class="separator:ga3fca4e9f9ad4a1158817d1850dee82e5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga25d6a3244d10a7148fe6b026d1979f7b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">PSA_ALG_SHA_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000008)</td></tr>
-<tr class="separator:ga25d6a3244d10a7148fe6b026d1979f7b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga619471f978e13cdd0a1e37145e4bf341"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">PSA_ALG_SHA_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000009)</td></tr>
-<tr class="separator:ga619471f978e13cdd0a1e37145e4bf341"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58af64dd9a86a287e8da9ed7739eead4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">PSA_ALG_SHA_384</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000a)</td></tr>
-<tr class="separator:ga58af64dd9a86a287e8da9ed7739eead4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafba3ae409f46d3dd7f37a0910660c3e9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">PSA_ALG_SHA_512</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000b)</td></tr>
-<tr class="separator:gafba3ae409f46d3dd7f37a0910660c3e9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3fe2d7c3c80e3186ca78d16a35d5d931"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">PSA_ALG_SHA_512_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000c)</td></tr>
-<tr class="separator:ga3fe2d7c3c80e3186ca78d16a35d5d931"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5910b3964c14e9613e8643a45b09c2d4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">PSA_ALG_SHA_512_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000d)</td></tr>
-<tr class="separator:ga5910b3964c14e9613e8643a45b09c2d4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga16f5fe34ccce68c2fada1224c054a999"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">PSA_ALG_SHA3_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000010)</td></tr>
-<tr class="separator:ga16f5fe34ccce68c2fada1224c054a999"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaace70d9515489bbe3c5e7ac1b7d9155b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">PSA_ALG_SHA3_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000011)</td></tr>
-<tr class="separator:gaace70d9515489bbe3c5e7ac1b7d9155b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab0f079257ea75e2acfe2fc3b38c78cd8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">PSA_ALG_SHA3_384</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000012)</td></tr>
-<tr class="separator:gab0f079257ea75e2acfe2fc3b38c78cd8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga37e5dbe936dddb155e76f2997de27188"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">PSA_ALG_SHA3_512</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000013)</td></tr>
-<tr class="separator:ga37e5dbe936dddb155e76f2997de27188"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa1288ea8bd397a8a3f5e19e94110f2e4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x010000ff)</td></tr>
-<tr class="separator:gaa1288ea8bd397a8a3f5e19e94110f2e4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabba3fcfee55533b0e25350e78a942e07"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MAC_SUBCATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00c00000)</td></tr>
-<tr class="separator:gabba3fcfee55533b0e25350e78a942e07"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0675192b82720fb8c9037a95bdeb6c88"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HMAC_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02800000)</td></tr>
-<tr class="separator:ga0675192b82720fb8c9037a95bdeb6c88"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga70f397425684b3efcde1e0e34c28261f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">PSA_ALG_HMAC</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga70f397425684b3efcde1e0e34c28261f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaee84269106a947cb6ac353e15e6c4687"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HMAC_GET_HASH</b>(hmac_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hmac_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gaee84269106a947cb6ac353e15e6c4687"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4a050c3c3cbc6eb96418f18847601c8a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">PSA_ALG_IS_HMAC</a>(alg)</td></tr>
-<tr class="separator:ga4a050c3c3cbc6eb96418f18847601c8a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8c48784065c65c623a21b9a3ccc56b1d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MAC_TRUNCATION_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00003f00)</td></tr>
-<tr class="separator:ga8c48784065c65c623a21b9a3ccc56b1d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6db5ce573e6ad52068aba31c3afdce31"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_MAC_TRUNCATION_OFFSET</b>&#160;&#160;&#160;8</td></tr>
-<tr class="separator:ga6db5ce573e6ad52068aba31c3afdce31"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf36137110baf7bb13c5028fd62c64276"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276">PSA_ALG_TRUNCATED_MAC</a>(alg,  mac_length)</td></tr>
-<tr class="separator:gaf36137110baf7bb13c5028fd62c64276"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa05a8d99634f3350597ac9284fb70cb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1">PSA_ALG_FULL_LENGTH_MAC</a>(alg)&#160;&#160;&#160;((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</td></tr>
-<tr class="separator:gaa05a8d99634f3350597ac9284fb70cb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab03726c4476174e019a08e2a04018ce8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">PSA_MAC_TRUNCATED_LENGTH</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</td></tr>
-<tr class="separator:gab03726c4476174e019a08e2a04018ce8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaee0c29980b08305f6d0e7b3fbb588ade"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_MAC_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00000)</td></tr>
-<tr class="separator:gaee0c29980b08305f6d0e7b3fbb588ade"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga20bdc755de7b90f6621ccb1e6bb5d9e1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CBC_MAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00001)</td></tr>
-<tr class="separator:ga20bdc755de7b90f6621ccb1e6bb5d9e1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga146328a1e0023a02464e232d6ecefdc2"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CMAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00002)</td></tr>
-<tr class="separator:ga146328a1e0023a02464e232d6ecefdc2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga69a012ce150219a2d97c3ab5582f0004"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_GMAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00003)</td></tr>
-<tr class="separator:ga69a012ce150219a2d97c3ab5582f0004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae49d1eb601125d65a5c5b252aa45479e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg)</td></tr>
-<tr class="separator:gae49d1eb601125d65a5c5b252aa45479e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac79618293c4254143caa75f6c5c82fa1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_STREAM_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00800000)</td></tr>
-<tr class="separator:gac79618293c4254143caa75f6c5c82fa1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabc80d19d140032e3b138db4ed37d0bd7"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_FROM_BLOCK_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00400000)</td></tr>
-<tr class="separator:gabc80d19d140032e3b138db4ed37d0bd7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacfec68e0c6175e02e1b2ebc97df383c0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0">PSA_ALG_IS_STREAM_CIPHER</a>(alg)</td></tr>
-<tr class="separator:gacfec68e0c6175e02e1b2ebc97df383c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab6a5284decb0e5e1b5b8740a41ef3c5e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e">PSA_ALG_ARC4</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04800001)</td></tr>
-<tr class="separator:gab6a5284decb0e5e1b5b8740a41ef3c5e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad318309706a769cffdc64e4c7e06b2e9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">PSA_ALG_CTR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00001)</td></tr>
-<tr class="separator:gad318309706a769cffdc64e4c7e06b2e9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0088c933e01d671f263a9a1f177cb5bc"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CFB</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00002)</td></tr>
-<tr class="separator:ga0088c933e01d671f263a9a1f177cb5bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae96bb421fa634c6fa8f571f0112f1ddb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_OFB</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00003)</td></tr>
-<tr class="separator:gae96bb421fa634c6fa8f571f0112f1ddb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa722c0e426a797fd6d99623f59748125"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125">PSA_ALG_XTS</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x044000ff)</td></tr>
-<tr class="separator:gaa722c0e426a797fd6d99623f59748125"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacb332d72716958880ee7f97d8365ae66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66">PSA_ALG_CBC_NO_PADDING</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600100)</td></tr>
-<tr class="separator:gacb332d72716958880ee7f97d8365ae66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaef50d2e9716eb6d476046608e4e0c78c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c">PSA_ALG_CBC_PKCS7</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600101)</td></tr>
-<tr class="separator:gaef50d2e9716eb6d476046608e4e0c78c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2c0e7d21f1b2df5e76bcb4a8f84273c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">PSA_ALG_CCM</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001001)</td></tr>
-<tr class="separator:gac2c0e7d21f1b2df5e76bcb4a8f84273c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0d7d02b15aaae490d38277d99f1c637c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c">PSA_ALG_GCM</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001002)</td></tr>
-<tr class="separator:ga0d7d02b15aaae490d38277d99f1c637c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga575d9082463a06a86c2a22dd63c2e772"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_AEAD_TAG_LENGTH_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00003f00)</td></tr>
-<tr class="separator:ga575d9082463a06a86c2a22dd63c2e772"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga987d416146048906d40dd1d9572e3193"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_AEAD_TAG_LENGTH_OFFSET</b>&#160;&#160;&#160;8</td></tr>
-<tr class="separator:ga987d416146048906d40dd1d9572e3193"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa63c520b62ab001d54d28801742fc9db"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">PSA_ALG_AEAD_WITH_TAG_LENGTH</a>(alg,  tag_length)</td></tr>
-<tr class="separator:gaa63c520b62ab001d54d28801742fc9db"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaddea507e062250cda8a29407a9480d2b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</a>(alg)</td></tr>
-<tr class="separator:gaddea507e062250cda8a29407a9480d2b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6e52012ca3be6acb4c756c372f18c3eb"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</b>(alg,  ref)</td></tr>
-<tr class="separator:ga6e52012ca3be6acb4c756c372f18c3eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga819b23c9899e92e9f867c7b2ae8f264c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_PKCS1V15_SIGN_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10020000)</td></tr>
-<tr class="separator:ga819b23c9899e92e9f867c7b2ae8f264c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga702ff75385a6ae7d4247033f479439af"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga702ff75385a6ae7d4247033f479439af"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4215e2a78dcf834e9a625927faa2a817"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a>&#160;&#160;&#160;PSA_ALG_RSA_PKCS1V15_SIGN_BASE</td></tr>
-<tr class="separator:ga4215e2a78dcf834e9a625927faa2a817"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9d545279f23d43b1b2a744d0dd6826d0"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_PKCS1V15_SIGN</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)</td></tr>
-<tr class="separator:ga9d545279f23d43b1b2a744d0dd6826d0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga49d39a343790971b7a74644f4faea0c0"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_PSS_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10030000)</td></tr>
-<tr class="separator:ga49d39a343790971b7a74644f4faea0c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga62152bf4cb4bf6aace5e1be8f143564d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">PSA_ALG_RSA_PSS</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga62152bf4cb4bf6aace5e1be8f143564d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafa04fae7393a76d5161558768cb82a78"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_PSS</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)</td></tr>
-<tr class="separator:gafa04fae7393a76d5161558768cb82a78"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga863284106894476e3a8524805410b55b"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10040000)</td></tr>
-<tr class="separator:ga863284106894476e3a8524805410b55b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9a68efdddff5ae95f104a1416b12742e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e">PSA_ALG_DSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga9a68efdddff5ae95f104a1416b12742e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad3800dafc62d6a17bcae4bce98402e68"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DETERMINISTIC_DSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10050000)</td></tr>
-<tr class="separator:gad3800dafc62d6a17bcae4bce98402e68"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d2a96f788cce4f8fc156d13342e70de"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_DETERMINISTIC_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00010000)</td></tr>
-<tr class="separator:ga1d2a96f788cce4f8fc156d13342e70de"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab8eb98fb6d2e094e47f3b44dfe128f94"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab8eb98fb6d2e094e47f3b44dfe128f94">PSA_ALG_DETERMINISTIC_DSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gab8eb98fb6d2e094e47f3b44dfe128f94"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacfc3cd50ef0c4bf694cf936079bcbaee"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DSA</b>(alg)</td></tr>
-<tr class="separator:gacfc3cd50ef0c4bf694cf936079bcbaee"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae01ae792228c16eac05102f8e900efd1"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_IS_DETERMINISTIC</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</td></tr>
-<tr class="separator:gae01ae792228c16eac05102f8e900efd1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11f7d6fe7a4441143ed398420b7d1980"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DETERMINISTIC_DSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_DSA(alg) &amp;&amp; PSA_ALG_DSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:ga11f7d6fe7a4441143ed398420b7d1980"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga474c0582c4726d0c0274e470f4199cf9"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RANDOMIZED_DSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_DSA(alg) &amp;&amp; !PSA_ALG_DSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:ga474c0582c4726d0c0274e470f4199cf9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd9800fdbe6ea881e0ac0ce03d145928"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_ECDSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10060000)</td></tr>
-<tr class="separator:gafd9800fdbe6ea881e0ac0ce03d145928"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7e3ce9f514a227d5ba5d8318870452e3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga7e3ce9f514a227d5ba5d8318870452e3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga51d6b6044a62e33cae0cf64bfc3b22a4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4">PSA_ALG_ECDSA_ANY</a>&#160;&#160;&#160;PSA_ALG_ECDSA_BASE</td></tr>
-<tr class="separator:ga51d6b6044a62e33cae0cf64bfc3b22a4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6c08b65200140aeb46ee9db9c8ed878c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DETERMINISTIC_ECDSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10070000)</td></tr>
-<tr class="separator:ga6c08b65200140aeb46ee9db9c8ed878c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11da566bcd341661c8de921e2ca5ed03"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga11da566bcd341661c8de921e2ca5ed03"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafb92dc138c9d2388033ff5fc1dab7b48"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_ECDSA</b>(alg)</td></tr>
-<tr class="separator:gafb92dc138c9d2388033ff5fc1dab7b48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaced29d8e3a1740aaec01e9ef8211df4f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_ECDSA_IS_DETERMINISTIC</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</td></tr>
-<tr class="separator:gaced29d8e3a1740aaec01e9ef8211df4f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacd8766fe0fb8c1e2d32644e0d092c43a"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DETERMINISTIC_ECDSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_ECDSA(alg) &amp;&amp; PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:gacd8766fe0fb8c1e2d32644e0d092c43a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae7b0fafebd139f6f815285b7cad622ea"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RANDOMIZED_ECDSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_ECDSA(alg) &amp;&amp; !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:gae7b0fafebd139f6f815285b7cad622ea"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8a8ea0536975363b66410cdeafe38b6"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">PSA_ALG_IS_HASH_AND_SIGN</a>(alg)</td></tr>
-<tr class="separator:gad8a8ea0536975363b66410cdeafe38b6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga24cf6d7bcd2b9aeeeff86f07b6c674e3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">PSA_ALG_SIGN_GET_HASH</a>(alg)</td></tr>
-<tr class="separator:ga24cf6d7bcd2b9aeeeff86f07b6c674e3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4c540d3abe43fb9abcb94f2bc51acef9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9">PSA_ALG_RSA_PKCS1V15_CRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12020000)</td></tr>
-<tr class="separator:ga4c540d3abe43fb9abcb94f2bc51acef9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga67ba62fbd154f5d3098866ae68ba66eb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_OAEP_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12030000)</td></tr>
-<tr class="separator:ga67ba62fbd154f5d3098866ae68ba66eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa1235dc3fdd9839c6c1b1a9857344c76"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76">PSA_ALG_RSA_OAEP</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gaa1235dc3fdd9839c6c1b1a9857344c76"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9a85c05fd5c39ca63bbc47fb0755da39"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_OAEP</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)</td></tr>
-<tr class="separator:ga9a85c05fd5c39ca63bbc47fb0755da39"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae6b0b87aabe82a1b3113824f022c52e8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_OAEP_GET_HASH</b>(alg)</td></tr>
-<tr class="separator:gae6b0b87aabe82a1b3113824f022c52e8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga85fe668f95a1e65b573dc5acb798be6f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HKDF_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000100)</td></tr>
-<tr class="separator:ga85fe668f95a1e65b573dc5acb798be6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga32a888fb360e6e25cab8a343772c4a82"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82">PSA_ALG_HKDF</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga32a888fb360e6e25cab8a343772c4a82"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1979d0a76fcee6164cf2e65960f38db2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2">PSA_ALG_IS_HKDF</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</td></tr>
-<tr class="separator:ga1979d0a76fcee6164cf2e65960f38db2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga643df48b529b176995927b697ff07a4c"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HKDF_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga643df48b529b176995927b697ff07a4c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadb328698047e32da8e16551b28b50a35"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PRF_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000200)</td></tr>
-<tr class="separator:gadb328698047e32da8e16551b28b50a35"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d5623c2ccda1d4a84e34351af8382d5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5">PSA_ALG_TLS12_PRF</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga6d5623c2ccda1d4a84e34351af8382d5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa3c18890c50222e5219f40ade8927e66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66">PSA_ALG_IS_TLS12_PRF</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</td></tr>
-<tr class="separator:gaa3c18890c50222e5219f40ade8927e66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga403b2695655c7e03d6c07c061c606ab7"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PRF_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga403b2695655c7e03d6c07c061c606ab7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaca4b1953a3f31f1a285a48454aa4a6f"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PSK_TO_MS_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000300)</td></tr>
-<tr class="separator:gaaca4b1953a3f31f1a285a48454aa4a6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga039ec797f15d1635d9b2e09a611f8a68"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga039ec797f15d1635d9b2e09a611f8a68"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab25ecc074a93fd11069bedfbba5a287b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</td></tr>
-<tr class="separator:gab25ecc074a93fd11069bedfbba5a287b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga49f873d8cf9fb0042118e626330eec9d"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga49f873d8cf9fb0042118e626330eec9d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga914b52f4be62633b3350c5e03bf32ecb"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_DERIVATION_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x080fffff)</td></tr>
-<tr class="separator:ga914b52f4be62633b3350c5e03bf32ecb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad39afc70a46a0ed399e3a1b931fd108b"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10f00000)</td></tr>
-<tr class="separator:gad39afc70a46a0ed399e3a1b931fd108b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga78bb81cffb87a635c247725eeb2a2682"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga78bb81cffb87a635c247725eeb2a2682">PSA_ALG_KEY_AGREEMENT</a>(ka_alg,  kdf_alg)&#160;&#160;&#160;((ka_alg) | (kdf_alg))</td></tr>
-<tr class="separator:ga78bb81cffb87a635c247725eeb2a2682"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga56c1189add62b59e8e6a28a809b57037"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_GET_KDF</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)</td></tr>
-<tr class="separator:ga56c1189add62b59e8e6a28a809b57037"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf837c55ba698b488b6e63300e3470abf"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_GET_BASE</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)</td></tr>
-<tr class="separator:gaf837c55ba698b488b6e63300e3470abf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa40ab362ce141ce541d69b2eb1f41438"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(alg)</td></tr>
-<tr class="separator:gaa40ab362ce141ce541d69b2eb1f41438"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga14529588c008091de0ad2716170dbd48"><td class="memItemLeft" align="right" valign="top">
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</b>(alg)&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(alg) || <a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(alg)))</td></tr>
-<tr class="separator:ga14529588c008091de0ad2716170dbd48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0ebbb6f93a05b6511e6f108ffd2d1eb4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4">PSA_ALG_FFDH</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30100000)</td></tr>
-<tr class="separator:ga0ebbb6f93a05b6511e6f108ffd2d1eb4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa3cf76164cd9375af4fb8a291078a19e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e">PSA_ALG_IS_FFDH</a>(alg)&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == <a class="el" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4">PSA_ALG_FFDH</a>)</td></tr>
-<tr class="separator:gaa3cf76164cd9375af4fb8a291078a19e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab2dbcf71b63785e7dd7b54a100edee43"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43">PSA_ALG_ECDH</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30200000)</td></tr>
-<tr class="separator:gab2dbcf71b63785e7dd7b54a100edee43"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9d9b6533d2a6bea7bac7ae01facb820d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d">PSA_ALG_IS_ECDH</a>(alg)&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == <a class="el" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43">PSA_ALG_ECDH</a>)</td></tr>
-<tr class="separator:ga9d9b6533d2a6bea7bac7ae01facb820d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacf83d7430e82b97cecb8b26ca6fa1426"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacf83d7430e82b97cecb8b26ca6fa1426">PSA_ALG_IS_WILDCARD</a>(alg)</td></tr>
-<tr class="separator:gacf83d7430e82b97cecb8b26ca6fa1426"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8b438870ba69489b685730d346455108"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">PSA_KEY_LIFETIME_VOLATILE</a>&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000000)</td></tr>
-<tr class="separator:ga8b438870ba69489b685730d346455108"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3713a01c5fcd5f7eae46ff22ceaf6d02"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02">PSA_KEY_LIFETIME_PERSISTENT</a>&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000001)</td></tr>
-<tr class="separator:ga3713a01c5fcd5f7eae46ff22ceaf6d02"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7dddccdd1303176e87a4d20c87b589ed"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed">PSA_KEY_USAGE_EXPORT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000001)</td></tr>
-<tr class="separator:ga7dddccdd1303176e87a4d20c87b589ed"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga75153b296d045d529d97203a6a995dad"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga75153b296d045d529d97203a6a995dad">PSA_KEY_USAGE_ENCRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000100)</td></tr>
-<tr class="separator:ga75153b296d045d529d97203a6a995dad"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac3f2d2e5983db1edde9f142ca9bf8e6a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a">PSA_KEY_USAGE_DECRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000200)</td></tr>
-<tr class="separator:gac3f2d2e5983db1edde9f142ca9bf8e6a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga99b9f456cf59efc4b5579465407aef5a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga99b9f456cf59efc4b5579465407aef5a">PSA_KEY_USAGE_SIGN</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000400)</td></tr>
-<tr class="separator:ga99b9f456cf59efc4b5579465407aef5a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga39b54ffd5958b69634607924fa53cea6"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga39b54ffd5958b69634607924fa53cea6">PSA_KEY_USAGE_VERIFY</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000800)</td></tr>
-<tr class="separator:ga39b54ffd5958b69634607924fa53cea6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf19022acc5ef23cf12477f632b48a0b2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2">PSA_KEY_USAGE_DERIVE</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00001000)</td></tr>
-<tr class="separator:gaf19022acc5ef23cf12477f632b48a0b2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga90a1995a41e26ed5ca30d2d4641d1168"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168">PSA_KDF_STEP_SECRET</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0101)</td></tr>
-<tr class="separator:ga90a1995a41e26ed5ca30d2d4641d1168"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9f4da10191bcb690b88756ed8470b03c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga9f4da10191bcb690b88756ed8470b03c">PSA_KDF_STEP_LABEL</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0201)</td></tr>
-<tr class="separator:ga9f4da10191bcb690b88756ed8470b03c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga384777dac55791d8f3a1af72c847b327"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327">PSA_KDF_STEP_SALT</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0202)</td></tr>
-<tr class="separator:ga384777dac55791d8f3a1af72c847b327"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga836afe760bbda3dafc6c29631560b1a0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0">PSA_KDF_STEP_INFO</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0203)</td></tr>
-<tr class="separator:ga836afe760bbda3dafc6c29631560b1a0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<div class="textblock"><p>PSA cryptography module: macros to build and analyze integer values. </p>
-<dl class="section note"><dt>Note</dt><dd>This file may not be included directly. Applications must include <a class="el" href="crypto_8h.html" title="Platform Security Architecture cryptography module. ">psa/crypto.h</a>. Drivers must include the appropriate driver header file.</dd></dl>
-<p>This file contains portable definitions of macros to build and analyze values of integral types that encode properties of cryptographic keys, designations of cryptographic algorithms, and error codes returned by the library.</p>
-<p>This header file only defines preprocessor macros. </p>
-</div></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/crypto__values_8h__dep__incl.map b/docs/html/crypto__values_8h__dep__incl.map
deleted file mode 100644
index 654328e..0000000
--- a/docs/html/crypto__values_8h__dep__incl.map
+++ /dev/null
@@ -1,3 +0,0 @@
-<map id="psa/crypto_values.h" name="psa/crypto_values.h">
-<area shape="rect" id="node2" href="$crypto_8h.html" title="Platform Security Architecture cryptography module. " alt="" coords="27,80,122,107"/>
-</map>
diff --git a/docs/html/crypto__values_8h__dep__incl.md5 b/docs/html/crypto__values_8h__dep__incl.md5
deleted file mode 100644
index e8f7acd..0000000
--- a/docs/html/crypto__values_8h__dep__incl.md5
+++ /dev/null
@@ -1 +0,0 @@
-683c96d3969716390891af2081e47531
\ No newline at end of file
diff --git a/docs/html/crypto__values_8h__dep__incl.png b/docs/html/crypto__values_8h__dep__incl.png
deleted file mode 100644
index 097506e..0000000
--- a/docs/html/crypto__values_8h__dep__incl.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/crypto__values_8h_source.html b/docs/html/crypto__values_8h_source.html
deleted file mode 100644
index 5039bab..0000000
--- a/docs/html/crypto__values_8h_source.html
+++ /dev/null
@@ -1,101 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa/crypto_values.h Source File</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="headertitle">
-<div class="title">crypto_values.h</div>  </div>
-</div><!--header-->
-<div class="contents">
-<a href="crypto__values_8h.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;</div><div class="line"><a name="l00017"></a><span class="lineno">   17</span>&#160;<span class="comment">/*</span></div><div class="line"><a name="l00018"></a><span class="lineno">   18</span>&#160;<span class="comment"> *  Copyright (C) 2018, ARM Limited, All Rights Reserved</span></div><div class="line"><a name="l00019"></a><span class="lineno">   19</span>&#160;<span class="comment"> *  SPDX-License-Identifier: Apache-2.0</span></div><div class="line"><a name="l00020"></a><span class="lineno">   20</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00021"></a><span class="lineno">   21</span>&#160;<span class="comment"> *  Licensed under the Apache License, Version 2.0 (the &quot;License&quot;); you may</span></div><div class="line"><a name="l00022"></a><span class="lineno">   22</span>&#160;<span class="comment"> *  not use this file except in compliance with the License.</span></div><div class="line"><a name="l00023"></a><span class="lineno">   23</span>&#160;<span class="comment"> *  You may obtain a copy of the License at</span></div><div class="line"><a name="l00024"></a><span class="lineno">   24</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00025"></a><span class="lineno">   25</span>&#160;<span class="comment"> *  http://www.apache.org/licenses/LICENSE-2.0</span></div><div class="line"><a name="l00026"></a><span class="lineno">   26</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00027"></a><span class="lineno">   27</span>&#160;<span class="comment"> *  Unless required by applicable law or agreed to in writing, software</span></div><div class="line"><a name="l00028"></a><span class="lineno">   28</span>&#160;<span class="comment"> *  distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT</span></div><div class="line"><a name="l00029"></a><span class="lineno">   29</span>&#160;<span class="comment"> *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></div><div class="line"><a name="l00030"></a><span class="lineno">   30</span>&#160;<span class="comment"> *  See the License for the specific language governing permissions and</span></div><div class="line"><a name="l00031"></a><span class="lineno">   31</span>&#160;<span class="comment"> *  limitations under the License.</span></div><div class="line"><a name="l00032"></a><span class="lineno">   32</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00033"></a><span class="lineno">   33</span>&#160;<span class="comment"> *  This file is part of mbed TLS (https://tls.mbed.org)</span></div><div class="line"><a name="l00034"></a><span class="lineno">   34</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00035"></a><span class="lineno">   35</span>&#160;</div><div class="line"><a name="l00036"></a><span class="lineno">   36</span>&#160;<span class="preprocessor">#ifndef PSA_CRYPTO_VALUES_H</span></div><div class="line"><a name="l00037"></a><span class="lineno">   37</span>&#160;<span class="preprocessor">#define PSA_CRYPTO_VALUES_H</span></div><div class="line"><a name="l00038"></a><span class="lineno">   38</span>&#160;</div><div class="line"><a name="l00043"></a><span class="lineno">   43</span>&#160;<span class="preprocessor">#if !defined(PSA_SUCCESS)</span></div><div class="line"><a name="l00044"></a><span class="lineno">   44</span>&#160;<span class="comment">/* If PSA_SUCCESS is defined, assume that PSA crypto is being used</span></div><div class="line"><a name="l00045"></a><span class="lineno">   45</span>&#160;<span class="comment"> * together with PSA IPC, which also defines the identifier</span></div><div class="line"><a name="l00046"></a><span class="lineno">   46</span>&#160;<span class="comment"> * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case;</span></div><div class="line"><a name="l00047"></a><span class="lineno">   47</span>&#160;<span class="comment"> * the other error code names don&#39;t clash. This is a temporary hack</span></div><div class="line"><a name="l00048"></a><span class="lineno">   48</span>&#160;<span class="comment"> * until we unify error reporting in PSA IPC and PSA crypto.</span></div><div class="line"><a name="l00049"></a><span class="lineno">   49</span>&#160;<span class="comment"> *</span></div><div class="line"><a name="l00050"></a><span class="lineno">   50</span>&#160;<span class="comment"> * Note that psa_defs.h must be included before this header!</span></div><div class="line"><a name="l00051"></a><span class="lineno">   51</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00053"></a><span class="lineno"><a class="line" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">   53</a></span>&#160;<span class="preprocessor">#define PSA_SUCCESS ((psa_status_t)0)</span></div><div class="line"><a name="l00054"></a><span class="lineno">   54</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* !defined(PSA_SUCCESS) */</span><span class="preprocessor"></span></div><div class="line"><a name="l00055"></a><span class="lineno">   55</span>&#160;</div><div class="line"><a name="l00061"></a><span class="lineno"><a class="line" href="group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f">   61</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_UNKNOWN_ERROR         ((psa_status_t)1)</span></div><div class="line"><a name="l00062"></a><span class="lineno">   62</span>&#160;</div><div class="line"><a name="l00070"></a><span class="lineno"><a class="line" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">   70</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_NOT_SUPPORTED         ((psa_status_t)2)</span></div><div class="line"><a name="l00071"></a><span class="lineno">   71</span>&#160;</div><div class="line"><a name="l00083"></a><span class="lineno"><a class="line" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">   83</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_NOT_PERMITTED         ((psa_status_t)3)</span></div><div class="line"><a name="l00084"></a><span class="lineno">   84</span>&#160;</div><div class="line"><a name="l00095"></a><span class="lineno"><a class="line" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">   95</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_BUFFER_TOO_SMALL      ((psa_status_t)4)</span></div><div class="line"><a name="l00096"></a><span class="lineno">   96</span>&#160;</div><div class="line"><a name="l00103"></a><span class="lineno"><a class="line" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">  103</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_OCCUPIED_SLOT         ((psa_status_t)5)</span></div><div class="line"><a name="l00104"></a><span class="lineno">  104</span>&#160;</div><div class="line"><a name="l00111"></a><span class="lineno"><a class="line" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">  111</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_EMPTY_SLOT            ((psa_status_t)6)</span></div><div class="line"><a name="l00112"></a><span class="lineno">  112</span>&#160;</div><div class="line"><a name="l00123"></a><span class="lineno"><a class="line" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">  123</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_BAD_STATE             ((psa_status_t)7)</span></div><div class="line"><a name="l00124"></a><span class="lineno">  124</span>&#160;</div><div class="line"><a name="l00139"></a><span class="lineno"><a class="line" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">  139</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_ARGUMENT      ((psa_status_t)8)</span></div><div class="line"><a name="l00140"></a><span class="lineno">  140</span>&#160;</div><div class="line"><a name="l00145"></a><span class="lineno"><a class="line" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">  145</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_MEMORY   ((psa_status_t)9)</span></div><div class="line"><a name="l00146"></a><span class="lineno">  146</span>&#160;</div><div class="line"><a name="l00154"></a><span class="lineno"><a class="line" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">  154</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)10)</span></div><div class="line"><a name="l00155"></a><span class="lineno">  155</span>&#160;</div><div class="line"><a name="l00171"></a><span class="lineno"><a class="line" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">  171</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)</span></div><div class="line"><a name="l00172"></a><span class="lineno">  172</span>&#160;</div><div class="line"><a name="l00196"></a><span class="lineno"><a class="line" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">  196</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_STORAGE_FAILURE       ((psa_status_t)12)</span></div><div class="line"><a name="l00197"></a><span class="lineno">  197</span>&#160;</div><div class="line"><a name="l00202"></a><span class="lineno"><a class="line" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">  202</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_HARDWARE_FAILURE      ((psa_status_t)13)</span></div><div class="line"><a name="l00203"></a><span class="lineno">  203</span>&#160;</div><div class="line"><a name="l00233"></a><span class="lineno"><a class="line" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">  233</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_TAMPERING_DETECTED    ((psa_status_t)14)</span></div><div class="line"><a name="l00234"></a><span class="lineno">  234</span>&#160;</div><div class="line"><a name="l00252"></a><span class="lineno"><a class="line" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">  252</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)15)</span></div><div class="line"><a name="l00253"></a><span class="lineno">  253</span>&#160;</div><div class="line"><a name="l00262"></a><span class="lineno"><a class="line" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">  262</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)16)</span></div><div class="line"><a name="l00263"></a><span class="lineno">  263</span>&#160;</div><div class="line"><a name="l00278"></a><span class="lineno"><a class="line" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">  278</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_PADDING       ((psa_status_t)17)</span></div><div class="line"><a name="l00279"></a><span class="lineno">  279</span>&#160;</div><div class="line"><a name="l00284"></a><span class="lineno"><a class="line" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">  284</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)</span></div><div class="line"><a name="l00285"></a><span class="lineno">  285</span>&#160;</div><div class="line"><a name="l00288"></a><span class="lineno"><a class="line" href="group__error.html#gadf22718935657c2c3168c228204085f9">  288</a></span>&#160;<span class="preprocessor">#define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)19)</span></div><div class="line"><a name="l00289"></a><span class="lineno">  289</span>&#160;</div><div class="line"><a name="l00300"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b">  300</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_NONE                       ((psa_key_type_t)0x00000000)</span></div><div class="line"><a name="l00301"></a><span class="lineno">  301</span>&#160;</div><div class="line"><a name="l00309"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">  309</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_VENDOR_FLAG                ((psa_key_type_t)0x80000000)</span></div><div class="line"><a name="l00310"></a><span class="lineno">  310</span>&#160;</div><div class="line"><a name="l00311"></a><span class="lineno">  311</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_MASK              ((psa_key_type_t)0x70000000)</span></div><div class="line"><a name="l00312"></a><span class="lineno">  312</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC         ((psa_key_type_t)0x40000000)</span></div><div class="line"><a name="l00313"></a><span class="lineno">  313</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_RAW               ((psa_key_type_t)0x50000000)</span></div><div class="line"><a name="l00314"></a><span class="lineno">  314</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY        ((psa_key_type_t)0x60000000)</span></div><div class="line"><a name="l00315"></a><span class="lineno">  315</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR          ((psa_key_type_t)0x70000000)</span></div><div class="line"><a name="l00316"></a><span class="lineno">  316</span>&#160;</div><div class="line"><a name="l00317"></a><span class="lineno">  317</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR         ((psa_key_type_t)0x10000000)</span></div><div class="line"><a name="l00318"></a><span class="lineno">  318</span>&#160;</div><div class="line"><a name="l00320"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3">  320</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \</span></div><div class="line"><a name="l00321"></a><span class="lineno">  321</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_VENDOR_FLAG) != 0)</span></div><div class="line"><a name="l00322"></a><span class="lineno">  322</span>&#160;</div><div class="line"><a name="l00327"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">  327</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \</span></div><div class="line"><a name="l00328"></a><span class="lineno">  328</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK &amp; ~(psa_key_type_t)0x10000000) == \</span></div><div class="line"><a name="l00329"></a><span class="lineno">  329</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_CATEGORY_SYMMETRIC)</span></div><div class="line"><a name="l00330"></a><span class="lineno">  330</span>&#160;</div><div class="line"><a name="l00332"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">  332</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ASYMMETRIC(type)                                \</span></div><div class="line"><a name="l00333"></a><span class="lineno">  333</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK                               \</span></div><div class="line"><a name="l00334"></a><span class="lineno">  334</span>&#160;<span class="preprocessor">      &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) ==                            \</span></div><div class="line"><a name="l00335"></a><span class="lineno">  335</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span></div><div class="line"><a name="l00336"></a><span class="lineno">  336</span>&#160;</div><div class="line"><a name="l00337"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">  337</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type)                                \</span></div><div class="line"><a name="l00338"></a><span class="lineno">  338</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span></div><div class="line"><a name="l00339"></a><span class="lineno">  339</span>&#160;</div><div class="line"><a name="l00341"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29">  341</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_KEYPAIR(type)                                   \</span></div><div class="line"><a name="l00342"></a><span class="lineno">  342</span>&#160;<span class="preprocessor">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</span></div><div class="line"><a name="l00343"></a><span class="lineno">  343</span>&#160;</div><div class="line"><a name="l00353"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d">  353</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY(type)        \</span></div><div class="line"><a name="l00354"></a><span class="lineno">  354</span>&#160;<span class="preprocessor">    ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span></div><div class="line"><a name="l00355"></a><span class="lineno">  355</span>&#160;</div><div class="line"><a name="l00365"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">  365</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type)        \</span></div><div class="line"><a name="l00366"></a><span class="lineno">  366</span>&#160;<span class="preprocessor">    ((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span></div><div class="line"><a name="l00367"></a><span class="lineno">  367</span>&#160;</div><div class="line"><a name="l00372"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa97f92025533102616b32d571c940d80">  372</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_RAW_DATA                   ((psa_key_type_t)0x50000001)</span></div><div class="line"><a name="l00373"></a><span class="lineno">  373</span>&#160;</div><div class="line"><a name="l00382"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8">  382</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_HMAC                       ((psa_key_type_t)0x51000000)</span></div><div class="line"><a name="l00383"></a><span class="lineno">  383</span>&#160;</div><div class="line"><a name="l00389"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">  389</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DERIVE                     ((psa_key_type_t)0x52000000)</span></div><div class="line"><a name="l00390"></a><span class="lineno">  390</span>&#160;</div><div class="line"><a name="l00396"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">  396</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_AES                        ((psa_key_type_t)0x40000001)</span></div><div class="line"><a name="l00397"></a><span class="lineno">  397</span>&#160;</div><div class="line"><a name="l00407"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">  407</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DES                        ((psa_key_type_t)0x40000002)</span></div><div class="line"><a name="l00408"></a><span class="lineno">  408</span>&#160;</div><div class="line"><a name="l00411"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">  411</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_CAMELLIA                   ((psa_key_type_t)0x40000003)</span></div><div class="line"><a name="l00412"></a><span class="lineno">  412</span>&#160;</div><div class="line"><a name="l00417"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">  417</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ARC4                       ((psa_key_type_t)0x40000004)</span></div><div class="line"><a name="l00418"></a><span class="lineno">  418</span>&#160;</div><div class="line"><a name="l00420"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">  420</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_RSA_PUBLIC_KEY             ((psa_key_type_t)0x60010000)</span></div><div class="line"><a name="l00421"></a><span class="lineno">  421</span>&#160;</div><div class="line"><a name="l00422"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">  422</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_RSA_KEYPAIR                ((psa_key_type_t)0x70010000)</span></div><div class="line"><a name="l00423"></a><span class="lineno">  423</span>&#160;</div><div class="line"><a name="l00424"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">  424</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_RSA(type)                                       \</span></div><div class="line"><a name="l00425"></a><span class="lineno">  425</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)</span></div><div class="line"><a name="l00426"></a><span class="lineno">  426</span>&#160;</div><div class="line"><a name="l00428"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">  428</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DSA_PUBLIC_KEY             ((psa_key_type_t)0x60020000)</span></div><div class="line"><a name="l00429"></a><span class="lineno">  429</span>&#160;</div><div class="line"><a name="l00430"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">  430</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DSA_KEYPAIR                ((psa_key_type_t)0x70020000)</span></div><div class="line"><a name="l00431"></a><span class="lineno">  431</span>&#160;</div><div class="line"><a name="l00432"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1">  432</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_DSA(type)                                       \</span></div><div class="line"><a name="l00433"></a><span class="lineno">  433</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)</span></div><div class="line"><a name="l00434"></a><span class="lineno">  434</span>&#160;</div><div class="line"><a name="l00435"></a><span class="lineno">  435</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE        ((psa_key_type_t)0x60030000)</span></div><div class="line"><a name="l00436"></a><span class="lineno">  436</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE           ((psa_key_type_t)0x70030000)</span></div><div class="line"><a name="l00437"></a><span class="lineno">  437</span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_CURVE_MASK             ((psa_key_type_t)0x0000ffff)</span></div><div class="line"><a name="l00438"></a><span class="lineno">  438</span>&#160;</div><div class="line"><a name="l00439"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af">  439</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_KEYPAIR(curve)         \</span></div><div class="line"><a name="l00440"></a><span class="lineno">  440</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))</span></div><div class="line"><a name="l00441"></a><span class="lineno">  441</span>&#160;</div><div class="line"><a name="l00442"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2">  442</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)              \</span></div><div class="line"><a name="l00443"></a><span class="lineno">  443</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</span></div><div class="line"><a name="l00444"></a><span class="lineno">  444</span>&#160;</div><div class="line"><a name="l00446"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">  446</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ECC(type)                                       \</span></div><div class="line"><a name="l00447"></a><span class="lineno">  447</span>&#160;<span class="preprocessor">    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) &amp;                        \</span></div><div class="line"><a name="l00448"></a><span class="lineno">  448</span>&#160;<span class="preprocessor">      ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span></div><div class="line"><a name="l00449"></a><span class="lineno">  449</span>&#160;</div><div class="line"><a name="l00450"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">  450</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type)                               \</span></div><div class="line"><a name="l00451"></a><span class="lineno">  451</span>&#160;<span class="preprocessor">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \</span></div><div class="line"><a name="l00452"></a><span class="lineno">  452</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_ECC_KEYPAIR_BASE)</span></div><div class="line"><a name="l00453"></a><span class="lineno">  453</span>&#160;</div><div class="line"><a name="l00454"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">  454</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)                            \</span></div><div class="line"><a name="l00455"></a><span class="lineno">  455</span>&#160;<span class="preprocessor">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \</span></div><div class="line"><a name="l00456"></a><span class="lineno">  456</span>&#160;<span class="preprocessor">     PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span></div><div class="line"><a name="l00457"></a><span class="lineno">  457</span>&#160;</div><div class="line"><a name="l00459"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9">  459</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_GET_CURVE(type)                             \</span></div><div class="line"><a name="l00460"></a><span class="lineno">  460</span>&#160;<span class="preprocessor">    ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ?              \</span></div><div class="line"><a name="l00461"></a><span class="lineno">  461</span>&#160;<span class="preprocessor">                        ((type) &amp; PSA_KEY_TYPE_ECC_CURVE_MASK) : \</span></div><div class="line"><a name="l00462"></a><span class="lineno">  462</span>&#160;<span class="preprocessor">                        0))</span></div><div class="line"><a name="l00463"></a><span class="lineno">  463</span>&#160;</div><div class="line"><a name="l00464"></a><span class="lineno">  464</span>&#160;<span class="comment">/* The encoding of curve identifiers is currently aligned with the</span></div><div class="line"><a name="l00465"></a><span class="lineno">  465</span>&#160;<span class="comment"> * TLS Supported Groups Registry (formerly known as the</span></div><div class="line"><a name="l00466"></a><span class="lineno">  466</span>&#160;<span class="comment"> * TLS EC Named Curve Registry)</span></div><div class="line"><a name="l00467"></a><span class="lineno">  467</span>&#160;<span class="comment"> * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8</span></div><div class="line"><a name="l00468"></a><span class="lineno">  468</span>&#160;<span class="comment"> * The values are defined by RFC 8422 and RFC 7027. */</span></div><div class="line"><a name="l00469"></a><span class="lineno">  469</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT163K1         ((psa_ecc_curve_t) 0x0001)</span></div><div class="line"><a name="l00470"></a><span class="lineno">  470</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT163R1         ((psa_ecc_curve_t) 0x0002)</span></div><div class="line"><a name="l00471"></a><span class="lineno">  471</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT163R2         ((psa_ecc_curve_t) 0x0003)</span></div><div class="line"><a name="l00472"></a><span class="lineno">  472</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT193R1         ((psa_ecc_curve_t) 0x0004)</span></div><div class="line"><a name="l00473"></a><span class="lineno">  473</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT193R2         ((psa_ecc_curve_t) 0x0005)</span></div><div class="line"><a name="l00474"></a><span class="lineno">  474</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT233K1         ((psa_ecc_curve_t) 0x0006)</span></div><div class="line"><a name="l00475"></a><span class="lineno">  475</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT233R1         ((psa_ecc_curve_t) 0x0007)</span></div><div class="line"><a name="l00476"></a><span class="lineno">  476</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT239K1         ((psa_ecc_curve_t) 0x0008)</span></div><div class="line"><a name="l00477"></a><span class="lineno">  477</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT283K1         ((psa_ecc_curve_t) 0x0009)</span></div><div class="line"><a name="l00478"></a><span class="lineno">  478</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT283R1         ((psa_ecc_curve_t) 0x000a)</span></div><div class="line"><a name="l00479"></a><span class="lineno">  479</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT409K1         ((psa_ecc_curve_t) 0x000b)</span></div><div class="line"><a name="l00480"></a><span class="lineno">  480</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT409R1         ((psa_ecc_curve_t) 0x000c)</span></div><div class="line"><a name="l00481"></a><span class="lineno">  481</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT571K1         ((psa_ecc_curve_t) 0x000d)</span></div><div class="line"><a name="l00482"></a><span class="lineno">  482</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECT571R1         ((psa_ecc_curve_t) 0x000e)</span></div><div class="line"><a name="l00483"></a><span class="lineno">  483</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP160K1         ((psa_ecc_curve_t) 0x000f)</span></div><div class="line"><a name="l00484"></a><span class="lineno">  484</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP160R1         ((psa_ecc_curve_t) 0x0010)</span></div><div class="line"><a name="l00485"></a><span class="lineno">  485</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP160R2         ((psa_ecc_curve_t) 0x0011)</span></div><div class="line"><a name="l00486"></a><span class="lineno">  486</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP192K1         ((psa_ecc_curve_t) 0x0012)</span></div><div class="line"><a name="l00487"></a><span class="lineno">  487</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP192R1         ((psa_ecc_curve_t) 0x0013)</span></div><div class="line"><a name="l00488"></a><span class="lineno">  488</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP224K1         ((psa_ecc_curve_t) 0x0014)</span></div><div class="line"><a name="l00489"></a><span class="lineno">  489</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP224R1         ((psa_ecc_curve_t) 0x0015)</span></div><div class="line"><a name="l00490"></a><span class="lineno">  490</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP256K1         ((psa_ecc_curve_t) 0x0016)</span></div><div class="line"><a name="l00491"></a><span class="lineno">  491</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP256R1         ((psa_ecc_curve_t) 0x0017)</span></div><div class="line"><a name="l00492"></a><span class="lineno">  492</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP384R1         ((psa_ecc_curve_t) 0x0018)</span></div><div class="line"><a name="l00493"></a><span class="lineno">  493</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_SECP521R1         ((psa_ecc_curve_t) 0x0019)</span></div><div class="line"><a name="l00494"></a><span class="lineno">  494</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_BRAINPOOL_P256R1  ((psa_ecc_curve_t) 0x001a)</span></div><div class="line"><a name="l00495"></a><span class="lineno">  495</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_BRAINPOOL_P384R1  ((psa_ecc_curve_t) 0x001b)</span></div><div class="line"><a name="l00496"></a><span class="lineno">  496</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_BRAINPOOL_P512R1  ((psa_ecc_curve_t) 0x001c)</span></div><div class="line"><a name="l00497"></a><span class="lineno">  497</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_CURVE25519        ((psa_ecc_curve_t) 0x001d)</span></div><div class="line"><a name="l00498"></a><span class="lineno">  498</span>&#160;<span class="preprocessor">#define PSA_ECC_CURVE_CURVE448          ((psa_ecc_curve_t) 0x001e)</span></div><div class="line"><a name="l00499"></a><span class="lineno">  499</span>&#160;</div><div class="line"><a name="l00501"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">  501</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DH_PUBLIC_KEY             ((psa_key_type_t)0x60040000)</span></div><div class="line"><a name="l00502"></a><span class="lineno">  502</span>&#160;</div><div class="line"><a name="l00503"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5">  503</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_DH_KEYPAIR                ((psa_key_type_t)0x70040000)</span></div><div class="line"><a name="l00504"></a><span class="lineno">  504</span>&#160;</div><div class="line"><a name="l00506"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga248ae35c0e2becaebbf479fc1c3a3b0e">  506</a></span>&#160;<span class="preprocessor">#define PSA_KEY_TYPE_IS_DH(type)                                       \</span></div><div class="line"><a name="l00507"></a><span class="lineno">  507</span>&#160;<span class="preprocessor">    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DH_PUBLIC_KEY)</span></div><div class="line"><a name="l00508"></a><span class="lineno">  508</span>&#160;</div><div class="line"><a name="l00527"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">  527</a></span>&#160;<span class="preprocessor">#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type)            \</span></div><div class="line"><a name="l00528"></a><span class="lineno">  528</span>&#160;<span class="preprocessor">    (                                                \</span></div><div class="line"><a name="l00529"></a><span class="lineno">  529</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_AES ? 16 :            \</span></div><div class="line"><a name="l00530"></a><span class="lineno">  530</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_DES ? 8 :             \</span></div><div class="line"><a name="l00531"></a><span class="lineno">  531</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_CAMELLIA ? 16 :       \</span></div><div class="line"><a name="l00532"></a><span class="lineno">  532</span>&#160;<span class="preprocessor">        (type) == PSA_KEY_TYPE_ARC4 ? 1 :            \</span></div><div class="line"><a name="l00533"></a><span class="lineno">  533</span>&#160;<span class="preprocessor">        0)</span></div><div class="line"><a name="l00534"></a><span class="lineno">  534</span>&#160;</div><div class="line"><a name="l00535"></a><span class="lineno">  535</span>&#160;<span class="preprocessor">#define PSA_ALG_VENDOR_FLAG                     ((psa_algorithm_t)0x80000000)</span></div><div class="line"><a name="l00536"></a><span class="lineno">  536</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_MASK                   ((psa_algorithm_t)0x7f000000)</span></div><div class="line"><a name="l00537"></a><span class="lineno">  537</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_HASH                   ((psa_algorithm_t)0x01000000)</span></div><div class="line"><a name="l00538"></a><span class="lineno">  538</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_MAC                    ((psa_algorithm_t)0x02000000)</span></div><div class="line"><a name="l00539"></a><span class="lineno">  539</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_CIPHER                 ((psa_algorithm_t)0x04000000)</span></div><div class="line"><a name="l00540"></a><span class="lineno">  540</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_AEAD                   ((psa_algorithm_t)0x06000000)</span></div><div class="line"><a name="l00541"></a><span class="lineno">  541</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_SIGN                   ((psa_algorithm_t)0x10000000)</span></div><div class="line"><a name="l00542"></a><span class="lineno">  542</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION  ((psa_algorithm_t)0x12000000)</span></div><div class="line"><a name="l00543"></a><span class="lineno">  543</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_KEY_DERIVATION         ((psa_algorithm_t)0x20000000)</span></div><div class="line"><a name="l00544"></a><span class="lineno">  544</span>&#160;<span class="preprocessor">#define PSA_ALG_CATEGORY_KEY_AGREEMENT          ((psa_algorithm_t)0x30000000)</span></div><div class="line"><a name="l00545"></a><span class="lineno">  545</span>&#160;</div><div class="line"><a name="l00546"></a><span class="lineno">  546</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_VENDOR_DEFINED(alg)                                  \</span></div><div class="line"><a name="l00547"></a><span class="lineno">  547</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_VENDOR_FLAG) != 0)</span></div><div class="line"><a name="l00548"></a><span class="lineno">  548</span>&#160;</div><div class="line"><a name="l00557"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">  557</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_HASH(alg)                                            \</span></div><div class="line"><a name="l00558"></a><span class="lineno">  558</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</span></div><div class="line"><a name="l00559"></a><span class="lineno">  559</span>&#160;</div><div class="line"><a name="l00568"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">  568</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_MAC(alg)                                             \</span></div><div class="line"><a name="l00569"></a><span class="lineno">  569</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</span></div><div class="line"><a name="l00570"></a><span class="lineno">  570</span>&#160;</div><div class="line"><a name="l00579"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">  579</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_CIPHER(alg)                                          \</span></div><div class="line"><a name="l00580"></a><span class="lineno">  580</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</span></div><div class="line"><a name="l00581"></a><span class="lineno">  581</span>&#160;</div><div class="line"><a name="l00591"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">  591</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_AEAD(alg)                                            \</span></div><div class="line"><a name="l00592"></a><span class="lineno">  592</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</span></div><div class="line"><a name="l00593"></a><span class="lineno">  593</span>&#160;</div><div class="line"><a name="l00602"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">  602</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_SIGN(alg)                                            \</span></div><div class="line"><a name="l00603"></a><span class="lineno">  603</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</span></div><div class="line"><a name="l00604"></a><span class="lineno">  604</span>&#160;</div><div class="line"><a name="l00613"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a">  613</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)                           \</span></div><div class="line"><a name="l00614"></a><span class="lineno">  614</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</span></div><div class="line"><a name="l00615"></a><span class="lineno">  615</span>&#160;</div><div class="line"><a name="l00624"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">  624</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_KEY_AGREEMENT(alg)                                   \</span></div><div class="line"><a name="l00625"></a><span class="lineno">  625</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)</span></div><div class="line"><a name="l00626"></a><span class="lineno">  626</span>&#160;</div><div class="line"><a name="l00635"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">  635</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_KEY_DERIVATION(alg)                                  \</span></div><div class="line"><a name="l00636"></a><span class="lineno">  636</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</span></div><div class="line"><a name="l00637"></a><span class="lineno">  637</span>&#160;</div><div class="line"><a name="l00638"></a><span class="lineno">  638</span>&#160;<span class="preprocessor">#define PSA_ALG_HASH_MASK                       ((psa_algorithm_t)0x000000ff)</span></div><div class="line"><a name="l00639"></a><span class="lineno">  639</span>&#160;</div><div class="line"><a name="l00640"></a><span class="lineno">  640</span>&#160;<span class="preprocessor">#define PSA_ALG_MD2                             ((psa_algorithm_t)0x01000001)</span></div><div class="line"><a name="l00641"></a><span class="lineno">  641</span>&#160;<span class="preprocessor">#define PSA_ALG_MD4                             ((psa_algorithm_t)0x01000002)</span></div><div class="line"><a name="l00642"></a><span class="lineno">  642</span>&#160;<span class="preprocessor">#define PSA_ALG_MD5                             ((psa_algorithm_t)0x01000003)</span></div><div class="line"><a name="l00643"></a><span class="lineno">  643</span>&#160;<span class="preprocessor">#define PSA_ALG_RIPEMD160                       ((psa_algorithm_t)0x01000004)</span></div><div class="line"><a name="l00644"></a><span class="lineno">  644</span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_1                           ((psa_algorithm_t)0x01000005)</span></div><div class="line"><a name="l00645"></a><span class="lineno">  645</span>&#160;</div><div class="line"><a name="l00646"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">  646</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_224                         ((psa_algorithm_t)0x01000008)</span></div><div class="line"><a name="l00647"></a><span class="lineno">  647</span>&#160;</div><div class="line"><a name="l00648"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">  648</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_256                         ((psa_algorithm_t)0x01000009)</span></div><div class="line"><a name="l00649"></a><span class="lineno">  649</span>&#160;</div><div class="line"><a name="l00650"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">  650</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_384                         ((psa_algorithm_t)0x0100000a)</span></div><div class="line"><a name="l00651"></a><span class="lineno">  651</span>&#160;</div><div class="line"><a name="l00652"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">  652</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_512                         ((psa_algorithm_t)0x0100000b)</span></div><div class="line"><a name="l00653"></a><span class="lineno">  653</span>&#160;</div><div class="line"><a name="l00654"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">  654</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_512_224                     ((psa_algorithm_t)0x0100000c)</span></div><div class="line"><a name="l00655"></a><span class="lineno">  655</span>&#160;</div><div class="line"><a name="l00656"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">  656</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA_512_256                     ((psa_algorithm_t)0x0100000d)</span></div><div class="line"><a name="l00657"></a><span class="lineno">  657</span>&#160;</div><div class="line"><a name="l00658"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">  658</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_224                        ((psa_algorithm_t)0x01000010)</span></div><div class="line"><a name="l00659"></a><span class="lineno">  659</span>&#160;</div><div class="line"><a name="l00660"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">  660</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_256                        ((psa_algorithm_t)0x01000011)</span></div><div class="line"><a name="l00661"></a><span class="lineno">  661</span>&#160;</div><div class="line"><a name="l00662"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">  662</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_384                        ((psa_algorithm_t)0x01000012)</span></div><div class="line"><a name="l00663"></a><span class="lineno">  663</span>&#160;</div><div class="line"><a name="l00664"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">  664</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SHA3_512                        ((psa_algorithm_t)0x01000013)</span></div><div class="line"><a name="l00665"></a><span class="lineno">  665</span>&#160;</div><div class="line"><a name="l00699"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">  699</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ANY_HASH                        ((psa_algorithm_t)0x010000ff)</span></div><div class="line"><a name="l00700"></a><span class="lineno">  700</span>&#160;</div><div class="line"><a name="l00701"></a><span class="lineno">  701</span>&#160;<span class="preprocessor">#define PSA_ALG_MAC_SUBCATEGORY_MASK            ((psa_algorithm_t)0x00c00000)</span></div><div class="line"><a name="l00702"></a><span class="lineno">  702</span>&#160;<span class="preprocessor">#define PSA_ALG_HMAC_BASE                       ((psa_algorithm_t)0x02800000)</span></div><div class="line"><a name="l00703"></a><span class="lineno">  703</span>&#160;</div><div class="line"><a name="l00714"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">  714</a></span>&#160;<span class="preprocessor">#define PSA_ALG_HMAC(hash_alg)                                  \</span></div><div class="line"><a name="l00715"></a><span class="lineno">  715</span>&#160;<span class="preprocessor">    (PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00716"></a><span class="lineno">  716</span>&#160;</div><div class="line"><a name="l00717"></a><span class="lineno">  717</span>&#160;<span class="preprocessor">#define PSA_ALG_HMAC_GET_HASH(hmac_alg)                             \</span></div><div class="line"><a name="l00718"></a><span class="lineno">  718</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hmac_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00719"></a><span class="lineno">  719</span>&#160;</div><div class="line"><a name="l00730"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">  730</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_HMAC(alg)                                            \</span></div><div class="line"><a name="l00731"></a><span class="lineno">  731</span>&#160;<span class="preprocessor">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \</span></div><div class="line"><a name="l00732"></a><span class="lineno">  732</span>&#160;<span class="preprocessor">     PSA_ALG_HMAC_BASE)</span></div><div class="line"><a name="l00733"></a><span class="lineno">  733</span>&#160;</div><div class="line"><a name="l00734"></a><span class="lineno">  734</span>&#160;<span class="comment">/* In the encoding of a MAC algorithm, the bits corresponding to</span></div><div class="line"><a name="l00735"></a><span class="lineno">  735</span>&#160;<span class="comment"> * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is</span></div><div class="line"><a name="l00736"></a><span class="lineno">  736</span>&#160;<span class="comment"> * truncated. As an exception, the value 0 means the untruncated algorithm,</span></div><div class="line"><a name="l00737"></a><span class="lineno">  737</span>&#160;<span class="comment"> * whatever its length is. The length is encoded in 6 bits, so it can</span></div><div class="line"><a name="l00738"></a><span class="lineno">  738</span>&#160;<span class="comment"> * reach up to 63; the largest MAC is 64 bytes so its trivial truncation</span></div><div class="line"><a name="l00739"></a><span class="lineno">  739</span>&#160;<span class="comment"> * to full length is correctly encoded as 0 and any non-trivial truncation</span></div><div class="line"><a name="l00740"></a><span class="lineno">  740</span>&#160;<span class="comment"> * is correctly encoded as a value between 1 and 63. */</span></div><div class="line"><a name="l00741"></a><span class="lineno">  741</span>&#160;<span class="preprocessor">#define PSA_ALG_MAC_TRUNCATION_MASK             ((psa_algorithm_t)0x00003f00)</span></div><div class="line"><a name="l00742"></a><span class="lineno">  742</span>&#160;<span class="preprocessor">#define PSA_MAC_TRUNCATION_OFFSET 8</span></div><div class="line"><a name="l00743"></a><span class="lineno">  743</span>&#160;</div><div class="line"><a name="l00777"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276">  777</a></span>&#160;<span class="preprocessor">#define PSA_ALG_TRUNCATED_MAC(alg, mac_length)                          \</span></div><div class="line"><a name="l00778"></a><span class="lineno">  778</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK) |                           \</span></div><div class="line"><a name="l00779"></a><span class="lineno">  779</span>&#160;<span class="preprocessor">     ((mac_length) &lt;&lt; PSA_MAC_TRUNCATION_OFFSET &amp; PSA_ALG_MAC_TRUNCATION_MASK))</span></div><div class="line"><a name="l00780"></a><span class="lineno">  780</span>&#160;</div><div class="line"><a name="l00793"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1">  793</a></span>&#160;<span class="preprocessor">#define PSA_ALG_FULL_LENGTH_MAC(alg)            \</span></div><div class="line"><a name="l00794"></a><span class="lineno">  794</span>&#160;<span class="preprocessor">    ((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</span></div><div class="line"><a name="l00795"></a><span class="lineno">  795</span>&#160;</div><div class="line"><a name="l00807"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">  807</a></span>&#160;<span class="preprocessor">#define PSA_MAC_TRUNCATED_LENGTH(alg)           \</span></div><div class="line"><a name="l00808"></a><span class="lineno">  808</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</span></div><div class="line"><a name="l00809"></a><span class="lineno">  809</span>&#160;</div><div class="line"><a name="l00810"></a><span class="lineno">  810</span>&#160;<span class="preprocessor">#define PSA_ALG_CIPHER_MAC_BASE                 ((psa_algorithm_t)0x02c00000)</span></div><div class="line"><a name="l00811"></a><span class="lineno">  811</span>&#160;<span class="preprocessor">#define PSA_ALG_CBC_MAC                         ((psa_algorithm_t)0x02c00001)</span></div><div class="line"><a name="l00812"></a><span class="lineno">  812</span>&#160;<span class="preprocessor">#define PSA_ALG_CMAC                            ((psa_algorithm_t)0x02c00002)</span></div><div class="line"><a name="l00813"></a><span class="lineno">  813</span>&#160;<span class="preprocessor">#define PSA_ALG_GMAC                            ((psa_algorithm_t)0x02c00003)</span></div><div class="line"><a name="l00814"></a><span class="lineno">  814</span>&#160;</div><div class="line"><a name="l00823"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">  823</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg)                                \</span></div><div class="line"><a name="l00824"></a><span class="lineno">  824</span>&#160;<span class="preprocessor">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \</span></div><div class="line"><a name="l00825"></a><span class="lineno">  825</span>&#160;<span class="preprocessor">     PSA_ALG_CIPHER_MAC_BASE)</span></div><div class="line"><a name="l00826"></a><span class="lineno">  826</span>&#160;</div><div class="line"><a name="l00827"></a><span class="lineno">  827</span>&#160;<span class="preprocessor">#define PSA_ALG_CIPHER_STREAM_FLAG              ((psa_algorithm_t)0x00800000)</span></div><div class="line"><a name="l00828"></a><span class="lineno">  828</span>&#160;<span class="preprocessor">#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG          ((psa_algorithm_t)0x00400000)</span></div><div class="line"><a name="l00829"></a><span class="lineno">  829</span>&#160;</div><div class="line"><a name="l00842"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0">  842</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_STREAM_CIPHER(alg)            \</span></div><div class="line"><a name="l00843"></a><span class="lineno">  843</span>&#160;<span class="preprocessor">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \</span></div><div class="line"><a name="l00844"></a><span class="lineno">  844</span>&#160;<span class="preprocessor">        (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))</span></div><div class="line"><a name="l00845"></a><span class="lineno">  845</span>&#160;</div><div class="line"><a name="l00848"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e">  848</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ARC4                            ((psa_algorithm_t)0x04800001)</span></div><div class="line"><a name="l00849"></a><span class="lineno">  849</span>&#160;</div><div class="line"><a name="l00857"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">  857</a></span>&#160;<span class="preprocessor">#define PSA_ALG_CTR                             ((psa_algorithm_t)0x04c00001)</span></div><div class="line"><a name="l00858"></a><span class="lineno">  858</span>&#160;</div><div class="line"><a name="l00859"></a><span class="lineno">  859</span>&#160;<span class="preprocessor">#define PSA_ALG_CFB                             ((psa_algorithm_t)0x04c00002)</span></div><div class="line"><a name="l00860"></a><span class="lineno">  860</span>&#160;</div><div class="line"><a name="l00861"></a><span class="lineno">  861</span>&#160;<span class="preprocessor">#define PSA_ALG_OFB                             ((psa_algorithm_t)0x04c00003)</span></div><div class="line"><a name="l00862"></a><span class="lineno">  862</span>&#160;</div><div class="line"><a name="l00869"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125">  869</a></span>&#160;<span class="preprocessor">#define PSA_ALG_XTS                             ((psa_algorithm_t)0x044000ff)</span></div><div class="line"><a name="l00870"></a><span class="lineno">  870</span>&#160;</div><div class="line"><a name="l00878"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66">  878</a></span>&#160;<span class="preprocessor">#define PSA_ALG_CBC_NO_PADDING                  ((psa_algorithm_t)0x04600100)</span></div><div class="line"><a name="l00879"></a><span class="lineno">  879</span>&#160;</div><div class="line"><a name="l00886"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c">  886</a></span>&#160;<span class="preprocessor">#define PSA_ALG_CBC_PKCS7                       ((psa_algorithm_t)0x04600101)</span></div><div class="line"><a name="l00887"></a><span class="lineno">  887</span>&#160;</div><div class="line"><a name="l00890"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">  890</a></span>&#160;<span class="preprocessor">#define PSA_ALG_CCM                             ((psa_algorithm_t)0x06001001)</span></div><div class="line"><a name="l00891"></a><span class="lineno">  891</span>&#160;</div><div class="line"><a name="l00894"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c">  894</a></span>&#160;<span class="preprocessor">#define PSA_ALG_GCM                             ((psa_algorithm_t)0x06001002)</span></div><div class="line"><a name="l00895"></a><span class="lineno">  895</span>&#160;</div><div class="line"><a name="l00896"></a><span class="lineno">  896</span>&#160;<span class="comment">/* In the encoding of a AEAD algorithm, the bits corresponding to</span></div><div class="line"><a name="l00897"></a><span class="lineno">  897</span>&#160;<span class="comment"> * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.</span></div><div class="line"><a name="l00898"></a><span class="lineno">  898</span>&#160;<span class="comment"> * The constants for default lengths follow this encoding.</span></div><div class="line"><a name="l00899"></a><span class="lineno">  899</span>&#160;<span class="comment"> */</span></div><div class="line"><a name="l00900"></a><span class="lineno">  900</span>&#160;<span class="preprocessor">#define PSA_ALG_AEAD_TAG_LENGTH_MASK            ((psa_algorithm_t)0x00003f00)</span></div><div class="line"><a name="l00901"></a><span class="lineno">  901</span>&#160;<span class="preprocessor">#define PSA_AEAD_TAG_LENGTH_OFFSET 8</span></div><div class="line"><a name="l00902"></a><span class="lineno">  902</span>&#160;</div><div class="line"><a name="l00921"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">  921</a></span>&#160;<span class="preprocessor">#define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length)                   \</span></div><div class="line"><a name="l00922"></a><span class="lineno">  922</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                          \</span></div><div class="line"><a name="l00923"></a><span class="lineno">  923</span>&#160;<span class="preprocessor">     ((tag_length) &lt;&lt; PSA_AEAD_TAG_LENGTH_OFFSET &amp;                      \</span></div><div class="line"><a name="l00924"></a><span class="lineno">  924</span>&#160;<span class="preprocessor">      PSA_ALG_AEAD_TAG_LENGTH_MASK))</span></div><div class="line"><a name="l00925"></a><span class="lineno">  925</span>&#160;</div><div class="line"><a name="l00934"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b">  934</a></span>&#160;<span class="preprocessor">#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg)                       \</span></div><div class="line"><a name="l00935"></a><span class="lineno">  935</span>&#160;<span class="preprocessor">    (                                                                   \</span></div><div class="line"><a name="l00936"></a><span class="lineno">  936</span>&#160;<span class="preprocessor">        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_CCM)   \</span></div><div class="line"><a name="l00937"></a><span class="lineno">  937</span>&#160;<span class="preprocessor">        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_GCM)   \</span></div><div class="line"><a name="l00938"></a><span class="lineno">  938</span>&#160;<span class="preprocessor">        0)</span></div><div class="line"><a name="l00939"></a><span class="lineno">  939</span>&#160;<span class="preprocessor">#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, ref) \</span></div><div class="line"><a name="l00940"></a><span class="lineno">  940</span>&#160;<span class="preprocessor">    PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, 0) == \</span></div><div class="line"><a name="l00941"></a><span class="lineno">  941</span>&#160;<span class="preprocessor">    PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ?  \</span></div><div class="line"><a name="l00942"></a><span class="lineno">  942</span>&#160;<span class="preprocessor">    ref :</span></div><div class="line"><a name="l00943"></a><span class="lineno">  943</span>&#160;</div><div class="line"><a name="l00944"></a><span class="lineno">  944</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE          ((psa_algorithm_t)0x10020000)</span></div><div class="line"><a name="l00945"></a><span class="lineno">  945</span>&#160;</div><div class="line"><a name="l00960"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">  960</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)                             \</span></div><div class="line"><a name="l00961"></a><span class="lineno">  961</span>&#160;<span class="preprocessor">    (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00962"></a><span class="lineno">  962</span>&#160;</div><div class="line"><a name="l00968"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817">  968</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></div><div class="line"><a name="l00969"></a><span class="lineno">  969</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)                               \</span></div><div class="line"><a name="l00970"></a><span class="lineno">  970</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)</span></div><div class="line"><a name="l00971"></a><span class="lineno">  971</span>&#160;</div><div class="line"><a name="l00972"></a><span class="lineno">  972</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PSS_BASE               ((psa_algorithm_t)0x10030000)</span></div><div class="line"><a name="l00973"></a><span class="lineno">  973</span>&#160;</div><div class="line"><a name="l00991"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">  991</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PSS(hash_alg)                               \</span></div><div class="line"><a name="l00992"></a><span class="lineno">  992</span>&#160;<span class="preprocessor">    (PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l00993"></a><span class="lineno">  993</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RSA_PSS(alg)                                 \</span></div><div class="line"><a name="l00994"></a><span class="lineno">  994</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)</span></div><div class="line"><a name="l00995"></a><span class="lineno">  995</span>&#160;</div><div class="line"><a name="l00996"></a><span class="lineno">  996</span>&#160;<span class="preprocessor">#define PSA_ALG_DSA_BASE                        ((psa_algorithm_t)0x10040000)</span></div><div class="line"><a name="l00997"></a><span class="lineno">  997</span>&#160;</div><div class="line"><a name="l01011"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e"> 1011</a></span>&#160;<span class="preprocessor">#define PSA_ALG_DSA(hash_alg)                             \</span></div><div class="line"><a name="l01012"></a><span class="lineno"> 1012</span>&#160;<span class="preprocessor">    (PSA_ALG_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01013"></a><span class="lineno"> 1013</span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_DSA_BASE          ((psa_algorithm_t)0x10050000)</span></div><div class="line"><a name="l01014"></a><span class="lineno"> 1014</span>&#160;<span class="preprocessor">#define PSA_ALG_DSA_DETERMINISTIC_FLAG          ((psa_algorithm_t)0x00010000)</span></div><div class="line"><a name="l01015"></a><span class="lineno"> 1015</span>&#160;</div><div class="line"><a name="l01029"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab8eb98fb6d2e094e47f3b44dfe128f94"> 1029</a></span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_DSA(hash_alg)                             \</span></div><div class="line"><a name="l01030"></a><span class="lineno"> 1030</span>&#160;<span class="preprocessor">    (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01031"></a><span class="lineno"> 1031</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_DSA(alg)                                             \</span></div><div class="line"><a name="l01032"></a><span class="lineno"> 1032</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \</span></div><div class="line"><a name="l01033"></a><span class="lineno"> 1033</span>&#160;<span class="preprocessor">     PSA_ALG_DSA_BASE)</span></div><div class="line"><a name="l01034"></a><span class="lineno"> 1034</span>&#160;<span class="preprocessor">#define PSA_ALG_DSA_IS_DETERMINISTIC(alg)               \</span></div><div class="line"><a name="l01035"></a><span class="lineno"> 1035</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</span></div><div class="line"><a name="l01036"></a><span class="lineno"> 1036</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_DETERMINISTIC_DSA(alg)                       \</span></div><div class="line"><a name="l01037"></a><span class="lineno"> 1037</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_DSA(alg) &amp;&amp; PSA_ALG_DSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01038"></a><span class="lineno"> 1038</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RANDOMIZED_DSA(alg)                          \</span></div><div class="line"><a name="l01039"></a><span class="lineno"> 1039</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_DSA(alg) &amp;&amp; !PSA_ALG_DSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01040"></a><span class="lineno"> 1040</span>&#160;</div><div class="line"><a name="l01041"></a><span class="lineno"> 1041</span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA_BASE                      ((psa_algorithm_t)0x10060000)</span></div><div class="line"><a name="l01042"></a><span class="lineno"> 1042</span>&#160;</div><div class="line"><a name="l01062"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3"> 1062</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA(hash_alg)                                 \</span></div><div class="line"><a name="l01063"></a><span class="lineno"> 1063</span>&#160;<span class="preprocessor">    (PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01064"></a><span class="lineno"> 1064</span>&#160;</div><div class="line"><a name="l01073"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4"> 1073</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE</span></div><div class="line"><a name="l01074"></a><span class="lineno"> 1074</span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_ECDSA_BASE        ((psa_algorithm_t)0x10070000)</span></div><div class="line"><a name="l01075"></a><span class="lineno"> 1075</span>&#160;</div><div class="line"><a name="l01097"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03"> 1097</a></span>&#160;<span class="preprocessor">#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)                           \</span></div><div class="line"><a name="l01098"></a><span class="lineno"> 1098</span>&#160;<span class="preprocessor">    (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01099"></a><span class="lineno"> 1099</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_ECDSA(alg)                                           \</span></div><div class="line"><a name="l01100"></a><span class="lineno"> 1100</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \</span></div><div class="line"><a name="l01101"></a><span class="lineno"> 1101</span>&#160;<span class="preprocessor">     PSA_ALG_ECDSA_BASE)</span></div><div class="line"><a name="l01102"></a><span class="lineno"> 1102</span>&#160;<span class="preprocessor">#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)             \</span></div><div class="line"><a name="l01103"></a><span class="lineno"> 1103</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</span></div><div class="line"><a name="l01104"></a><span class="lineno"> 1104</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)                             \</span></div><div class="line"><a name="l01105"></a><span class="lineno"> 1105</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01106"></a><span class="lineno"> 1106</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg)                                \</span></div><div class="line"><a name="l01107"></a><span class="lineno"> 1107</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span></div><div class="line"><a name="l01108"></a><span class="lineno"> 1108</span>&#160;</div><div class="line"><a name="l01122"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6"> 1122</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_HASH_AND_SIGN(alg)                                   \</span></div><div class="line"><a name="l01123"></a><span class="lineno"> 1123</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \</span></div><div class="line"><a name="l01124"></a><span class="lineno"> 1124</span>&#160;<span class="preprocessor">     PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))</span></div><div class="line"><a name="l01125"></a><span class="lineno"> 1125</span>&#160;</div><div class="line"><a name="l01144"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3"> 1144</a></span>&#160;<span class="preprocessor">#define PSA_ALG_SIGN_GET_HASH(alg)                                     \</span></div><div class="line"><a name="l01145"></a><span class="lineno"> 1145</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_HASH_AND_SIGN(alg) ?                                   \</span></div><div class="line"><a name="l01146"></a><span class="lineno"> 1146</span>&#160;<span class="preprocessor">     ((alg) &amp; PSA_ALG_HASH_MASK) == 0 ? </span><span class="comment">/*&quot;raw&quot; algorithm*/</span><span class="preprocessor"> 0 :        \</span></div><div class="line"><a name="l01147"></a><span class="lineno"> 1147</span>&#160;<span class="preprocessor">     ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :             \</span></div><div class="line"><a name="l01148"></a><span class="lineno"> 1148</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l01149"></a><span class="lineno"> 1149</span>&#160;</div><div class="line"><a name="l01152"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9"> 1152</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_PKCS1V15_CRYPT              ((psa_algorithm_t)0x12020000)</span></div><div class="line"><a name="l01153"></a><span class="lineno"> 1153</span>&#160;</div><div class="line"><a name="l01154"></a><span class="lineno"> 1154</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_OAEP_BASE                   ((psa_algorithm_t)0x12030000)</span></div><div class="line"><a name="l01155"></a><span class="lineno"> 1155</span>&#160;</div><div class="line"><a name="l01169"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76"> 1169</a></span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_OAEP(hash_alg)                              \</span></div><div class="line"><a name="l01170"></a><span class="lineno"> 1170</span>&#160;<span class="preprocessor">    (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01171"></a><span class="lineno"> 1171</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RSA_OAEP(alg)                                \</span></div><div class="line"><a name="l01172"></a><span class="lineno"> 1172</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)</span></div><div class="line"><a name="l01173"></a><span class="lineno"> 1173</span>&#160;<span class="preprocessor">#define PSA_ALG_RSA_OAEP_GET_HASH(alg)                          \</span></div><div class="line"><a name="l01174"></a><span class="lineno"> 1174</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_RSA_OAEP(alg) ?                                 \</span></div><div class="line"><a name="l01175"></a><span class="lineno"> 1175</span>&#160;<span class="preprocessor">     ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :      \</span></div><div class="line"><a name="l01176"></a><span class="lineno"> 1176</span>&#160;<span class="preprocessor">     0)</span></div><div class="line"><a name="l01177"></a><span class="lineno"> 1177</span>&#160;</div><div class="line"><a name="l01178"></a><span class="lineno"> 1178</span>&#160;<span class="preprocessor">#define PSA_ALG_HKDF_BASE                       ((psa_algorithm_t)0x20000100)</span></div><div class="line"><a name="l01179"></a><span class="lineno"> 1179</span>&#160;</div><div class="line"><a name="l01199"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82"> 1199</a></span>&#160;<span class="preprocessor">#define PSA_ALG_HKDF(hash_alg)                                  \</span></div><div class="line"><a name="l01200"></a><span class="lineno"> 1200</span>&#160;<span class="preprocessor">    (PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01201"></a><span class="lineno"> 1201</span>&#160;</div><div class="line"><a name="l01212"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2"> 1212</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_HKDF(alg)                            \</span></div><div class="line"><a name="l01213"></a><span class="lineno"> 1213</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</span></div><div class="line"><a name="l01214"></a><span class="lineno"> 1214</span>&#160;<span class="preprocessor">#define PSA_ALG_HKDF_GET_HASH(hkdf_alg)                         \</span></div><div class="line"><a name="l01215"></a><span class="lineno"> 1215</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01216"></a><span class="lineno"> 1216</span>&#160;</div><div class="line"><a name="l01217"></a><span class="lineno"> 1217</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PRF_BASE                  ((psa_algorithm_t)0x20000200)</span></div><div class="line"><a name="l01218"></a><span class="lineno"> 1218</span>&#160;</div><div class="line"><a name="l01240"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5"> 1240</a></span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PRF(hash_alg)                                  \</span></div><div class="line"><a name="l01241"></a><span class="lineno"> 1241</span>&#160;<span class="preprocessor">    (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01242"></a><span class="lineno"> 1242</span>&#160;</div><div class="line"><a name="l01251"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66"> 1251</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_TLS12_PRF(alg)                                    \</span></div><div class="line"><a name="l01252"></a><span class="lineno"> 1252</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</span></div><div class="line"><a name="l01253"></a><span class="lineno"> 1253</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg)                         \</span></div><div class="line"><a name="l01254"></a><span class="lineno"> 1254</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01255"></a><span class="lineno"> 1255</span>&#160;</div><div class="line"><a name="l01256"></a><span class="lineno"> 1256</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PSK_TO_MS_BASE            ((psa_algorithm_t)0x20000300)</span></div><div class="line"><a name="l01257"></a><span class="lineno"> 1257</span>&#160;</div><div class="line"><a name="l01280"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68"> 1280</a></span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg)                                  \</span></div><div class="line"><a name="l01281"></a><span class="lineno"> 1281</span>&#160;<span class="preprocessor">    (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01282"></a><span class="lineno"> 1282</span>&#160;</div><div class="line"><a name="l01291"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b"> 1291</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg)                                    \</span></div><div class="line"><a name="l01292"></a><span class="lineno"> 1292</span>&#160;<span class="preprocessor">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</span></div><div class="line"><a name="l01293"></a><span class="lineno"> 1293</span>&#160;<span class="preprocessor">#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg)                         \</span></div><div class="line"><a name="l01294"></a><span class="lineno"> 1294</span>&#160;<span class="preprocessor">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span></div><div class="line"><a name="l01295"></a><span class="lineno"> 1295</span>&#160;</div><div class="line"><a name="l01296"></a><span class="lineno"> 1296</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_DERIVATION_MASK             ((psa_algorithm_t)0x080fffff)</span></div><div class="line"><a name="l01297"></a><span class="lineno"> 1297</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_AGREEMENT_MASK              ((psa_algorithm_t)0x10f00000)</span></div><div class="line"><a name="l01298"></a><span class="lineno"> 1298</span>&#160;</div><div class="line"><a name="l01313"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga78bb81cffb87a635c247725eeb2a2682"> 1313</a></span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg)  \</span></div><div class="line"><a name="l01314"></a><span class="lineno"> 1314</span>&#160;<span class="preprocessor">    ((ka_alg) | (kdf_alg))</span></div><div class="line"><a name="l01315"></a><span class="lineno"> 1315</span>&#160;</div><div class="line"><a name="l01316"></a><span class="lineno"> 1316</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg)                              \</span></div><div class="line"><a name="l01317"></a><span class="lineno"> 1317</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)</span></div><div class="line"><a name="l01318"></a><span class="lineno"> 1318</span>&#160;</div><div class="line"><a name="l01319"></a><span class="lineno"> 1319</span>&#160;<span class="preprocessor">#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)                             \</span></div><div class="line"><a name="l01320"></a><span class="lineno"> 1320</span>&#160;<span class="preprocessor">    (((alg) &amp; PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)</span></div><div class="line"><a name="l01321"></a><span class="lineno"> 1321</span>&#160;</div><div class="line"><a name="l01336"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438"> 1336</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)                               \</span></div><div class="line"><a name="l01337"></a><span class="lineno"> 1337</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_KEY_AGREEMENT(alg) &amp;&amp;                                   \</span></div><div class="line"><a name="l01338"></a><span class="lineno"> 1338</span>&#160;<span class="preprocessor">     PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)</span></div><div class="line"><a name="l01339"></a><span class="lineno"> 1339</span>&#160;</div><div class="line"><a name="l01340"></a><span class="lineno"> 1340</span>&#160;<span class="preprocessor">#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg)     \</span></div><div class="line"><a name="l01341"></a><span class="lineno"> 1341</span>&#160;<span class="preprocessor">    ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))</span></div><div class="line"><a name="l01342"></a><span class="lineno"> 1342</span>&#160;</div><div class="line"><a name="l01351"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4"> 1351</a></span>&#160;<span class="preprocessor">#define PSA_ALG_FFDH                            ((psa_algorithm_t)0x30100000)</span></div><div class="line"><a name="l01352"></a><span class="lineno"> 1352</span>&#160;</div><div class="line"><a name="l01364"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e"> 1364</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_FFDH(alg) \</span></div><div class="line"><a name="l01365"></a><span class="lineno"> 1365</span>&#160;<span class="preprocessor">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)</span></div><div class="line"><a name="l01366"></a><span class="lineno"> 1366</span>&#160;</div><div class="line"><a name="l01392"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43"> 1392</a></span>&#160;<span class="preprocessor">#define PSA_ALG_ECDH                            ((psa_algorithm_t)0x30200000)</span></div><div class="line"><a name="l01393"></a><span class="lineno"> 1393</span>&#160;</div><div class="line"><a name="l01407"></a><span class="lineno"><a class="line" href="group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d"> 1407</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_ECDH(alg) \</span></div><div class="line"><a name="l01408"></a><span class="lineno"> 1408</span>&#160;<span class="preprocessor">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)</span></div><div class="line"><a name="l01409"></a><span class="lineno"> 1409</span>&#160;</div><div class="line"><a name="l01423"></a><span class="lineno"><a class="line" href="group__crypto__types.html#gacf83d7430e82b97cecb8b26ca6fa1426"> 1423</a></span>&#160;<span class="preprocessor">#define PSA_ALG_IS_WILDCARD(alg)                        \</span></div><div class="line"><a name="l01424"></a><span class="lineno"> 1424</span>&#160;<span class="preprocessor">    (PSA_ALG_IS_HASH_AND_SIGN(alg) ?                    \</span></div><div class="line"><a name="l01425"></a><span class="lineno"> 1425</span>&#160;<span class="preprocessor">     PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH :   \</span></div><div class="line"><a name="l01426"></a><span class="lineno"> 1426</span>&#160;<span class="preprocessor">     (alg) == PSA_ALG_ANY_HASH)</span></div><div class="line"><a name="l01427"></a><span class="lineno"> 1427</span>&#160;</div><div class="line"><a name="l01437"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108"> 1437</a></span>&#160;<span class="preprocessor">#define PSA_KEY_LIFETIME_VOLATILE               ((psa_key_lifetime_t)0x00000000)</span></div><div class="line"><a name="l01438"></a><span class="lineno"> 1438</span>&#160;</div><div class="line"><a name="l01451"></a><span class="lineno"><a class="line" href="group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02"> 1451</a></span>&#160;<span class="preprocessor">#define PSA_KEY_LIFETIME_PERSISTENT             ((psa_key_lifetime_t)0x00000001)</span></div><div class="line"><a name="l01452"></a><span class="lineno"> 1452</span>&#160;</div><div class="line"><a name="l01470"></a><span class="lineno"><a class="line" href="group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed"> 1470</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_EXPORT                    ((psa_key_usage_t)0x00000001)</span></div><div class="line"><a name="l01471"></a><span class="lineno"> 1471</span>&#160;</div><div class="line"><a name="l01481"></a><span class="lineno"><a class="line" href="group__policy.html#ga75153b296d045d529d97203a6a995dad"> 1481</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_ENCRYPT                   ((psa_key_usage_t)0x00000100)</span></div><div class="line"><a name="l01482"></a><span class="lineno"> 1482</span>&#160;</div><div class="line"><a name="l01492"></a><span class="lineno"><a class="line" href="group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a"> 1492</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_DECRYPT                   ((psa_key_usage_t)0x00000200)</span></div><div class="line"><a name="l01493"></a><span class="lineno"> 1493</span>&#160;</div><div class="line"><a name="l01502"></a><span class="lineno"><a class="line" href="group__policy.html#ga99b9f456cf59efc4b5579465407aef5a"> 1502</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_SIGN                      ((psa_key_usage_t)0x00000400)</span></div><div class="line"><a name="l01503"></a><span class="lineno"> 1503</span>&#160;</div><div class="line"><a name="l01512"></a><span class="lineno"><a class="line" href="group__policy.html#ga39b54ffd5958b69634607924fa53cea6"> 1512</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_VERIFY                    ((psa_key_usage_t)0x00000800)</span></div><div class="line"><a name="l01513"></a><span class="lineno"> 1513</span>&#160;</div><div class="line"><a name="l01516"></a><span class="lineno"><a class="line" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2"> 1516</a></span>&#160;<span class="preprocessor">#define PSA_KEY_USAGE_DERIVE                    ((psa_key_usage_t)0x00001000)</span></div><div class="line"><a name="l01517"></a><span class="lineno"> 1517</span>&#160;</div><div class="line"><a name="l01528"></a><span class="lineno"><a class="line" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168"> 1528</a></span>&#160;<span class="preprocessor">#define PSA_KDF_STEP_SECRET              ((psa_key_derivation_step_t)0x0101)</span></div><div class="line"><a name="l01529"></a><span class="lineno"> 1529</span>&#160;</div><div class="line"><a name="l01534"></a><span class="lineno"><a class="line" href="group__derivation.html#ga9f4da10191bcb690b88756ed8470b03c"> 1534</a></span>&#160;<span class="preprocessor">#define PSA_KDF_STEP_LABEL               ((psa_key_derivation_step_t)0x0201)</span></div><div class="line"><a name="l01535"></a><span class="lineno"> 1535</span>&#160;</div><div class="line"><a name="l01540"></a><span class="lineno"><a class="line" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327"> 1540</a></span>&#160;<span class="preprocessor">#define PSA_KDF_STEP_SALT                ((psa_key_derivation_step_t)0x0202)</span></div><div class="line"><a name="l01541"></a><span class="lineno"> 1541</span>&#160;</div><div class="line"><a name="l01546"></a><span class="lineno"><a class="line" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0"> 1546</a></span>&#160;<span class="preprocessor">#define PSA_KDF_STEP_INFO                ((psa_key_derivation_step_t)0x0203)</span></div><div class="line"><a name="l01547"></a><span class="lineno"> 1547</span>&#160;</div><div class="line"><a name="l01550"></a><span class="lineno"> 1550</span>&#160;<span class="preprocessor">#endif </span><span class="comment">/* PSA_CRYPTO_VALUES_H */</span><span class="preprocessor"></span></div></div><!-- fragment --></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/dir_7dae9cfde651cd3cb034485ce5e391b9.html b/docs/html/dir_7dae9cfde651cd3cb034485ce5e391b9.html
deleted file mode 100644
index cef9bc1..0000000
--- a/docs/html/dir_7dae9cfde651cd3cb034485ce5e391b9.html
+++ /dev/null
@@ -1,117 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa Directory Reference</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li class="current"><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div id="nav-path" class="navpath">
-  <ul>
-<li class="navelem"><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html">psa</a></li>  </ul>
-</div>
-</div><!-- top -->
-<div class="header">
-  <div class="headertitle">
-<div class="title">psa Directory Reference</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="files"></a>
-Files</h2></td></tr>
-<tr class="memitem:crypto_8h"><td class="memItemLeft" align="right" valign="top">file &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto_8h.html">crypto.h</a> <a href="crypto_8h_source.html">[code]</a></td></tr>
-<tr class="memdesc:crypto_8h"><td class="mdescLeft">&#160;</td><td class="mdescRight">Platform Security Architecture cryptography module. <br /></td></tr>
-<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:crypto__sizes_8h"><td class="memItemLeft" align="right" valign="top">file &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__sizes_8h.html">crypto_sizes.h</a> <a href="crypto__sizes_8h_source.html">[code]</a></td></tr>
-<tr class="memdesc:crypto__sizes_8h"><td class="mdescLeft">&#160;</td><td class="mdescRight">PSA cryptography module: Mbed TLS buffer size macros. <br /></td></tr>
-<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:crypto__types_8h"><td class="memItemLeft" align="right" valign="top">file &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__types_8h.html">crypto_types.h</a> <a href="crypto__types_8h_source.html">[code]</a></td></tr>
-<tr class="memdesc:crypto__types_8h"><td class="mdescLeft">&#160;</td><td class="mdescRight">PSA cryptography module: type aliases. <br /></td></tr>
-<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:crypto__values_8h"><td class="memItemLeft" align="right" valign="top">file &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="crypto__values_8h.html">crypto_values.h</a> <a href="crypto__values_8h_source.html">[code]</a></td></tr>
-<tr class="memdesc:crypto__values_8h"><td class="mdescLeft">&#160;</td><td class="mdescRight">PSA cryptography module: macros to build and analyze integer values. <br /></td></tr>
-<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/doc.png b/docs/html/doc.png
deleted file mode 100644
index 17edabf..0000000
--- a/docs/html/doc.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/doxygen.css b/docs/html/doxygen.css
deleted file mode 100644
index 1425ec5..0000000
--- a/docs/html/doxygen.css
+++ /dev/null
@@ -1,1475 +0,0 @@
-/* The standard CSS for doxygen 1.8.11 */
-
-body, table, div, p, dl {
-	font: 400 14px/22px Roboto,sans-serif;
-}
-
-/* @group Heading Levels */
-
-h1.groupheader {
-	font-size: 150%;
-}
-
-.title {
-	font: 400 14px/28px Roboto,sans-serif;
-	font-size: 150%;
-	font-weight: bold;
-	margin: 10px 2px;
-}
-
-h2.groupheader {
-	border-bottom: 1px solid #879ECB;
-	color: #354C7B;
-	font-size: 150%;
-	font-weight: normal;
-	margin-top: 1.75em;
-	padding-top: 8px;
-	padding-bottom: 4px;
-	width: 100%;
-}
-
-h3.groupheader {
-	font-size: 100%;
-}
-
-h1, h2, h3, h4, h5, h6 {
-	-webkit-transition: text-shadow 0.5s linear;
-	-moz-transition: text-shadow 0.5s linear;
-	-ms-transition: text-shadow 0.5s linear;
-	-o-transition: text-shadow 0.5s linear;
-	transition: text-shadow 0.5s linear;
-	margin-right: 15px;
-}
-
-h1.glow, h2.glow, h3.glow, h4.glow, h5.glow, h6.glow {
-	text-shadow: 0 0 15px cyan;
-}
-
-dt {
-	font-weight: bold;
-}
-
-div.multicol {
-	-moz-column-gap: 1em;
-	-webkit-column-gap: 1em;
-	-moz-column-count: 3;
-	-webkit-column-count: 3;
-}
-
-p.startli, p.startdd {
-	margin-top: 2px;
-}
-
-p.starttd {
-	margin-top: 0px;
-}
-
-p.endli {
-	margin-bottom: 0px;
-}
-
-p.enddd {
-	margin-bottom: 4px;
-}
-
-p.endtd {
-	margin-bottom: 2px;
-}
-
-/* @end */
-
-caption {
-	font-weight: bold;
-}
-
-span.legend {
-        font-size: 70%;
-        text-align: center;
-}
-
-h3.version {
-        font-size: 90%;
-        text-align: center;
-}
-
-div.qindex, div.navtab{
-	background-color: #EBEFF6;
-	border: 1px solid #A3B4D7;
-	text-align: center;
-}
-
-div.qindex, div.navpath {
-	width: 100%;
-	line-height: 140%;
-}
-
-div.navtab {
-	margin-right: 15px;
-}
-
-/* @group Link Styling */
-
-a {
-	color: #3D578C;
-	font-weight: normal;
-	text-decoration: none;
-}
-
-.contents a:visited {
-	color: #4665A2;
-}
-
-a:hover {
-	text-decoration: underline;
-}
-
-a.qindex {
-	font-weight: bold;
-}
-
-a.qindexHL {
-	font-weight: bold;
-	background-color: #9CAFD4;
-	color: #ffffff;
-	border: 1px double #869DCA;
-}
-
-.contents a.qindexHL:visited {
-        color: #ffffff;
-}
-
-a.el {
-	font-weight: bold;
-}
-
-a.elRef {
-}
-
-a.code, a.code:visited, a.line, a.line:visited {
-	color: #4665A2; 
-}
-
-a.codeRef, a.codeRef:visited, a.lineRef, a.lineRef:visited {
-	color: #4665A2; 
-}
-
-/* @end */
-
-dl.el {
-	margin-left: -1cm;
-}
-
-pre.fragment {
-        border: 1px solid #C4CFE5;
-        background-color: #FBFCFD;
-        padding: 4px 6px;
-        margin: 4px 8px 4px 2px;
-        overflow: auto;
-        word-wrap: break-word;
-        font-size:  9pt;
-        line-height: 125%;
-        font-family: monospace, fixed;
-        font-size: 105%;
-}
-
-div.fragment {
-        padding: 4px 6px;
-        margin: 4px 8px 4px 2px;
-	background-color: #FBFCFD;
-	border: 1px solid #C4CFE5;
-}
-
-div.line {
-	font-family: monospace, fixed;
-        font-size: 13px;
-	min-height: 13px;
-	line-height: 1.0;
-	text-wrap: unrestricted;
-	white-space: -moz-pre-wrap; /* Moz */
-	white-space: -pre-wrap;     /* Opera 4-6 */
-	white-space: -o-pre-wrap;   /* Opera 7 */
-	white-space: pre-wrap;      /* CSS3  */
-	word-wrap: break-word;      /* IE 5.5+ */
-	text-indent: -53px;
-	padding-left: 53px;
-	padding-bottom: 0px;
-	margin: 0px;
-	-webkit-transition-property: background-color, box-shadow;
-	-webkit-transition-duration: 0.5s;
-	-moz-transition-property: background-color, box-shadow;
-	-moz-transition-duration: 0.5s;
-	-ms-transition-property: background-color, box-shadow;
-	-ms-transition-duration: 0.5s;
-	-o-transition-property: background-color, box-shadow;
-	-o-transition-duration: 0.5s;
-	transition-property: background-color, box-shadow;
-	transition-duration: 0.5s;
-}
-
-div.line:after {
-    content:"\000A";
-    white-space: pre;
-}
-
-div.line.glow {
-	background-color: cyan;
-	box-shadow: 0 0 10px cyan;
-}
-
-
-span.lineno {
-	padding-right: 4px;
-	text-align: right;
-	border-right: 2px solid #0F0;
-	background-color: #E8E8E8;
-        white-space: pre;
-}
-span.lineno a {
-	background-color: #D8D8D8;
-}
-
-span.lineno a:hover {
-	background-color: #C8C8C8;
-}
-
-div.ah, span.ah {
-	background-color: black;
-	font-weight: bold;
-	color: #ffffff;
-	margin-bottom: 3px;
-	margin-top: 3px;
-	padding: 0.2em;
-	border: solid thin #333;
-	border-radius: 0.5em;
-	-webkit-border-radius: .5em;
-	-moz-border-radius: .5em;
-	box-shadow: 2px 2px 3px #999;
-	-webkit-box-shadow: 2px 2px 3px #999;
-	-moz-box-shadow: rgba(0, 0, 0, 0.15) 2px 2px 2px;
-	background-image: -webkit-gradient(linear, left top, left bottom, from(#eee), to(#000),color-stop(0.3, #444));
-	background-image: -moz-linear-gradient(center top, #eee 0%, #444 40%, #000 110%);
-}
-
-div.classindex ul {
-        list-style: none;
-        padding-left: 0;
-}
-
-div.classindex span.ai {
-        display: inline-block;
-}
-
-div.groupHeader {
-	margin-left: 16px;
-	margin-top: 12px;
-	font-weight: bold;
-}
-
-div.groupText {
-	margin-left: 16px;
-	font-style: italic;
-}
-
-body {
-	background-color: white;
-	color: black;
-        margin: 0;
-}
-
-div.contents {
-	margin-top: 10px;
-	margin-left: 12px;
-	margin-right: 8px;
-}
-
-td.indexkey {
-	background-color: #EBEFF6;
-	font-weight: bold;
-	border: 1px solid #C4CFE5;
-	margin: 2px 0px 2px 0;
-	padding: 2px 10px;
-        white-space: nowrap;
-        vertical-align: top;
-}
-
-td.indexvalue {
-	background-color: #EBEFF6;
-	border: 1px solid #C4CFE5;
-	padding: 2px 10px;
-	margin: 2px 0px;
-}
-
-tr.memlist {
-	background-color: #EEF1F7;
-}
-
-p.formulaDsp {
-	text-align: center;
-}
-
-img.formulaDsp {
-	
-}
-
-img.formulaInl {
-	vertical-align: middle;
-}
-
-div.center {
-	text-align: center;
-        margin-top: 0px;
-        margin-bottom: 0px;
-        padding: 0px;
-}
-
-div.center img {
-	border: 0px;
-}
-
-address.footer {
-	text-align: right;
-	padding-right: 12px;
-}
-
-img.footer {
-	border: 0px;
-	vertical-align: middle;
-}
-
-/* @group Code Colorization */
-
-span.keyword {
-	color: #008000
-}
-
-span.keywordtype {
-	color: #604020
-}
-
-span.keywordflow {
-	color: #e08000
-}
-
-span.comment {
-	color: #800000
-}
-
-span.preprocessor {
-	color: #806020
-}
-
-span.stringliteral {
-	color: #002080
-}
-
-span.charliteral {
-	color: #008080
-}
-
-span.vhdldigit { 
-	color: #ff00ff 
-}
-
-span.vhdlchar { 
-	color: #000000 
-}
-
-span.vhdlkeyword { 
-	color: #700070 
-}
-
-span.vhdllogic { 
-	color: #ff0000 
-}
-
-blockquote {
-        background-color: #F7F8FB;
-        border-left: 2px solid #9CAFD4;
-        margin: 0 24px 0 4px;
-        padding: 0 12px 0 16px;
-}
-
-/* @end */
-
-/*
-.search {
-	color: #003399;
-	font-weight: bold;
-}
-
-form.search {
-	margin-bottom: 0px;
-	margin-top: 0px;
-}
-
-input.search {
-	font-size: 75%;
-	color: #000080;
-	font-weight: normal;
-	background-color: #e8eef2;
-}
-*/
-
-td.tiny {
-	font-size: 75%;
-}
-
-.dirtab {
-	padding: 4px;
-	border-collapse: collapse;
-	border: 1px solid #A3B4D7;
-}
-
-th.dirtab {
-	background: #EBEFF6;
-	font-weight: bold;
-}
-
-hr {
-	height: 0px;
-	border: none;
-	border-top: 1px solid #4A6AAA;
-}
-
-hr.footer {
-	height: 1px;
-}
-
-/* @group Member Descriptions */
-
-table.memberdecls {
-	border-spacing: 0px;
-	padding: 0px;
-}
-
-.memberdecls td, .fieldtable tr {
-	-webkit-transition-property: background-color, box-shadow;
-	-webkit-transition-duration: 0.5s;
-	-moz-transition-property: background-color, box-shadow;
-	-moz-transition-duration: 0.5s;
-	-ms-transition-property: background-color, box-shadow;
-	-ms-transition-duration: 0.5s;
-	-o-transition-property: background-color, box-shadow;
-	-o-transition-duration: 0.5s;
-	transition-property: background-color, box-shadow;
-	transition-duration: 0.5s;
-}
-
-.memberdecls td.glow, .fieldtable tr.glow {
-	background-color: cyan;
-	box-shadow: 0 0 15px cyan;
-}
-
-.mdescLeft, .mdescRight,
-.memItemLeft, .memItemRight,
-.memTemplItemLeft, .memTemplItemRight, .memTemplParams {
-	background-color: #F9FAFC;
-	border: none;
-	margin: 4px;
-	padding: 1px 0 0 8px;
-}
-
-.mdescLeft, .mdescRight {
-	padding: 0px 8px 4px 8px;
-	color: #555;
-}
-
-.memSeparator {
-        border-bottom: 1px solid #DEE4F0;
-        line-height: 1px;
-        margin: 0px;
-        padding: 0px;
-}
-
-.memItemLeft, .memTemplItemLeft {
-        white-space: nowrap;
-}
-
-.memItemRight {
-	width: 100%;
-}
-
-.memTemplParams {
-	color: #4665A2;
-        white-space: nowrap;
-	font-size: 80%;
-}
-
-/* @end */
-
-/* @group Member Details */
-
-/* Styles for detailed member documentation */
-
-.memtemplate {
-	font-size: 80%;
-	color: #4665A2;
-	font-weight: normal;
-	margin-left: 9px;
-}
-
-.memnav {
-	background-color: #EBEFF6;
-	border: 1px solid #A3B4D7;
-	text-align: center;
-	margin: 2px;
-	margin-right: 15px;
-	padding: 2px;
-}
-
-.mempage {
-	width: 100%;
-}
-
-.memitem {
-	padding: 0;
-	margin-bottom: 10px;
-	margin-right: 5px;
-        -webkit-transition: box-shadow 0.5s linear;
-        -moz-transition: box-shadow 0.5s linear;
-        -ms-transition: box-shadow 0.5s linear;
-        -o-transition: box-shadow 0.5s linear;
-        transition: box-shadow 0.5s linear;
-        display: table !important;
-        width: 100%;
-}
-
-.memitem.glow {
-         box-shadow: 0 0 15px cyan;
-}
-
-.memname {
-        font-weight: bold;
-        margin-left: 6px;
-}
-
-.memname td {
-	vertical-align: bottom;
-}
-
-.memproto, dl.reflist dt {
-        border-top: 1px solid #A8B8D9;
-        border-left: 1px solid #A8B8D9;
-        border-right: 1px solid #A8B8D9;
-        padding: 6px 0px 6px 0px;
-        color: #253555;
-        font-weight: bold;
-        text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.9);
-        background-image:url('nav_f.png');
-        background-repeat:repeat-x;
-        background-color: #E2E8F2;
-        /* opera specific markup */
-        box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
-        border-top-right-radius: 4px;
-        border-top-left-radius: 4px;
-        /* firefox specific markup */
-        -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px;
-        -moz-border-radius-topright: 4px;
-        -moz-border-radius-topleft: 4px;
-        /* webkit specific markup */
-        -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
-        -webkit-border-top-right-radius: 4px;
-        -webkit-border-top-left-radius: 4px;
-
-}
-
-.memdoc, dl.reflist dd {
-        border-bottom: 1px solid #A8B8D9;      
-        border-left: 1px solid #A8B8D9;      
-        border-right: 1px solid #A8B8D9; 
-        padding: 6px 10px 2px 10px;
-        background-color: #FBFCFD;
-        border-top-width: 0;
-        background-image:url('nav_g.png');
-        background-repeat:repeat-x;
-        background-color: #FFFFFF;
-        /* opera specific markup */
-        border-bottom-left-radius: 4px;
-        border-bottom-right-radius: 4px;
-        box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
-        /* firefox specific markup */
-        -moz-border-radius-bottomleft: 4px;
-        -moz-border-radius-bottomright: 4px;
-        -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px;
-        /* webkit specific markup */
-        -webkit-border-bottom-left-radius: 4px;
-        -webkit-border-bottom-right-radius: 4px;
-        -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
-}
-
-dl.reflist dt {
-        padding: 5px;
-}
-
-dl.reflist dd {
-        margin: 0px 0px 10px 0px;
-        padding: 5px;
-}
-
-.paramkey {
-	text-align: right;
-}
-
-.paramtype {
-	white-space: nowrap;
-}
-
-.paramname {
-	color: #602020;
-	white-space: nowrap;
-}
-.paramname em {
-	font-style: normal;
-}
-.paramname code {
-        line-height: 14px;
-}
-
-.params, .retval, .exception, .tparams {
-        margin-left: 0px;
-        padding-left: 0px;
-}       
-
-.params .paramname, .retval .paramname {
-        font-weight: bold;
-        vertical-align: top;
-}
-        
-.params .paramtype {
-        font-style: italic;
-        vertical-align: top;
-}       
-        
-.params .paramdir {
-        font-family: "courier new",courier,monospace;
-        vertical-align: top;
-}
-
-table.mlabels {
-	border-spacing: 0px;
-}
-
-td.mlabels-left {
-	width: 100%;
-	padding: 0px;
-}
-
-td.mlabels-right {
-	vertical-align: bottom;
-	padding: 0px;
-	white-space: nowrap;
-}
-
-span.mlabels {
-        margin-left: 8px;
-}
-
-span.mlabel {
-        background-color: #728DC1;
-        border-top:1px solid #5373B4;
-        border-left:1px solid #5373B4;
-        border-right:1px solid #C4CFE5;
-        border-bottom:1px solid #C4CFE5;
-	text-shadow: none;
-	color: white;
-	margin-right: 4px;
-	padding: 2px 3px;
-	border-radius: 3px;
-	font-size: 7pt;
-	white-space: nowrap;
-	vertical-align: middle;
-}
-
-
-
-/* @end */
-
-/* these are for tree view inside a (index) page */
-
-div.directory {
-        margin: 10px 0px;
-        border-top: 1px solid #9CAFD4;
-        border-bottom: 1px solid #9CAFD4;
-        width: 100%;
-}
-
-.directory table {
-        border-collapse:collapse;
-}
-
-.directory td {
-        margin: 0px;
-        padding: 0px;
-	vertical-align: top;
-}
-
-.directory td.entry {
-        white-space: nowrap;
-        padding-right: 6px;
-	padding-top: 3px;
-}
-
-.directory td.entry a {
-        outline:none;
-}
-
-.directory td.entry a img {
-        border: none;
-}
-
-.directory td.desc {
-        width: 100%;
-        padding-left: 6px;
-	padding-right: 6px;
-	padding-top: 3px;
-	border-left: 1px solid rgba(0,0,0,0.05);
-}
-
-.directory tr.even {
-	padding-left: 6px;
-	background-color: #F7F8FB;
-}
-
-.directory img {
-	vertical-align: -30%;
-}
-
-.directory .levels {
-        white-space: nowrap;
-        width: 100%;
-        text-align: right;
-        font-size: 9pt;
-}
-
-.directory .levels span {
-        cursor: pointer;
-        padding-left: 2px;
-        padding-right: 2px;
-	color: #3D578C;
-}
-
-.arrow {
-    color: #9CAFD4;
-    -webkit-user-select: none;
-    -khtml-user-select: none;
-    -moz-user-select: none;
-    -ms-user-select: none;
-    user-select: none;
-    cursor: pointer;
-    font-size: 80%;
-    display: inline-block;
-    width: 16px;
-    height: 22px;
-}
-
-.icon {
-    font-family: Arial, Helvetica;
-    font-weight: bold;
-    font-size: 12px;
-    height: 14px;
-    width: 16px;
-    display: inline-block;
-    background-color: #728DC1;
-    color: white;
-    text-align: center;
-    border-radius: 4px;
-    margin-left: 2px;
-    margin-right: 2px;
-}
-
-.icona {
-    width: 24px;
-    height: 22px;
-    display: inline-block;
-}
-
-.iconfopen {
-    width: 24px;
-    height: 18px;
-    margin-bottom: 4px;
-    background-image:url('folderopen.png');
-    background-position: 0px -4px;
-    background-repeat: repeat-y;
-    vertical-align:top;
-    display: inline-block;
-}
-
-.iconfclosed {
-    width: 24px;
-    height: 18px;
-    margin-bottom: 4px;
-    background-image:url('folderclosed.png');
-    background-position: 0px -4px;
-    background-repeat: repeat-y;
-    vertical-align:top;
-    display: inline-block;
-}
-
-.icondoc {
-    width: 24px;
-    height: 18px;
-    margin-bottom: 4px;
-    background-image:url('doc.png');
-    background-position: 0px -4px;
-    background-repeat: repeat-y;
-    vertical-align:top;
-    display: inline-block;
-}
-
-table.directory {
-    font: 400 14px Roboto,sans-serif;
-}
-
-/* @end */
-
-div.dynheader {
-        margin-top: 8px;
-	-webkit-touch-callout: none;
-	-webkit-user-select: none;
-	-khtml-user-select: none;
-	-moz-user-select: none;
-	-ms-user-select: none;
-	user-select: none;
-}
-
-address {
-	font-style: normal;
-	color: #2A3D61;
-}
-
-table.doxtable caption {
-	caption-side: top;
-}
-
-table.doxtable {
-	border-collapse:collapse;
-        margin-top: 4px;
-        margin-bottom: 4px;
-}
-
-table.doxtable td, table.doxtable th {
-	border: 1px solid #2D4068;
-	padding: 3px 7px 2px;
-}
-
-table.doxtable th {
-	background-color: #374F7F;
-	color: #FFFFFF;
-	font-size: 110%;
-	padding-bottom: 4px;
-	padding-top: 5px;
-}
-
-table.fieldtable {
-        /*width: 100%;*/
-        margin-bottom: 10px;
-        border: 1px solid #A8B8D9;
-        border-spacing: 0px;
-        -moz-border-radius: 4px;
-        -webkit-border-radius: 4px;
-        border-radius: 4px;
-        -moz-box-shadow: rgba(0, 0, 0, 0.15) 2px 2px 2px;
-        -webkit-box-shadow: 2px 2px 2px rgba(0, 0, 0, 0.15);
-        box-shadow: 2px 2px 2px rgba(0, 0, 0, 0.15);
-}
-
-.fieldtable td, .fieldtable th {
-        padding: 3px 7px 2px;
-}
-
-.fieldtable td.fieldtype, .fieldtable td.fieldname {
-        white-space: nowrap;
-        border-right: 1px solid #A8B8D9;
-        border-bottom: 1px solid #A8B8D9;
-        vertical-align: top;
-}
-
-.fieldtable td.fieldname {
-        padding-top: 3px;
-}
-
-.fieldtable td.fielddoc {
-        border-bottom: 1px solid #A8B8D9;
-        /*width: 100%;*/
-}
-
-.fieldtable td.fielddoc p:first-child {
-        margin-top: 0px;
-}       
-        
-.fieldtable td.fielddoc p:last-child {
-        margin-bottom: 2px;
-}
-
-.fieldtable tr:last-child td {
-        border-bottom: none;
-}
-
-.fieldtable th {
-        background-image:url('nav_f.png');
-        background-repeat:repeat-x;
-        background-color: #E2E8F2;
-        font-size: 90%;
-        color: #253555;
-        padding-bottom: 4px;
-        padding-top: 5px;
-        text-align:left;
-        -moz-border-radius-topleft: 4px;
-        -moz-border-radius-topright: 4px;
-        -webkit-border-top-left-radius: 4px;
-        -webkit-border-top-right-radius: 4px;
-        border-top-left-radius: 4px;
-        border-top-right-radius: 4px;
-        border-bottom: 1px solid #A8B8D9;
-}
-
-
-.tabsearch {
-	top: 0px;
-	left: 10px;
-	height: 36px;
-	background-image: url('tab_b.png');
-	z-index: 101;
-	overflow: hidden;
-	font-size: 13px;
-}
-
-.navpath ul
-{
-	font-size: 11px;
-	background-image:url('tab_b.png');
-	background-repeat:repeat-x;
-	background-position: 0 -5px;
-	height:30px;
-	line-height:30px;
-	color:#8AA0CC;
-	border:solid 1px #C2CDE4;
-	overflow:hidden;
-	margin:0px;
-	padding:0px;
-}
-
-.navpath li
-{
-	list-style-type:none;
-	float:left;
-	padding-left:10px;
-	padding-right:15px;
-	background-image:url('bc_s.png');
-	background-repeat:no-repeat;
-	background-position:right;
-	color:#364D7C;
-}
-
-.navpath li.navelem a
-{
-	height:32px;
-	display:block;
-	text-decoration: none;
-	outline: none;
-	color: #283A5D;
-	font-family: 'Lucida Grande',Geneva,Helvetica,Arial,sans-serif;
-	text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.9);
-	text-decoration: none;        
-}
-
-.navpath li.navelem a:hover
-{
-	color:#6884BD;
-}
-
-.navpath li.footer
-{
-        list-style-type:none;
-        float:right;
-        padding-left:10px;
-        padding-right:15px;
-        background-image:none;
-        background-repeat:no-repeat;
-        background-position:right;
-        color:#364D7C;
-        font-size: 8pt;
-}
-
-
-div.summary
-{
-	float: right;
-	font-size: 8pt;
-	padding-right: 5px;
-	width: 50%;
-	text-align: right;
-}       
-
-div.summary a
-{
-	white-space: nowrap;
-}
-
-table.classindex
-{
-        margin: 10px;
-        white-space: nowrap;
-        margin-left: 3%;
-        margin-right: 3%;
-        width: 94%;
-        border: 0;
-        border-spacing: 0; 
-        padding: 0;
-}
-
-div.ingroups
-{
-	font-size: 8pt;
-	width: 50%;
-	text-align: left;
-}
-
-div.ingroups a
-{
-	white-space: nowrap;
-}
-
-div.header
-{
-        background-image:url('nav_h.png');
-        background-repeat:repeat-x;
-	background-color: #F9FAFC;
-	margin:  0px;
-	border-bottom: 1px solid #C4CFE5;
-}
-
-div.headertitle
-{
-	padding: 5px 5px 5px 10px;
-}
-
-dl
-{
-        padding: 0 0 0 10px;
-}
-
-/* dl.note, dl.warning, dl.attention, dl.pre, dl.post, dl.invariant, dl.deprecated, dl.todo, dl.test, dl.bug */
-dl.section
-{
-	margin-left: 0px;
-	padding-left: 0px;
-}
-
-dl.note
-{
-        margin-left:-7px;
-        padding-left: 3px;
-        border-left:4px solid;
-        border-color: #D0C000;
-}
-
-dl.warning, dl.attention
-{
-        margin-left:-7px;
-        padding-left: 3px;
-        border-left:4px solid;
-        border-color: #FF0000;
-}
-
-dl.pre, dl.post, dl.invariant
-{
-        margin-left:-7px;
-        padding-left: 3px;
-        border-left:4px solid;
-        border-color: #00D000;
-}
-
-dl.deprecated
-{
-        margin-left:-7px;
-        padding-left: 3px;
-        border-left:4px solid;
-        border-color: #505050;
-}
-
-dl.todo
-{
-        margin-left:-7px;
-        padding-left: 3px;
-        border-left:4px solid;
-        border-color: #00C0E0;
-}
-
-dl.test
-{
-        margin-left:-7px;
-        padding-left: 3px;
-        border-left:4px solid;
-        border-color: #3030E0;
-}
-
-dl.bug
-{
-        margin-left:-7px;
-        padding-left: 3px;
-        border-left:4px solid;
-        border-color: #C08050;
-}
-
-dl.section dd {
-	margin-bottom: 6px;
-}
-
-
-#projectlogo
-{
-	text-align: center;
-	vertical-align: bottom;
-	border-collapse: separate;
-}
- 
-#projectlogo img
-{ 
-	border: 0px none;
-}
- 
-#projectalign
-{
-        vertical-align: middle;
-}
-
-#projectname
-{
-	font: 300% Tahoma, Arial,sans-serif;
-	margin: 0px;
-	padding: 2px 0px;
-}
-    
-#projectbrief
-{
-	font: 120% Tahoma, Arial,sans-serif;
-	margin: 0px;
-	padding: 0px;
-}
-
-#projectnumber
-{
-	font: 50% Tahoma, Arial,sans-serif;
-	margin: 0px;
-	padding: 0px;
-}
-
-#titlearea
-{
-	padding: 0px;
-	margin: 0px;
-	width: 100%;
-	border-bottom: 1px solid #5373B4;
-}
-
-.image
-{
-        text-align: center;
-}
-
-.dotgraph
-{
-        text-align: center;
-}
-
-.mscgraph
-{
-        text-align: center;
-}
-
-.diagraph
-{
-        text-align: center;
-}
-
-.caption
-{
-	font-weight: bold;
-}
-
-div.zoom
-{
-	border: 1px solid #90A5CE;
-}
-
-dl.citelist {
-        margin-bottom:50px;
-}
-
-dl.citelist dt {
-        color:#334975;
-        float:left;
-        font-weight:bold;
-        margin-right:10px;
-        padding:5px;
-}
-
-dl.citelist dd {
-        margin:2px 0;
-        padding:5px 0;
-}
-
-div.toc {
-        padding: 14px 25px;
-        background-color: #F4F6FA;
-        border: 1px solid #D8DFEE;
-        border-radius: 7px 7px 7px 7px;
-        float: right;
-        height: auto;
-        margin: 0 8px 10px 10px;
-        width: 200px;
-}
-
-div.toc li {
-        background: url("bdwn.png") no-repeat scroll 0 5px transparent;
-        font: 10px/1.2 Verdana,DejaVu Sans,Geneva,sans-serif;
-        margin-top: 5px;
-        padding-left: 10px;
-        padding-top: 2px;
-}
-
-div.toc h3 {
-        font: bold 12px/1.2 Arial,FreeSans,sans-serif;
-	color: #4665A2;
-        border-bottom: 0 none;
-        margin: 0;
-}
-
-div.toc ul {
-        list-style: none outside none;
-        border: medium none;
-        padding: 0px;
-}       
-
-div.toc li.level1 {
-        margin-left: 0px;
-}
-
-div.toc li.level2 {
-        margin-left: 15px;
-}
-
-div.toc li.level3 {
-        margin-left: 30px;
-}
-
-div.toc li.level4 {
-        margin-left: 45px;
-}
-
-.inherit_header {
-        font-weight: bold;
-        color: gray;
-        cursor: pointer;
-	-webkit-touch-callout: none;
-	-webkit-user-select: none;
-	-khtml-user-select: none;
-	-moz-user-select: none;
-	-ms-user-select: none;
-	user-select: none;
-}
-
-.inherit_header td {
-        padding: 6px 0px 2px 5px;
-}
-
-.inherit {
-        display: none;
-}
-
-tr.heading h2 {
-        margin-top: 12px;
-        margin-bottom: 4px;
-}
-
-/* tooltip related style info */
-
-.ttc {
-        position: absolute;
-        display: none;
-}
-
-#powerTip {
-	cursor: default;
-	white-space: nowrap;
-	background-color: white;
-	border: 1px solid gray;
-	border-radius: 4px 4px 4px 4px;
-	box-shadow: 1px 1px 7px gray;
-	display: none;
-	font-size: smaller;
-	max-width: 80%;
-	opacity: 0.9;
-	padding: 1ex 1em 1em;
-	position: absolute;
-	z-index: 2147483647;
-}
-
-#powerTip div.ttdoc {
-        color: grey;
-	font-style: italic;
-}
-
-#powerTip div.ttname a {
-        font-weight: bold;
-}
-
-#powerTip div.ttname {
-        font-weight: bold;
-}
-
-#powerTip div.ttdeci {
-        color: #006318;
-}
-
-#powerTip div {
-        margin: 0px;
-        padding: 0px;
-        font: 12px/16px Roboto,sans-serif;
-}
-
-#powerTip:before, #powerTip:after {
-	content: "";
-	position: absolute;
-	margin: 0px;
-}
-
-#powerTip.n:after,  #powerTip.n:before,
-#powerTip.s:after,  #powerTip.s:before,
-#powerTip.w:after,  #powerTip.w:before,
-#powerTip.e:after,  #powerTip.e:before,
-#powerTip.ne:after, #powerTip.ne:before,
-#powerTip.se:after, #powerTip.se:before,
-#powerTip.nw:after, #powerTip.nw:before,
-#powerTip.sw:after, #powerTip.sw:before {
-	border: solid transparent;
-	content: " ";
-	height: 0;
-	width: 0;
-	position: absolute;
-}
-
-#powerTip.n:after,  #powerTip.s:after,
-#powerTip.w:after,  #powerTip.e:after,
-#powerTip.nw:after, #powerTip.ne:after,
-#powerTip.sw:after, #powerTip.se:after {
-	border-color: rgba(255, 255, 255, 0);
-}
-
-#powerTip.n:before,  #powerTip.s:before,
-#powerTip.w:before,  #powerTip.e:before,
-#powerTip.nw:before, #powerTip.ne:before,
-#powerTip.sw:before, #powerTip.se:before {
-	border-color: rgba(128, 128, 128, 0);
-}
-
-#powerTip.n:after,  #powerTip.n:before,
-#powerTip.ne:after, #powerTip.ne:before,
-#powerTip.nw:after, #powerTip.nw:before {
-	top: 100%;
-}
-
-#powerTip.n:after, #powerTip.ne:after, #powerTip.nw:after {
-	border-top-color: #ffffff;
-	border-width: 10px;
-	margin: 0px -10px;
-}
-#powerTip.n:before {
-	border-top-color: #808080;
-	border-width: 11px;
-	margin: 0px -11px;
-}
-#powerTip.n:after, #powerTip.n:before {
-	left: 50%;
-}
-
-#powerTip.nw:after, #powerTip.nw:before {
-	right: 14px;
-}
-
-#powerTip.ne:after, #powerTip.ne:before {
-	left: 14px;
-}
-
-#powerTip.s:after,  #powerTip.s:before,
-#powerTip.se:after, #powerTip.se:before,
-#powerTip.sw:after, #powerTip.sw:before {
-	bottom: 100%;
-}
-
-#powerTip.s:after, #powerTip.se:after, #powerTip.sw:after {
-	border-bottom-color: #ffffff;
-	border-width: 10px;
-	margin: 0px -10px;
-}
-
-#powerTip.s:before, #powerTip.se:before, #powerTip.sw:before {
-	border-bottom-color: #808080;
-	border-width: 11px;
-	margin: 0px -11px;
-}
-
-#powerTip.s:after, #powerTip.s:before {
-	left: 50%;
-}
-
-#powerTip.sw:after, #powerTip.sw:before {
-	right: 14px;
-}
-
-#powerTip.se:after, #powerTip.se:before {
-	left: 14px;
-}
-
-#powerTip.e:after, #powerTip.e:before {
-	left: 100%;
-}
-#powerTip.e:after {
-	border-left-color: #ffffff;
-	border-width: 10px;
-	top: 50%;
-	margin-top: -10px;
-}
-#powerTip.e:before {
-	border-left-color: #808080;
-	border-width: 11px;
-	top: 50%;
-	margin-top: -11px;
-}
-
-#powerTip.w:after, #powerTip.w:before {
-	right: 100%;
-}
-#powerTip.w:after {
-	border-right-color: #ffffff;
-	border-width: 10px;
-	top: 50%;
-	margin-top: -10px;
-}
-#powerTip.w:before {
-	border-right-color: #808080;
-	border-width: 11px;
-	top: 50%;
-	margin-top: -11px;
-}
-
-@media print
-{
-  #top { display: none; }
-  #side-nav { display: none; }
-  #nav-path { display: none; }
-  body { overflow:visible; }
-  h1, h2, h3, h4, h5, h6 { page-break-after: avoid; }
-  .summary { display: none; }
-  .memitem { page-break-inside: avoid; }
-  #doc-content
-  {
-    margin-left:0 !important;
-    height:auto !important;
-    width:auto !important;
-    overflow:inherit;
-    display:inline;
-  }
-}
-
diff --git a/docs/html/doxygen.png b/docs/html/doxygen.png
deleted file mode 100644
index 3ff17d8..0000000
--- a/docs/html/doxygen.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/dynsections.js b/docs/html/dynsections.js
deleted file mode 100644
index 85e1836..0000000
--- a/docs/html/dynsections.js
+++ /dev/null
@@ -1,97 +0,0 @@
-function toggleVisibility(linkObj)
-{
- var base = $(linkObj).attr('id');
- var summary = $('#'+base+'-summary');
- var content = $('#'+base+'-content');
- var trigger = $('#'+base+'-trigger');
- var src=$(trigger).attr('src');
- if (content.is(':visible')===true) {
-   content.hide();
-   summary.show();
-   $(linkObj).addClass('closed').removeClass('opened');
-   $(trigger).attr('src',src.substring(0,src.length-8)+'closed.png');
- } else {
-   content.show();
-   summary.hide();
-   $(linkObj).removeClass('closed').addClass('opened');
-   $(trigger).attr('src',src.substring(0,src.length-10)+'open.png');
- } 
- return false;
-}
-
-function updateStripes()
-{
-  $('table.directory tr').
-       removeClass('even').filter(':visible:even').addClass('even');
-}
-
-function toggleLevel(level)
-{
-  $('table.directory tr').each(function() {
-    var l = this.id.split('_').length-1;
-    var i = $('#img'+this.id.substring(3));
-    var a = $('#arr'+this.id.substring(3));
-    if (l<level+1) {
-      i.removeClass('iconfopen iconfclosed').addClass('iconfopen');
-      a.html('&#9660;');
-      $(this).show();
-    } else if (l==level+1) {
-      i.removeClass('iconfclosed iconfopen').addClass('iconfclosed');
-      a.html('&#9658;');
-      $(this).show();
-    } else {
-      $(this).hide();
-    }
-  });
-  updateStripes();
-}
-
-function toggleFolder(id)
-{
-  // the clicked row
-  var currentRow = $('#row_'+id);
-
-  // all rows after the clicked row
-  var rows = currentRow.nextAll("tr");
-
-  var re = new RegExp('^row_'+id+'\\d+_$', "i"); //only one sub
-
-  // only match elements AFTER this one (can't hide elements before)
-  var childRows = rows.filter(function() { return this.id.match(re); });
-
-  // first row is visible we are HIDING
-  if (childRows.filter(':first').is(':visible')===true) {
-    // replace down arrow by right arrow for current row
-    var currentRowSpans = currentRow.find("span");
-    currentRowSpans.filter(".iconfopen").removeClass("iconfopen").addClass("iconfclosed");
-    currentRowSpans.filter(".arrow").html('&#9658;');
-    rows.filter("[id^=row_"+id+"]").hide(); // hide all children
-  } else { // we are SHOWING
-    // replace right arrow by down arrow for current row
-    var currentRowSpans = currentRow.find("span");
-    currentRowSpans.filter(".iconfclosed").removeClass("iconfclosed").addClass("iconfopen");
-    currentRowSpans.filter(".arrow").html('&#9660;');
-    // replace down arrows by right arrows for child rows
-    var childRowsSpans = childRows.find("span");
-    childRowsSpans.filter(".iconfopen").removeClass("iconfopen").addClass("iconfclosed");
-    childRowsSpans.filter(".arrow").html('&#9658;');
-    childRows.show(); //show all children
-  }
-  updateStripes();
-}
-
-
-function toggleInherit(id)
-{
-  var rows = $('tr.inherit.'+id);
-  var img = $('tr.inherit_header.'+id+' img');
-  var src = $(img).attr('src');
-  if (rows.filter(':first').is(':visible')===true) {
-    rows.css('display','none');
-    $(img).attr('src',src.substring(0,src.length-8)+'closed.png');
-  } else {
-    rows.css('display','table-row'); // using show() causes jump in firefox
-    $(img).attr('src',src.substring(0,src.length-10)+'open.png');
-  }
-}
-
diff --git a/docs/html/files.html b/docs/html/files.html
deleted file mode 100644
index 56787ed..0000000
--- a/docs/html/files.html
+++ /dev/null
@@ -1,106 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: File List</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li class="current"><a href="files.html"><span>File&#160;List</span></a></li>
-      <li><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="headertitle">
-<div class="title">File List</div>  </div>
-</div><!--header-->
-<div class="contents">
-<div class="textblock">Here is a list of all documented files with brief descriptions:</div><div class="directory">
-<div class="levels">[detail level <span onclick="javascript:toggleLevel(1);">1</span><span onclick="javascript:toggleLevel(2);">2</span>]</div><table class="directory">
-<tr id="row_0_" class="even"><td class="entry"><span style="width:0px;display:inline-block;">&#160;</span><span id="arr_0_" class="arrow" onclick="toggleFolder('0_')">&#9660;</span><span id="img_0_" class="iconfopen" onclick="toggleFolder('0_')">&#160;</span><a class="el" href="dir_7dae9cfde651cd3cb034485ce5e391b9.html" target="_self">psa</a></td><td class="desc"></td></tr>
-<tr id="row_0_0_"><td class="entry"><span style="width:32px;display:inline-block;">&#160;</span><a href="crypto_8h_source.html"><span class="icondoc"></span></a><a class="el" href="crypto_8h.html" target="_self">crypto.h</a></td><td class="desc">Platform Security Architecture cryptography module </td></tr>
-<tr id="row_0_1_" class="even"><td class="entry"><span style="width:32px;display:inline-block;">&#160;</span><a href="crypto__sizes_8h_source.html"><span class="icondoc"></span></a><a class="el" href="crypto__sizes_8h.html" target="_self">crypto_sizes.h</a></td><td class="desc">PSA cryptography module: Mbed TLS buffer size macros </td></tr>
-<tr id="row_0_2_"><td class="entry"><span style="width:32px;display:inline-block;">&#160;</span><a href="crypto__types_8h_source.html"><span class="icondoc"></span></a><a class="el" href="crypto__types_8h.html" target="_self">crypto_types.h</a></td><td class="desc">PSA cryptography module: type aliases </td></tr>
-<tr id="row_0_3_" class="even"><td class="entry"><span style="width:32px;display:inline-block;">&#160;</span><a href="crypto__values_8h_source.html"><span class="icondoc"></span></a><a class="el" href="crypto__values_8h.html" target="_self">crypto_values.h</a></td><td class="desc">PSA cryptography module: macros to build and analyze integer values </td></tr>
-</table>
-</div><!-- directory -->
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/folderclosed.png b/docs/html/folderclosed.png
deleted file mode 100644
index bb8ab35..0000000
--- a/docs/html/folderclosed.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/folderopen.png b/docs/html/folderopen.png
deleted file mode 100644
index d6c7f67..0000000
--- a/docs/html/folderopen.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/from_doxygen.html b/docs/html/from_doxygen.html
new file mode 100644
index 0000000..15487a0
--- /dev/null
+++ b/docs/html/from_doxygen.html
@@ -0,0 +1,7097 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Implementation-specific definitions &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript" src="_static/jquery.js"></script>
+    <script type="text/javascript" src="_static/underscore.js"></script>
+    <script type="text/javascript" src="_static/doctools.js"></script>
+    <script type="text/javascript" src="_static/language_data.js"></script>
+    <link rel="index" title="Index" href="genindex.html" />
+    <link rel="search" title="Search" href="search.html" />
+    <link rel="prev" title="Introduction" href="general.html" />
+   
+  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
+  
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head><body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          
+
+          <div class="body" role="main">
+            
+  <div class="section" id="implementation-specific-definitions">
+<h1>Implementation-specific definitions</h1>
+<div class="section" id="psa_key_handle_t">
+<span id="c.psa_key_handle_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="n">_unsigned_integral_type_</span> <span class="n">psa_key_handle_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Key handle.</p>
+<p>This type represents open handles to keys. It must be an unsigned integral type. The choice of type is implementation-dependent.</p>
+<p>0 is not a valid key handle. How other handle values are assigned is implementation-dependent.</p>
+</div>
+</div>
+<div class="section" id="library-initialization">
+<h1>Library initialization</h1>
+<div class="section" id="psa_crypto_init">
+<span id="c.psa_crypto_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_crypto_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Library initialization.</p>
+<p>Applications must call this function before calling any other function in this module.</p>
+<p>Applications may call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed.</p>
+<p>If the application calls other functions before calling <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>, the behavior is undefined. Implementations are encouraged to either perform the operation as if the library had been initialized or to return <a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> or some other applicable error. In particular, implementations should not return a success status if the lack of initialization may have security implications, for example due to improper seeding of the random number generator.</p>
+</div>
+</div>
+<div class="section" id="key-attributes">
+<h1>Key attributes</h1>
+<div class="section" id="psa_key_attributes_t">
+<span id="c.psa_key_attributes_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_key_attributes_s</span> <span class="n">psa_key_attributes_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of a structure containing key attributes.</p>
+<p>This is an opaque structure that can represent the metadata of a key object. Metadata that can be stored in attributes includes:</p>
+<ul class="simple">
+<li>The location of the key in storage, indicated by its key identifier and its lifetime.</li>
+<li>The key’s policy, comprising usage flags and a specification of the permitted algorithm(s).</li>
+<li>Information about the key itself: the key type and its size.</li>
+<li>Implementations may define additional attributes.</li>
+</ul>
+<p>The actual key material is not considered an attribute of a key. Key attributes do not contain information that is generally considered highly confidential.</p>
+<p>An attribute structure can be a simple data structure where each function <code class="docutils literal notranslate"><span class="pre">psa_set_key_xxx</span></code> sets a field and the corresponding function <code class="docutils literal notranslate"><span class="pre">psa_get_key_xxx</span></code> retrieves the value of the corresponding field. However, implementations may report values that are equivalent to the original one, but have a different encoding. For example, an implementation may use a more compact representation for types where many bit-patterns are invalid or not supported, and store all values that it does not support as a special marker value. In such an implementation, after setting an invalid value, the corresponding get function returns an invalid value which may not be the one that was originally stored.</p>
+<p>An attribute structure may contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>. As an exception, calling <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a> on an attribute structure is optional if the structure has only been modified by the following functions since it was initialized or last reset with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a></li>
+<li><a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_lifetime()</span></code></a></li>
+<li><a class="reference internal" href="#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_type()</span></code></a></li>
+<li><a class="reference internal" href="#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_bits()</span></code></a></li>
+<li><a class="reference internal" href="#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_usage_flags()</span></code></a></li>
+<li><a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_algorithm()</span></code></a></li>
+</ul>
+<p>Before calling any function on a key attribute structure, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the structure to all-bits-zero, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span><span class="p">;</span>
+<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">attributes</span><span class="p">));</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to logical zero values, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code></a>, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="n">PSA_KEY_ATTRIBUTES_INIT</span><span class="p">;</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_attributes_init()</span></code></a> to the structure, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span><span class="p">;</span>
+<span class="n">attributes</span> <span class="o">=</span> <span class="n">psa_key_attributes_init</span><span class="p">();</span>
+</pre></div>
+</div>
+</li>
+</ul>
+<p>A freshly initialized attribute structure contains the following values:</p>
+<ul class="simple">
+<li>lifetime: <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</li>
+<li>key identifier: unspecified.</li>
+<li>type: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
+<li>key size: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
+<li>usage flags: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
+<li>algorithm: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
+</ul>
+<p>A typical sequence to create a key is as follows:</p>
+<ol class="arabic simple">
+<li>Create and initialize an attribute structure.</li>
+<li>If the key is persistent, call <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a>. Also call <a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_lifetime()</span></code></a> to place the key in a non-default location.</li>
+<li>Set the key policy with <a class="reference internal" href="#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_usage_flags()</span></code></a> and <a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_algorithm()</span></code></a>.</li>
+<li>Set the key type with <a class="reference internal" href="#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_type()</span></code></a>. Skip this step if copying an existing key with <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>.</li>
+<li>When generating a random key with <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a> or deriving a key with <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a>, set the desired key size with <a class="reference internal" href="#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_bits()</span></code></a>.</li>
+<li>Call a key creation function: <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>. This function reads the attribute structure, creates a key with these attributes, and outputs a handle to the newly created key.</li>
+<li>The attribute structure is now no longer necessary. You may call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>, although this is optional with the workflow presented here because the attributes currently defined in this specification do not require any additional resources beyond the structure itself.</li>
+</ol>
+<p>A typical sequence to query a key’s attributes is as follows:</p>
+<ol class="arabic simple">
+<li>Call <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes()</span></code></a>.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_get_key_xxx</span></code> functions to retrieve the attribute(s) that you are interested in.</li>
+<li>Call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a> to free any resources that may be used by the attribute structure.</li>
+</ol>
+<p>Once a key has been created, it is impossible to change its attributes.</p>
+</div>
+<div class="section" id="PSA_KEY_ATTRIBUTES_INIT">
+<span id="c.PSA_KEY_ATTRIBUTES_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ATTRIBUTES_INIT  {0}</span>
+</pre></div>
+</div>
+<p>This macro returns a suitable initializer for a key attribute structure of type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a>.</p>
+</div>
+<div class="section" id="psa_key_attributes_init">
+<span id="c.psa_key_attributes_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_init</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="nf">psa_key_attributes_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Return an initial value for a key attributes structure.</p>
+</div>
+<div class="section" id="psa_set_key_id">
+<span id="c.psa_set_key_id"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_id</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_id</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                    <span class="n">psa_key_id_t</span> <span class="n">id</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attribute structure to write to.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">id</span></code></dt>
+<dd>The persistent identifier for the key.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Declare a key as persistent and set its key identifier.</p>
+<p>If the attribute structure currently declares the key as volatile (which is the default content of an attribute structure), this function sets the lifetime attribute to <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>.</p>
+<p>This function does not access storage, it merely stores the given value in the structure. The persistent key will be written to storage when the attribute structure is passed to a key creation function such as <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
+</div>
+<div class="section" id="psa_set_key_lifetime">
+<span id="c.psa_set_key_lifetime"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_lifetime</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_lifetime</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                          <span class="n">psa_key_lifetime_t</span> <span class="n">lifetime</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attribute structure to write to.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">lifetime</span></code></dt>
+<dd>The lifetime for the key. If this is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>, the key will be volatile, and the key identifier attribute is reset to 0.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the location of a persistent key.</p>
+<p>To make a key persistent, you must give it a persistent key identifier with <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a>. By default, a key that has a persistent identifier is stored in the default storage area identifier by <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Call this function to choose a storage area, or to explicitly declare the key as volatile.</p>
+<p>This function does not access storage, it merely stores the given value in the structure. The persistent key will be written to storage when the attribute structure is passed to a key creation function such as <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
+</div>
+<div class="section" id="psa_get_key_id">
+<span id="c.psa_get_key_id"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_id</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_id_t</span> <span class="nf">psa_get_key_id</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute structure to query.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p>The persistent identifier stored in the attribute structure. This value is unspecified if the attribute structure declares the key as volatile.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the key identifier from key attributes.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
+</div>
+<div class="section" id="psa_get_key_lifetime">
+<span id="c.psa_get_key_lifetime"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_lifetime</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_lifetime_t</span> <span class="nf">psa_get_key_lifetime</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute structure to query.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p>The lifetime value stored in the attribute structure.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the lifetime from key attributes.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
+</div>
+<div class="section" id="psa_set_key_usage_flags">
+<span id="c.psa_set_key_usage_flags"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_usage_flags</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_usage_flags</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                             <span class="n">psa_key_usage_t</span> <span class="n">usage_flags</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attribute structure to write to.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">usage_flags</span></code></dt>
+<dd>The usage flags to write.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Declare usage flags for a key.</p>
+<p>Usage flags are part of a key’s usage policy. They encode what kind of operations are permitted on the key. For more details, refer to the documentation of the type <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code></a>.</p>
+<p>This function overwrites any usage flags previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
+</div>
+<div class="section" id="psa_get_key_usage_flags">
+<span id="c.psa_get_key_usage_flags"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_usage_flags</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_usage_t</span> <span class="nf">psa_get_key_usage_flags</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute structure to query.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p>The usage flags stored in the attribute structure.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the usage flags from key attributes.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
+</div>
+<div class="section" id="psa_set_key_algorithm">
+<span id="c.psa_set_key_algorithm"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_algorithm</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_algorithm</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                           <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attribute structure to write to.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The permitted algorithm policy to write.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Declare the permitted algorithm policy for a key.</p>
+<p>The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key.</p>
+<p>This function overwrites any algorithm policy previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
+</div>
+<div class="section" id="psa_get_key_algorithm">
+<span id="c.psa_get_key_algorithm"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_algorithm</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_algorithm_t</span> <span class="nf">psa_get_key_algorithm</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute structure to query.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p>The algorithm stored in the attribute structure.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the algorithm policy from key attributes.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
+</div>
+<div class="section" id="psa_set_key_type">
+<span id="c.psa_set_key_type"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_type</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_type</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                      <span class="n">psa_key_type_t</span> <span class="n">type</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attribute structure to write to.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd>The key type to write.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Declare the type of a key.</p>
+<p>This function overwrites any key type previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
+</div>
+<div class="section" id="psa_set_key_bits">
+<span id="c.psa_set_key_bits"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_bits</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_bits</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                      <span class="kt">size_t</span> <span class="n">bits</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attribute structure to write to.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">bits</span></code></dt>
+<dd>The key size in bits.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Declare the size of a key.</p>
+<p>This function overwrites any key size previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
+</div>
+<div class="section" id="psa_get_key_type">
+<span id="c.psa_get_key_type"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_type</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_type_t</span> <span class="nf">psa_get_key_type</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute structure to query.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p>The key type stored in the attribute structure.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the key type from key attributes.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
+</div>
+<div class="section" id="psa_get_key_bits">
+<span id="c.psa_get_key_bits"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_bits</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">size_t</span> <span class="nf">psa_get_key_bits</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute structure to query.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">size_t</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p>The key size stored in the attribute structure, in bits.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the key size from key attributes.</p>
+<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
+</div>
+<div class="section" id="psa_get_key_attributes">
+<span id="c.psa_get_key_attributes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_get_key_attributes</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                    <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to query.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>On success, the attributes of the key. On failure, equivalent to a freshly-initialized structure.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the attributes of a key.</p>
+<p>This function first resets the attribute structure as with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>. It then copies the attributes of the given key into the given attribute structure.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This function may allocate memory or other resources. Once you have called this function on an attribute structure, you must call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a> to free these resources.</p>
+</div>
+</div>
+<div class="section" id="psa_reset_key_attributes">
+<span id="c.psa_reset_key_attributes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_reset_key_attributes</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_reset_key_attributes</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attribute structure to reset.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Reset a key attribute structure to a freshly initialized state.</p>
+<p>You must initialize the attribute structure as described in the documentation of the type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a> before calling this function. Once the structure has been initialized, you may call this function at any time.</p>
+<p>This function frees any auxiliary resources that the structure may contain.</p>
+</div>
+</div>
+<div class="section" id="key-management">
+<h1>Key management</h1>
+<div class="section" id="psa_open_key">
+<span id="c.psa_open_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_open_key</span><span class="p">(</span><span class="n">psa_key_id_t</span> <span class="n">id</span><span class="p">,</span>
+                          <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">id</span></code></dt>
+<dd>The persistent identifier of the key.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>On success, a handle to the key.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success. The application can now use the value of <code class="docutils literal notranslate"><span class="pre">*handle</span></code> to access the key.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">id</span></code> is invalid.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The specified key exists, but the application does not have the permission to access it. Note that this specification does not define any way to create such a key, but it may be possible through implementation-specific means.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Open a handle to an existing persistent key.</p>
+<p>Open a handle to a persistent key. A key is persistent if it was created with a lifetime other than <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>. A persistent key always has a nonzero key identifier, set with <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a> when creating the key. Implementations may provide additional pre-provisioned keys with identifiers in the range <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a>–<a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a>.</p>
+<p>The application must eventually close the handle with <a class="reference internal" href="#c.psa_close_key" title="psa_close_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_close_key()</span></code></a> to release associated resources. If the application dies without calling <a class="reference internal" href="#c.psa_close_key" title="psa_close_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_close_key()</span></code></a>, the implementation should perform the equivalent of a call to <a class="reference internal" href="#c.psa_close_key" title="psa_close_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_close_key()</span></code></a>.</p>
+<p>Implementations may provide additional keys that can be opened with <a class="reference internal" href="#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key()</span></code></a>. Such keys have a key identifier in the vendor range, as documented in the description of <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_id_t</span></code></a>.</p>
+</div>
+<div class="section" id="psa_close_key">
+<span id="c.psa_close_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_close_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>The key handle to close.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Close a key handle.</p>
+<p>If the handle designates a volatile key, destroy the key material and free all associated resources, just like <a class="reference internal" href="#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_destroy_key()</span></code></a>.</p>
+<p>If the handle designates a persistent key, free all resources associated with the key in volatile memory. The key in persistent storage is not affected and can be opened again later with <a class="reference internal" href="#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key()</span></code></a>.</p>
+<p>If the key is currently in use in a multipart operation, the multipart operation is aborted.</p>
+</div>
+</div>
+<div class="section" id="key-import-and-export">
+<h1>Key import and export</h1>
+<div class="section" id="psa_import_key">
+<span id="c.psa_import_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_import_key</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
+                            <span class="kt">size_t</span> <span class="n">data_length</span><span class="p">,</span>
+                            <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attributes for the new key. The key size is always determined from the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer. If the key size in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> is nonzero, it must be equal to the size from <code class="docutils literal notranslate"><span class="pre">data</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
+<dd>Buffer containing the key data. The content of this buffer is interpreted according to the type declared in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>. All implementations must support at least the format described in the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> for the chosen type. Implementations may allow other formats, but should be conservative: implementations should err on the side of rejecting content if it may be erroneous (e.g. wrong type or truncated data).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key type or key size is not supported, either by the implementation in general or in this particular persistent location.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key attributes, as a whole, are invalid.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key data is not correctly formatted.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> is nonzero and does not match the size of the key data.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Import a key in binary format.</p>
+<p>This function supports any output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a>. Refer to the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> for the format of public keys and to the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> for the format for other key types.</p>
+<p>This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported. Implementations that support other formats should ensure that the formats are clearly unambiguous so as to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
+</div>
+<div class="section" id="psa_destroy_key">
+<span id="c.psa_destroy_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_destroy_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to erase.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key material has been erased.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>There was an failure in communication with the cryptoprocessor. The key material may still be present in the cryptoprocessor.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The storage is corrupted. Implementations shall make a best effort to erase key material even in this stage, however applications should be aware that it may be impossible to guarantee that the key material is not recoverable in such cases.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor may have been compromised.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Destroy a key.</p>
+<p>This function destroys a key from both volatile memory and, if applicable, non-volatile storage. Implementations shall make a best effort to ensure that that the key material cannot be recovered.</p>
+<p>This function also erases any metadata such as policies and frees all resources associated with the key.</p>
+</div>
+<div class="section" id="psa_export_key">
+<span id="c.psa_export_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_export_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                            <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
+                            <span class="kt">size_t</span> <span class="n">data_size</span><span class="p">,</span>
+                            <span class="kt">size_t</span> <span class="o">*</span> <span class="n">data_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to export.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
+<dd>Buffer where the key data is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
+<dd>On success, the number of bytes that make up the key data.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key does not have the <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> flag.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_KEY_EXPORT_MAX_SIZE" title="PSA_KEY_EXPORT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">type</span></code>, <code class="docutils literal notranslate"><span class="pre">bits</span></code>) where <code class="docutils literal notranslate"><span class="pre">type</span></code> is the key type and <code class="docutils literal notranslate"><span class="pre">bits</span></code> is the key size in bits.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Export a key in binary format.</p>
+<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> to create an equivalent object.</p>
+<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> must use the representation specified here, not the original representation.</p>
+<p>For standard key types, the output format is as follows:</p>
+<ul>
+<li><p class="first">For symmetric keys (including MAC keys), the format is the raw bytes of the key.</p>
+</li>
+<li><p class="first">For DES, the key data consists of 8 bytes. The parity bits must be correct.</p>
+</li>
+<li><p class="first">For Triple-DES, the format is the concatenation of the two or three DES keys.</p>
+</li>
+<li><p class="first">For RSA key pairs (<a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>), the format is the non-encrypted DER encoding of the representation defined by PKCS#1 (RFC 8017) as <code class="docutils literal notranslate"><span class="pre">RSAPrivateKey</span></code>, version 0.</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">RSAPrivateKey</span> <span class="o">::=</span> <span class="n">SEQUENCE</span> <span class="p">{</span>
+    <span class="n">version</span>             <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">must</span> <span class="n">be</span> <span class="mi">0</span>
+    <span class="n">modulus</span>             <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">n</span>
+    <span class="n">publicExponent</span>      <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">e</span>
+    <span class="n">privateExponent</span>     <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">d</span>
+    <span class="n">prime1</span>              <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">p</span>
+    <span class="n">prime2</span>              <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">q</span>
+    <span class="n">exponent1</span>           <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">d</span> <span class="n">mod</span> <span class="p">(</span><span class="n">p</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span>
+    <span class="n">exponent2</span>           <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">d</span> <span class="n">mod</span> <span class="p">(</span><span class="n">q</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span>
+    <span class="n">coefficient</span>         <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="p">(</span><span class="n">inverse</span> <span class="n">of</span> <span class="n">q</span><span class="p">)</span> <span class="n">mod</span> <span class="n">p</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">For elliptic curve key pairs (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code></a> is true), the format is a representation of the private value as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. This byte string is in little-endian order for Montgomery curves (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVEXXX</span></code>), and in big-endian order for Weierstrass curves (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECTXXX</span></code>, <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECPXXX</span></code> and <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_PXXX</span></code>). This is the content of the <code class="docutils literal notranslate"><span class="pre">privateKey</span></code> field of the <code class="docutils literal notranslate"><span class="pre">ECPrivateKey</span></code> format defined by RFC 5915.</p>
+</li>
+<li><p class="first">For Diffie-Hellman key exchange key pairs (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code></a> is true), the format is the representation of the private key <code class="docutils literal notranslate"><span class="pre">x</span></code> as a big-endian byte string. The length of the byte string is the private key size in bytes (leading zeroes are not stripped).</p>
+</li>
+<li><p class="first">For public keys (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code></a> is true), the format is the same as for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</p>
+</li>
+</ul>
+<p>The policy on the key must have the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> set.</p>
+</div>
+<div class="section" id="psa_export_public_key">
+<span id="c.psa_export_public_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_export_public_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                   <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="n">data_size</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="o">*</span> <span class="n">data_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to export.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
+<dd>Buffer where the key data is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
+<dd>On success, the number of bytes that make up the key data.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key is neither a public key nor a key pair.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_KEY_EXPORT_MAX_SIZE" title="PSA_KEY_EXPORT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code></a>(<a class="reference internal" href="#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">type</span></code>), <code class="docutils literal notranslate"><span class="pre">bits</span></code>) where <code class="docutils literal notranslate"><span class="pre">type</span></code> is the key type and <code class="docutils literal notranslate"><span class="pre">bits</span></code> is the key size in bits.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Export a public key or the public part of a key pair in binary format.</p>
+<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> to create an object that is equivalent to the public key.</p>
+<p>This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported. Implementations that support other formats should ensure that the formats are clearly unambiguous so as to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
+<p>For standard key types, the output format is as follows:</p>
+<ul>
+<li><p class="first">For RSA public keys (<a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a>), the DER encoding of the representation defined by RFC 3279 §2.3.1 as <code class="docutils literal notranslate"><span class="pre">RSAPublicKey</span></code>.</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">RSAPublicKey</span> <span class="o">::=</span> <span class="n">SEQUENCE</span> <span class="p">{</span>
+   <span class="n">modulus</span>            <span class="n">INTEGER</span><span class="p">,</span>    <span class="o">--</span> <span class="n">n</span>
+   <span class="n">publicExponent</span>     <span class="n">INTEGER</span>  <span class="p">}</span>  <span class="o">--</span> <span class="n">e</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">For elliptic curve public keys (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code></a> is true), the format is the uncompressed representation defined by SEC1 §2.3.3 as the content of an ECPoint. Let <code class="docutils literal notranslate"><span class="pre">m</span></code> be the bit size associated with the curve, i.e. the bit size of <code class="docutils literal notranslate"><span class="pre">q</span></code> for a curve over <code class="docutils literal notranslate"><span class="pre">F_q</span></code>. The representation consists of:</p>
+<ul class="simple">
+<li>The byte 0x04;</li>
+<li><code class="docutils literal notranslate"><span class="pre">x_P</span></code> as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian;</li>
+<li><code class="docutils literal notranslate"><span class="pre">y_P</span></code> as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian.</li>
+</ul>
+</li>
+<li><p class="first">For Diffie-Hellman key exchange public keys (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a> is true), the format is the representation of the public key <code class="docutils literal notranslate"><span class="pre">y</span> <span class="pre">=</span> <span class="pre">g^x</span> <span class="pre">mod</span> <span class="pre">p</span></code> as a big-endian byte string. The length of the byte string is the length of the base prime <code class="docutils literal notranslate"><span class="pre">p</span></code> in bytes.</p>
+</li>
+</ul>
+<p>Exporting a public key object or the public part of a key pair is always permitted, regardless of the key’s usage flags.</p>
+</div>
+<div class="section" id="psa_copy_key">
+<span id="c.psa_copy_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_copy_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">source_handle</span><span class="p">,</span>
+                          <span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                          <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">target_handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">source_handle</span></code></dt>
+<dd>The key to copy. It must be a valid key handle.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd><p class="first">The attributes for the new key. They are used as follows:</p>
+<ul class="last simple">
+<li>The key type and size may be 0. If either is nonzero, it must match the corresponding attribute of the source key.</li>
+<li>The key location (the lifetime and, for persistent keys, the key identifier) is used directly.</li>
+<li>The policy constraints (usage flags and algorithm policy) are combined from the source key and <code class="docutils literal notranslate"><span class="pre">attributes</span></code> so that both sets of restrictions apply, as described in the documentation of this function.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">target_handle</span></code></dt>
+<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">source_handle</span></code> is invalid.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The lifetime or identifier in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> are invalid.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The policy constraints on the source and specified in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> are incompatible.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">attributes</span></code> specifies a key type or key size which does not match the attributes of the source key.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The source key does not have the <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> usage flag.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The source key is not exportable and its lifetime does not allow copying it to the target’s lifetime.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Make a copy of a key.</p>
+<p>Copy key material from one location to another.</p>
+<p>This function is primarily useful to copy a key from one location to another, since it populates a key using the material from another key which may have a different lifetime.</p>
+<p>This function may be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.</p>
+<p>The policy on the source key must have the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> set. This flag is sufficient to permit the copy if the key has the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> and <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> in order to make a copy of the key outside the secure element.</p>
+<p>The resulting key may only be used in a way that conforms to both the policy of the original key and the policy specified in the <code class="docutils literal notranslate"><span class="pre">attributes</span></code> parameter:</p>
+<ul class="simple">
+<li>The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</li>
+<li>If both allow the same algorithm or wildcard-based algorithm policy, the resulting key has the same algorithm policy.</li>
+<li>If either of the policies allows an algorithm and the other policy allows a wildcard-based algorithm policy that includes this algorithm, the resulting key allows the same algorithm.</li>
+<li>If the policies do not allow any algorithm in common, this function fails with the status <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
+</ul>
+<p>The effect of this function on implementation-defined attributes is implementation-defined.</p>
+</div>
+</div>
+<div class="section" id="message-digests">
+<h1>Message digests</h1>
+<div class="section" id="psa_hash_operation_t">
+<span id="c.psa_hash_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_hash_operation_s</span> <span class="n">psa_hash_operation_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of the state data structure for multipart hash operations.</p>
+<p>Before calling any function on a hash operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the structure to all-bits-zero, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to logical zero values, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_HASH_OPERATION_INIT</span><span class="p">;</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_operation_init()</span></code></a> to the structure, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_hash_operation_init</span><span class="p">();</span>
+</pre></div>
+</div>
+</li>
+</ul>
+<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
+</div>
+<div class="section" id="PSA_HASH_OPERATION_INIT">
+<span id="c.PSA_HASH_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HASH_OPERATION_INIT  {0}</span>
+</pre></div>
+</div>
+<p>This macro returns a suitable initializer for a hash operation object of type <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a>.</p>
+</div>
+<div class="section" id="psa_hash_compute">
+<span id="c.psa_hash_compute"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_compute</span><span class="p">(</span><span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                              <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">hash_size</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="o">*</span> <span class="n">hash_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The hash algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to hash.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
+<dd>Buffer where the hash is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
+<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Calculate the hash (digest) of a message.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To verify the hash of a message against an expected value, use <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_compare()</span></code></a> instead.</p>
+</div>
+</div>
+<div class="section" id="psa_hash_compare">
+<span id="c.psa_hash_compare"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_compare</span><span class="p">(</span><span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The hash algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to hash.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
+<dd>Buffer containing the expected hash value.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The expected hash is identical to the actual hash of the input.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The hash of the message was calculated successfully, but it differs from the expected hash.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Calculate the hash (digest) of a message and compare it with a reference value.</p>
+</div>
+<div class="section" id="psa_hash_operation_init">
+<span id="c.psa_hash_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_init</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="nf">psa_hash_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Return an initial value for a hash operation object.</p>
+</div>
+<div class="section" id="psa_hash_setup">
+<span id="c.psa_hash_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_setup</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                            <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The hash algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set up a multipart hash operation.</p>
+<p>The sequence of operations to calculate a hash (message digest) is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a>, e.g. PSA_HASH_OPERATION_INIT.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> to specify the algorithm.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order.</li>
+<li>To calculate the hash, call <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>. To compare the hash with an expected value, call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a>.</li>
+</ol>
+<p>The application may call <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A failed call to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>, <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> or <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_hash_update">
+<span id="c.psa_hash_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_update</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active hash operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to hash.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Add a message fragment to a multipart hash operation.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_hash_finish">
+<span id="c.psa_hash_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_finish</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">hash_size</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">hash_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active hash operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
+<dd>Buffer where the hash is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
+<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the hash algorithm that is calculated.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the hash algorithm that is calculated.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Finish the calculation of the hash of a message.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a>.</p>
+<p>When this function returns, the operation becomes inactive.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">Applications should not call this function if they expect a specific value for the hash. Call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> instead. Beware that comparing integrity or authenticity data such as hash values with a function such as <code class="docutils literal notranslate"><span class="pre">memcmp</span></code> is risky because the time taken by the comparison may leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.</p>
+</div>
+</div>
+<div class="section" id="psa_hash_verify">
+<span id="c.psa_hash_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_verify</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active hash operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
+<dd>Buffer containing the expected hash value.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The expected hash is identical to the actual hash of the message.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The hash of the message was calculated successfully, but it differs from the expected hash.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Finish the calculation of the hash of a message and compare it with an expected value.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a>. It then compares the calculated hash with the expected hash passed as a parameter to this function.</p>
+<p>When this function returns, the operation becomes inactive.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Implementations shall make the best effort to ensure that the comparison between the actual hash and the expected hash is performed in constant time.</p>
+</div>
+</div>
+<div class="section" id="psa_hash_abort">
+<span id="c.psa_hash_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_abort</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_abort</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Initialized hash operation.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active hash operation.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Abort a hash operation.</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> again.</p>
+<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
+<ul class="simple">
+<li>A call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, whether it succeeds or not.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
+</ul>
+<p>In particular, calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a>, <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> is safe and has no effect.</p>
+</div>
+<div class="section" id="psa_hash_clone">
+<span id="c.psa_hash_clone"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_clone</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_clone</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">source_operation</span><span class="p">,</span>
+                            <span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">target_operation</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">source_operation</span></code></dt>
+<dd>The active hash operation to clone.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">target_operation</span></code></dt>
+<dd>The operation object to set up. It must be initialized but not active.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">source_operation</span></code> is not an active hash operation.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">target_operation</span></code> is active.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Clone a hash operation.</p>
+<p>This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> on <code class="docutils literal notranslate"><span class="pre">target_operation</span></code> with the same algorithm that <code class="docutils literal notranslate"><span class="pre">source_operation</span></code> was set up for, then <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> on <code class="docutils literal notranslate"><span class="pre">target_operation</span></code> with the same input that that was passed to <code class="docutils literal notranslate"><span class="pre">source_operation</span></code>. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.</p>
+</div>
+</div>
+<div class="section" id="message-authentication-codes">
+<h1>Message authentication codes</h1>
+<div class="section" id="psa_mac_operation_t">
+<span id="c.psa_mac_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_mac_operation_s</span> <span class="n">psa_mac_operation_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of the state data structure for multipart MAC operations.</p>
+<p>Before calling any function on a MAC operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the structure to all-bits-zero, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to logical zero values, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_MAC_OPERATION_INIT</span><span class="p">;</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_operation_init()</span></code></a> to the structure, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_mac_operation_init</span><span class="p">();</span>
+</pre></div>
+</div>
+</li>
+</ul>
+<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
+</div>
+<div class="section" id="PSA_MAC_OPERATION_INIT">
+<span id="c.PSA_MAC_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_OPERATION_INIT  {0}</span>
+</pre></div>
+</div>
+<p>This macro returns a suitable initializer for a MAC operation object of type <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a>.</p>
+</div>
+<div class="section" id="psa_mac_compute">
+<span id="c.psa_mac_compute"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_compute</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                             <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">mac_size</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">mac_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the input message.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
+<dd>Buffer where the MAC value is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
+<dd>On success, the number of bytes that make up the MAC value.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Calculate the MAC (message authentication code) of a message.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify()</span></code></a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal notranslate"><span class="pre">memcmp</span></code> is risky because the time taken by the comparison may leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
+</div>
+</div>
+<div class="section" id="psa_mac_verify">
+<span id="c.psa_mac_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_verify</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                            <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                            <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
+                            <span class="k">const</span> <span class="kt">size_t</span> <span class="n">mac_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the input message.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
+<dd>Buffer containing the expected MAC value.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The expected MAC is identical to the actual MAC of the input.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The MAC of the message was calculated successfully, but it differs from the expected value.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Calculate the MAC of a message and compare it with a reference value.</p>
+</div>
+<div class="section" id="psa_mac_operation_init">
+<span id="c.psa_mac_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_init</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="nf">psa_mac_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Return an initial value for a MAC operation object.</p>
+</div>
+<div class="section" id="psa_mac_sign_setup">
+<span id="c.psa_mac_sign_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_sign_setup</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set up a multipart MAC calculation operation.</p>
+<p>This function sets up the calculation of the MAC (message authentication code) of a byte string. To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> instead.</p>
+<p>The sequence of operations to calculate a MAC is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. PSA_MAC_OPERATION_INIT.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
+<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a> to finish calculating the MAC value and retrieve it.</li>
+</ol>
+<p>The application may call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
+<ul class="simple">
+<li>A failed call to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_mac_verify_setup">
+<span id="c.psa_mac_verify_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_verify_setup</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                  <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                  <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">key</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set up a multipart MAC verification operation.</p>
+<p>This function sets up the verification of the MAC (message authentication code) of a byte string against an expected value.</p>
+<p>The sequence of operations to verify a MAC is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. PSA_MAC_OPERATION_INIT.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
+<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> to finish calculating the actual MAC of the message and verify it against the expected value.</li>
+</ol>
+<p>The application may call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
+<ul class="simple">
+<li>A failed call to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_mac_update">
+<span id="c.psa_mac_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_update</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                            <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active MAC operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to add to the MAC calculation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Add a message fragment to a multipart MAC operation.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_mac_sign_finish">
+<span id="c.psa_mac_sign_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_sign_finish</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                 <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
+                                 <span class="kt">size_t</span> <span class="n">mac_size</span><span class="p">,</span>
+                                 <span class="kt">size_t</span> <span class="o">*</span> <span class="n">mac_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active MAC operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
+<dd>Buffer where the MAC value is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
+<dd>On success, the number of bytes that make up the MAC value. This is always <a class="reference internal" href="#c.PSA_MAC_FINAL_SIZE" title="PSA_MAC_FINAL_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of the key and <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the MAC algorithm that is calculated.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_MAC_FINAL_SIZE" title="PSA_MAC_FINAL_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Finish the calculation of the MAC of a message.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>.</p>
+<p>When this function returns, the operation becomes inactive.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">Applications should not call this function if they expect a specific value for the MAC. Call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal notranslate"><span class="pre">memcmp</span></code> is risky because the time taken by the comparison may leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
+</div>
+</div>
+<div class="section" id="psa_mac_verify_finish">
+<span id="c.psa_mac_verify_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_verify_finish</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="n">mac_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active MAC operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
+<dd>Buffer containing the expected MAC value.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The expected MAC is identical to the actual MAC of the message.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The MAC of the message was calculated successfully, but it differs from the expected MAC.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Finish the calculation of the MAC of a message and compare it with an expected value.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>. It then compares the calculated MAC with the expected MAC passed as a parameter to this function.</p>
+<p>When this function returns, the operation becomes inactive.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Implementations shall make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.</p>
+</div>
+</div>
+<div class="section" id="psa_mac_abort">
+<span id="c.psa_mac_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_abort</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_abort</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Initialized MAC operation.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active MAC operation.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Abort a MAC operation.</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> again.</p>
+<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
+<ul class="simple">
+<li>A call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a>, whether it succeeds or not.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
+</ul>
+<p>In particular, calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a>, <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> is safe and has no effect.</p>
+</div>
+</div>
+<div class="section" id="symmetric-ciphers">
+<h1>Symmetric ciphers</h1>
+<div class="section" id="psa_cipher_operation_t">
+<span id="c.psa_cipher_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_cipher_operation_s</span> <span class="n">psa_cipher_operation_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of the state data structure for multipart cipher operations.</p>
+<p>Before calling any function on a cipher operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the structure to all-bits-zero, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to logical zero values, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_CIPHER_OPERATION_INIT</span><span class="p">;</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_operation_init()</span></code></a> to the structure, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_cipher_operation_init</span><span class="p">();</span>
+</pre></div>
+</div>
+</li>
+</ul>
+<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
+</div>
+<div class="section" id="PSA_CIPHER_OPERATION_INIT">
+<span id="c.PSA_CIPHER_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_CIPHER_OPERATION_INIT  {0}</span>
+</pre></div>
+</div>
+<p>This macro returns a suitable initializer for a cipher operation object of type <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a>.</p>
+</div>
+<div class="section" id="psa_cipher_encrypt">
+<span id="c.psa_cipher_encrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_encrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                                <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                                <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to encrypt.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Encrypt a message using a symmetric cipher.</p>
+<p>This function encrypts a message with a random IV (initialization vector).</p>
+</div>
+<div class="section" id="psa_cipher_decrypt">
+<span id="c.psa_cipher_decrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_decrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                                <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                                <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the plaintext is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Decrypt a message using a symmetric cipher.</p>
+<p>This function decrypts a message encrypted with a symmetric cipher.</p>
+</div>
+<div class="section" id="psa_cipher_operation_init">
+<span id="c.psa_cipher_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_init</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="nf">psa_cipher_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Return an initial value for a cipher operation object.</p>
+</div>
+<div class="section" id="psa_cipher_encrypt_setup">
+<span id="c.psa_cipher_encrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_encrypt_setup</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                      <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                      <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the key for a multipart symmetric encryption operation.</p>
+<p>The sequence of operations to encrypt a message with a symmetric cipher is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. PSA_CIPHER_OPERATION_INIT.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call either <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a> to generate or set the IV (initialization vector). You should use <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> unless the protocol you are implementing requires a specific IV value.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
+</ol>
+<p>The application may call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_cipher_xxx</span></code> functions.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_cipher_decrypt_setup">
+<span id="c.psa_cipher_decrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_decrypt_setup</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                      <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                      <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the key for a multipart symmetric decryption operation.</p>
+<p>The sequence of operations to decrypt a message with a symmetric cipher is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. PSA_CIPHER_OPERATION_INIT.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a> with the IV (initialization vector) for the decryption. If the IV is prepended to the ciphertext, you can call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> on a buffer containing the IV followed by the beginning of the message.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
+</ol>
+<p>The application may call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_cipher_xxx</span></code> functions.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_cipher_generate_iv">
+<span id="c.psa_cipher_generate_iv"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_generate_iv</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                    <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">iv</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="n">iv_size</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="o">*</span> <span class="n">iv_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">iv</span></code></dt>
+<dd>Buffer where the generated IV is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">iv_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">iv</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">iv_length</span></code></dt>
+<dd>On success, the number of bytes of the generated IV.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or IV already set).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">iv</span></code> buffer is too small.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Generate an IV for a symmetric encryption operation.</p>
+<p>This function generates a random IV (initialization vector), nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_cipher_set_iv">
+<span id="c.psa_cipher_set_iv"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_set_iv</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                               <span class="k">const</span> <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">iv</span><span class="p">,</span>
+                               <span class="kt">size_t</span> <span class="n">iv_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">iv</span></code></dt>
+<dd>Buffer containing the IV to use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">iv_length</span></code></dt>
+<dd>Size of the IV in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or IV already set).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of <code class="docutils literal notranslate"><span class="pre">iv</span></code> is not acceptable for the chosen algorithm, or the chosen algorithm does not use an IV.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the IV for a symmetric encryption or decryption operation.</p>
+<p>This function sets the IV (initialization vector), nonce or initial counter value for the encryption or decryption operation.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">When encrypting, applications should use <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> instead of this function, unless implementing a protocol that requires a non-random IV.</p>
+</div>
+</div>
+<div class="section" id="psa_cipher_update">
+<span id="c.psa_cipher_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_update</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                               <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                               <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                               <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                               <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                               <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, IV required but not set, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Encrypt or decrypt a message fragment in an active cipher operation.</p>
+<p>Before calling this function, you must:</p>
+<ol class="arabic simple">
+<li>Call either <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
+<li>If the algorithm requires an IV, call <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> (recommended when encrypting) or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a>.</li>
+</ol>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_cipher_finish">
+<span id="c.psa_cipher_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_finish</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                               <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                               <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                               <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, IV required but not set, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Finish encrypting or decrypting a message in a cipher operation.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.</p>
+<p>This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a>.</p>
+<p>When this function returns, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_cipher_abort">
+<span id="c.psa_cipher_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_abort</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_abort</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Initialized cipher operation.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active cipher operation.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Abort a cipher operation.</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> again.</p>
+<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
+<ul class="simple">
+<li>A call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, whether it succeeds or not.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
+</ul>
+<p>In particular, calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a> is safe and has no effect.</p>
+</div>
+</div>
+<div class="section" id="authenticated-encryption-with-associated-data-aead">
+<h1>Authenticated encryption with associated data (AEAD)</h1>
+<div class="section" id="psa_aead_operation_t">
+<span id="c.psa_aead_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_aead_operation_s</span> <span class="n">psa_aead_operation_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of the state data structure for multipart AEAD operations.</p>
+<p>Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the structure to all-bits-zero, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to logical zero values, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_AEAD_OPERATION_INIT</span><span class="p">;</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_operation_init()</span></code></a> to the structure, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_aead_operation_init</span><span class="p">();</span>
+</pre></div>
+</div>
+</li>
+</ul>
+<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
+</div>
+<div class="section" id="PSA_AEAD_OPERATION_INIT">
+<span id="c.PSA_AEAD_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_OPERATION_INIT  {0}</span>
+</pre></div>
+</div>
+<p>This macro returns a suitable initializer for an AEAD operation object of type <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a>.</p>
+</div>
+<div class="section" id="psa_aead_encrypt">
+<span id="c.psa_aead_encrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_encrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                              <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">nonce_length</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">additional_data</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">additional_data_length</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">plaintext</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">plaintext_length</span><span class="p">,</span>
+                              <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">ciphertext</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">ciphertext_size</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="o">*</span> <span class="n">ciphertext_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
+<dd>Nonce or IV to use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">additional_data</span></code></dt>
+<dd>Additional data that will be authenticated but not encrypted.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">additional_data_length</span></code></dt>
+<dd>Size of <code class="docutils literal notranslate"><span class="pre">additional_data</span></code> in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext</span></code></dt>
+<dd>Data that will be authenticated and encrypted.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code></dt>
+<dd>Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code>).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
+<dd>On success, the size of the output in the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> buffer.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Process an authenticated encryption operation.</p>
+</div>
+<div class="section" id="psa_aead_decrypt">
+<span id="c.psa_aead_decrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_decrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                              <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">nonce_length</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">additional_data</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">additional_data_length</span><span class="p">,</span>
+                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">ciphertext</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">ciphertext_length</span><span class="p">,</span>
+                              <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">plaintext</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="n">plaintext_size</span><span class="p">,</span>
+                              <span class="kt">size_t</span> <span class="o">*</span> <span class="n">plaintext_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
+<dd>Nonce or IV to use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">additional_data</span></code></dt>
+<dd>Additional data that has been authenticated but not encrypted.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">additional_data_length</span></code></dt>
+<dd>Size of <code class="docutils literal notranslate"><span class="pre">additional_data</span></code> in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code></dt>
+<dd>Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
+<dd>Size of <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext</span></code></dt>
+<dd>Output buffer for the decrypted data.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code>).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
+<dd>On success, the size of the output in the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The ciphertext is not authentic.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Process an authenticated decryption operation.</p>
+</div>
+<div class="section" id="psa_aead_operation_init">
+<span id="c.psa_aead_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_init</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="nf">psa_aead_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Return an initial value for an AEAD operation object.</p>
+</div>
+<div class="section" id="psa_aead_encrypt_setup">
+<span id="c.psa_aead_encrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_encrypt_setup</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                    <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the key for a multipart authenticated encryption operation.</p>
+<p>The sequence of operations to encrypt a message with authentication is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. PSA_AEAD_OPERATION_INIT.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
+<li>Call either <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a> to generate or set the nonce. You should use <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> unless the protocol you are implementing requires a specific nonce value.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the message to encrypt each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>.</li>
+</ol>
+<p>The application may call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_aead_xxx</span></code> functions.</li>
+<li>A call to <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>, <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> or <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_aead_decrypt_setup">
+<span id="c.psa_aead_decrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_decrypt_setup</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                    <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the key for a multipart authenticated decryption operation.</p>
+<p>The sequence of operations to decrypt a message with authentication is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. PSA_AEAD_OPERATION_INIT.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a> with the nonce for the decryption.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the ciphertext to decrypt each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a>.</li>
+</ol>
+<p>The application may call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_aead_xxx</span></code> functions.</li>
+<li>A call to <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>, <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> or <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_aead_generate_nonce">
+<span id="c.psa_aead_generate_nonce"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_generate_nonce</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                     <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
+                                     <span class="kt">size_t</span> <span class="n">nonce_size</span><span class="p">,</span>
+                                     <span class="kt">size_t</span> <span class="o">*</span> <span class="n">nonce_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
+<dd>Buffer where the generated nonce is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
+<dd>On success, the number of bytes of the generated nonce.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or nonce already set).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer is too small.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Generate a random nonce for an authenticated encryption operation.</p>
+<p>This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_aead_set_nonce">
+<span id="c.psa_aead_set_nonce"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_set_nonce</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                <span class="k">const</span> <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="n">nonce_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
+<dd>Buffer containing the nonce to use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
+<dd>Size of the nonce in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, or nonce already set).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of <code class="docutils literal notranslate"><span class="pre">nonce</span></code> is not acceptable for the chosen algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the nonce for an authenticated encryption or decryption operation.</p>
+<p>This function sets the nonce for the authenticated encryption or decryption operation.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">When encrypting, applications should use <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> instead of this function, unless implementing a protocol that requires a non-random IV.</p>
+</div>
+</div>
+<div class="section" id="psa_aead_set_lengths">
+<span id="c.psa_aead_set_lengths"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_set_lengths</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                  <span class="kt">size_t</span> <span class="n">ad_length</span><span class="p">,</span>
+                                  <span class="kt">size_t</span> <span class="n">plaintext_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ad_length</span></code></dt>
+<dd>Size of the non-encrypted additional authenticated data in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of the plaintext to encrypt in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, already completed, or <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> already called).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>At least one of the lengths is not acceptable for the chosen algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Declare the lengths of the message and additional data for AEAD.</p>
+<p>The application must call this function before calling <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.</p>
+<p>You may call this function before or after setting the nonce with <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a>.</p>
+<ul class="simple">
+<li>For <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code></a>, calling this function is required.</li>
+<li>For the other AEAD algorithms defined in this specification, calling this function is not required.</li>
+<li>For vendor-defined algorithm, refer to the vendor documentation.</li>
+</ul>
+</div>
+<div class="section" id="psa_aead_update_ad">
+<span id="c.psa_aead_update_ad"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_update_ad</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                                <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the fragment of additional data.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, nonce not set, <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> already called, or operation already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The total input length overflows the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Pass additional data to an active AEAD operation.</p>
+<p>Additional data is authenticated, but not encrypted.</p>
+<p>You may call this function multiple times to pass successive fragments of the additional data. You may not call this function after passing data to encrypt or decrypt with <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
+<p>Before calling this function, you must:</p>
+<ol class="arabic simple">
+<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</li>
+<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
+</ol>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">When decrypting, until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>, there is no guarantee that the input is valid. Therefore, until you have called <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> and it has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>, treat the input as untrusted and prepare to undo any action that depends on the input if <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> returns an error status.</p>
+</div>
+</div>
+<div class="section" id="psa_aead_update">
+<span id="c.psa_aead_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_update</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                             <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">input_length</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, nonce not set or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">input_length</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The total input length overflows the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Encrypt or decrypt a message fragment in an active AEAD operation.</p>
+<p>Before calling this function, you must:</p>
+<ol class="arabic simple">
+<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
+<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> to pass all the additional data.</li>
+</ol>
+<p>If this function returns an error status, the operation becomes inactive.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p>When decrypting, until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>, there is no guarantee that the input is valid. Therefore, until you have called <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> and it has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>:</p>
+<ul class="last simple">
+<li>Do not use the output in any way other than storing it in a confidential location. If you take any action that depends on the tentative decrypted data, this action will need to be undone if the input turns out not to be valid. Furthermore, if an adversary can observe that this action took place (for example through timing), they may be able to use this fact as an oracle to decrypt any message encrypted with the same key.</li>
+<li>In particular, do not copy the output anywhere but to a memory or storage space that you have exclusive access to.</li>
+</ul>
+</div>
+<p>This function does not require the input to be aligned to any particular block boundary. If the implementation can only process a whole block at a time, it must consume all the input provided, but it may delay the end of the corresponding output until a subsequent call to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>, <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a> or <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> provides sufficient input. The amount of data that can be delayed in this way is bounded by <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="psa_aead_finish">
+<span id="c.psa_aead_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_finish</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">ciphertext</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">ciphertext_size</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">ciphertext_length</span><span class="p">,</span>
+                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">tag</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">tag_size</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">tag_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code></dt>
+<dd>Buffer where the last part of the ciphertext is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
+<dd>On success, the number of bytes of returned ciphertext.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">tag</span></code></dt>
+<dd>Buffer where the authentication tag is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">tag_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">tag</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">tag_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned tag.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, nonce not set, decryption, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> or <code class="docutils literal notranslate"><span class="pre">tag</span></code> buffer is too small. You can determine a sufficient buffer size for <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> by calling <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated. You can determine a sufficient buffer size for <code class="docutils literal notranslate"><span class="pre">tag</span></code> by calling <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> so far is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Finish encrypting a message in an AEAD operation.</p>
+<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a>.</p>
+<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> with the plaintext formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
+<p>This function has two output buffers:</p>
+<ul class="simple">
+<li><code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> contains trailing ciphertext that was buffered from preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</li>
+<li><code class="docutils literal notranslate"><span class="pre">tag</span></code> contains the authentication tag. Its length is always <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the AEAD algorithm that the operation performs.</li>
+</ul>
+<p>When this function returns, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_aead_verify">
+<span id="c.psa_aead_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_verify</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">plaintext</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">plaintext_size</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">plaintext_length</span><span class="p">,</span>
+                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">tag</span><span class="p">,</span>
+                             <span class="kt">size_t</span> <span class="n">tag_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext</span></code></dt>
+<dd>Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> that could not be processed until the end of the input.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
+<dd>On success, the number of bytes of returned plaintext.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">tag</span></code></dt>
+<dd>Buffer containing the authentication tag.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">tag_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">tag</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation state is not valid (not set up, nonce not set, encryption, or already completed).</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer is too small. You can determine a sufficient buffer size for <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> by calling <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> so far is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Finish authenticating and decrypting a message in an AEAD operation.</p>
+<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</p>
+<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> with the ciphertext formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
+<p>When this function returns, the operation becomes inactive.</p>
+</div>
+<div class="section" id="psa_aead_abort">
+<span id="c.psa_aead_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_abort</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_abort</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>Initialized AEAD operation.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active AEAD operation.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Abort an AEAD operation.</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a> again.</p>
+<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
+<ul class="simple">
+<li>A call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, whether it succeeds or not.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
+<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
+</ul>
+<p>In particular, calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> or <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a> is safe and has no effect.</p>
+</div>
+</div>
+<div class="section" id="asymmetric-cryptography">
+<h1>Asymmetric cryptography</h1>
+<div class="section" id="psa_asymmetric_sign">
+<span id="c.psa_asymmetric_sign"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_sign</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                 <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                                 <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
+                                 <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">,</span>
+                                 <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">signature</span><span class="p">,</span>
+                                 <span class="kt">size_t</span> <span class="n">signature_size</span><span class="p">,</span>
+                                 <span class="kt">size_t</span> <span class="o">*</span> <span class="n">signature_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must be an asymmetric key pair.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>A signature algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
+<dd>The hash or message to sign.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">signature</span></code></dt>
+<dd>Buffer where the signature is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">signature_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">signature</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">signature_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned signature value.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">signature</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE" title="PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Sign a hash or short message with a private key.</p>
+<p>Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>. Then pass the resulting hash as the <code class="docutils literal notranslate"><span class="pre">hash</span></code> parameter to this function. You can use <a class="reference internal" href="#c.PSA_ALG_SIGN_GET_HASH" title="PSA_ALG_SIGN_GET_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) to determine the hash algorithm to use.</p>
+</div>
+<div class="section" id="psa_asymmetric_verify">
+<span id="c.psa_asymmetric_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_verify</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                   <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">,</span>
+                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">signature</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="n">signature_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must be a public key or an asymmetric key pair.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>A signature algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
+<dd>The hash or message whose signature is to be verified.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">signature</span></code></dt>
+<dd>Buffer containing the signature to verify.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">signature_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">signature</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The signature is valid.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The calculation was perfomed successfully, but the passed signature is not a valid signature.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Verify the signature a hash or short message using a public key.</p>
+<p>Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>. Then pass the resulting hash as the <code class="docutils literal notranslate"><span class="pre">hash</span></code> parameter to this function. You can use <a class="reference internal" href="#c.PSA_ALG_SIGN_GET_HASH" title="PSA_ALG_SIGN_GET_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) to determine the hash algorithm to use.</p>
+</div>
+<div class="section" id="psa_asymmetric_encrypt">
+<span id="c.psa_asymmetric_encrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_encrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">salt</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="n">salt_length</span><span class="p">,</span>
+                                    <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must be a public key or an asymmetric key pair.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>The message to encrypt.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">salt</span></code></dt>
+<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt and you do not want to pass a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">salt_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal notranslate"><span class="pre">salt</span></code> is <code class="docutils literal notranslate"><span class="pre">NULL</span></code>, pass 0.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the encrypted message is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Encrypt a short message with a public key.</p>
+<ul class="simple">
+<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
+</ul>
+</div>
+<div class="section" id="psa_asymmetric_decrypt">
+<span id="c.psa_asymmetric_decrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_decrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
+                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
+                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">salt</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="n">salt_length</span><span class="p">,</span>
+                                    <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                                    <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key to use for the operation. It must be an asymmetric key pair.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
+<dd>The message to decrypt.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">salt</span></code></dt>
+<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt and you do not want to pass a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">salt_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal notranslate"><span class="pre">salt</span></code> is <code class="docutils literal notranslate"><span class="pre">NULL</span></code>, pass 0.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the decrypted message is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Decrypt a short message with a private key.</p>
+<ul class="simple">
+<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="key-derivation-and-pseudorandom-generation">
+<h1>Key derivation and pseudorandom generation</h1>
+<div class="section" id="psa_key_derivation_operation_t">
+<span id="c.psa_key_derivation_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_key_derivation_s</span> <span class="n">psa_key_derivation_operation_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of the state data structure for key derivation operations.</p>
+<p>Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the structure to all-bits-zero, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to logical zero values, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_KEY_DERIVATION_OPERATION_INIT</span><span class="p">;</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init()</span></code></a> to the structure, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span><span class="p">;</span>
+<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_key_derivation_operation_init</span><span class="p">();</span>
+</pre></div>
+</div>
+</li>
+</ul>
+<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_OPERATION_INIT">
+<span id="c.PSA_KEY_DERIVATION_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_OPERATION_INIT  {0}</span>
+</pre></div>
+</div>
+<p>This macro returns a suitable initializer for a key derivation operation object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">
+<span id="c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY  ((size_t)(-1))</span>
+</pre></div>
+</div>
+<p>Use the maximum possible capacity for a key derivation operation.</p>
+<p>Use this value as the capacity argument when setting up a key derivation to indicate that the operation should have the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.</p>
+</div>
+<div class="section" id="psa_key_derivation_operation_init">
+<span id="c.psa_key_derivation_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="nf">psa_key_derivation_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Return an initial value for a key derivation operation object.</p>
+</div>
+<div class="section" id="psa_key_derivation_setup">
+<span id="c.psa_key_derivation_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_setup</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                      <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to set up. It must have been initialized but not set up yet.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The key derivation algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a key derivation algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a key derivation algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set up a key derivation operation.</p>
+<p>A key derivation algorithm takes some inputs and uses them to generate a byte stream in a deterministic way. This byte stream can be used to produce keys and other cryptographic material.</p>
+<p>To derive a key:</p>
+<ul class="simple">
+<li>Start with an initialized object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> to select the algorithm.</li>
+<li>Provide the inputs for the key derivation by calling <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> or <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_key()</span></code></a> as appropriate. Which inputs are needed, in what order, and whether they may be keys and if so of what type depends on the algorithm.</li>
+<li>Optionally set the operation’s maximum capacity with <a class="reference internal" href="#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity()</span></code></a>. You may do this before, in the middle of or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.</li>
+<li>To derive a key, call <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a>. To derive a byte string for a different purpose, call</li>
+<li><a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes()</span></code></a>. Successive calls to these functions use successive output bytes calculated by the key derivation algorithm.</li>
+<li>Clean up the key derivation operation object with <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_key_derivation_get_capacity">
+<span id="c.psa_key_derivation_get_capacity"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_get_capacity</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">capacity</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation to query.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">capacity</span></code></dt>
+<dd>On success, the capacity of the operation.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Retrieve the current capacity of a key derivation operation.</p>
+<p>The capacity of a key derivation is the maximum number of bytes that it can return. When you get <em>N</em> bytes of output from a key derivation operation, this reduces its capacity by <em>N</em>.</p>
+</div>
+<div class="section" id="psa_key_derivation_set_capacity">
+<span id="c.psa_key_derivation_set_capacity"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_set_capacity</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                             <span class="kt">size_t</span> <span class="n">capacity</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to modify.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">capacity</span></code></dt>
+<dd>The new capacity of the operation. It must be less or equal to the operation’s current capacity.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">capacity</span></code> is larger than the operation’s current capacity. In this case, the operation object remains valid and its capacity remains unchanged.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Set the maximum capacity of a key derivation operation.</p>
+<p>The capacity of a key derivation operation is the maximum number of bytes that the key derivation operation can return from this point onwards.</p>
+</div>
+<div class="section" id="psa_key_derivation_input_bytes">
+<span id="c.psa_key_derivation_input_bytes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_input_bytes</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                            <span class="n">psa_key_derivation_step_t</span> <span class="n">step</span><span class="p">,</span>
+                                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
+                                            <span class="kt">size_t</span> <span class="n">data_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">step</span></code></dt>
+<dd>Which step the input data is for.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
+<dd>Input data to use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> does not allow direct inputs.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The value of <code class="docutils literal notranslate"><span class="pre">step</span></code> is not valid given the state of <code class="docutils literal notranslate"><span class="pre">operation</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Provide an input for key derivation or key agreement.</p>
+<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
+<p>This function passes direct inputs. Some inputs must be passed as keys using <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_key()</span></code></a> instead of this function. Refer to the documentation of individual step types for information.</p>
+</div>
+<div class="section" id="psa_key_derivation_input_key">
+<span id="c.psa_key_derivation_input_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_input_key</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                          <span class="n">psa_key_derivation_step_t</span> <span class="n">step</span><span class="p">,</span>
+                                          <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">step</span></code></dt>
+<dd>Which step the input data is for.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>Handle to the key. It must have an appropriate type for <code class="docutils literal notranslate"><span class="pre">step</span></code> and must allow the usage <a class="reference internal" href="#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> does not allow key inputs.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The value of <code class="docutils literal notranslate"><span class="pre">step</span></code> is not valid given the state of <code class="docutils literal notranslate"><span class="pre">operation</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Provide an input for key derivation in the form of a key.</p>
+<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
+<p>This function passes key inputs. Some inputs must be passed as keys of the appropriate type using this function, while others must be passed as direct inputs using <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes()</span></code></a>. Refer to the documentation of individual step types for information.</p>
+</div>
+<div class="section" id="psa_key_derivation_key_agreement">
+<span id="c.psa_key_derivation_key_agreement"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_key_agreement</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                              <span class="n">psa_key_derivation_step_t</span> <span class="n">step</span><span class="p">,</span>
+                                              <span class="n">psa_key_handle_t</span> <span class="n">private_key</span><span class="p">,</span>
+                                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">peer_key</span><span class="p">,</span>
+                                              <span class="kt">size_t</span> <span class="n">peer_key_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> with a key agreement and derivation algorithm <code class="docutils literal notranslate"><span class="pre">alg</span></code> (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true and <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is false). The operation must be ready for an input of the type given by <code class="docutils literal notranslate"><span class="pre">step</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">step</span></code></dt>
+<dd>Which step the input data is for.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">private_key</span></code></dt>
+<dd>Handle to the private key to use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">peer_key</span></code></dt>
+<dd>Public key of the peer. The peer key must be in the same format that <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key</span></code></a>(…, <code class="docutils literal notranslate"><span class="pre">peer_key</span></code>, <code class="docutils literal notranslate"><span class="pre">peer_key_length</span></code>) where with key attributes indicating the public key type corresponding to the type of <code class="docutils literal notranslate"><span class="pre">private_key</span></code>. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">peer_key_length</span></code></dt>
+<dd>Size of <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>, or <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> is not valid for <code class="docutils literal notranslate"><span class="pre">alg</span></code> or not compatible with <code class="docutils literal notranslate"><span class="pre">private_key</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a key derivation algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
+<p>A key agreement algorithm takes two inputs: a private key <code class="docutils literal notranslate"><span class="pre">private_key</span></code> a public key <code class="docutils literal notranslate"><span class="pre">peer_key</span></code>. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting operation to produce keys and other cryptographic material.</p>
+</div>
+<div class="section" id="psa_key_derivation_output_bytes">
+<span id="c.psa_key_derivation_output_bytes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_output_bytes</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                                             <span class="kt">size_t</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to read from.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output will be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>Number of bytes to output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The operation’s capacity was less than <code class="docutils literal notranslate"><span class="pre">output_length</span></code> bytes. Note that in this case, no output is written to the output buffer. The operation’s capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Read some data from a key derivation operation.</p>
+<p>This function calculates output bytes from a key derivation algorithm and return those bytes. If you view the key derivation’s output as a stream of bytes, this function destructively reads the requested number of bytes from the stream. The operation’s capacity decreases by the number of bytes read.</p>
+</div>
+<div class="section" id="psa_key_derivation_output_key">
+<span id="c.psa_key_derivation_output_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_output_key</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                                           <span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
+                                           <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attributes for the new key.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to read from.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>There was not enough data to create the desired key. Note that in this case, no output is written to the output buffer. The operation’s capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The key type or key size is not supported, either by the implementation in general or in this particular location.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Derive a key from an ongoing key derivation operation.</p>
+<p>This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. If you view the key derivation’s output as a stream of bytes, this function destructively reads as many bytes as required from the stream. The operation’s capacity decreases by the number of bytes read.</p>
+<p>How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:</p>
+<ul class="simple">
+<li>For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code></a> and passing the resulting output to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key</span></code></a>. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly (<code class="docutils literal notranslate"><span class="pre">bits</span></code> / 8) bytes from the operation. The following key types defined in this specification follow this scheme:<ul>
+<li><a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>;</li>
+<li><a class="reference internal" href="#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a>;</li>
+<li><a class="reference internal" href="#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a>;</li>
+<li><a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a>;</li>
+<li><a class="reference internal" href="#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a>.</li>
+</ul>
+</li>
+<li>For ECC keys on a Montgomery elliptic curve (<a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">curve</span></code>) where <code class="docutils literal notranslate"><span class="pre">curve</span></code> designates a Montgomery curve), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:<ul>
+<li><a class="reference internal" href="#c.PSA_ECC_CURVE_CURVE25519" title="PSA_ECC_CURVE_CURVE25519"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code></a>: draw a 32-byte string and process it as specified in RFC 7748 §5.</li>
+<li><a class="reference internal" href="#c.PSA_ECC_CURVE_CURVE448" title="PSA_ECC_CURVE_CURVE448"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code></a>: draw a 56-byte string and process it as specified in RFC 7748 §5.</li>
+</ul>
+</li>
+<li>For key types for which the key is represented by a single sequence of <code class="docutils literal notranslate"><span class="pre">bits</span></code> bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length (<code class="docutils literal notranslate"><span class="pre">bits</span></code> / 8) bytes rounded up to the nearest whole number of bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a>. The following key types defined in this specification follow this scheme:<ul>
+<li><a class="reference internal" href="#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>. Force-set the parity bits, but discard forbidden weak keys. For 2-key and 3-key triple-DES, the three keys are generated successively (for example, for 3-key triple-DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys).</li>
+<li>Finite-field Diffie-Hellman keys (<a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">group</span></code>) where <code class="docutils literal notranslate"><span class="pre">group</span></code> designates any Diffie-Hellman group) and ECC keys on a Weierstrass elliptic curve (<a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">curve</span></code>) where <code class="docutils literal notranslate"><span class="pre">curve</span></code> designates a Weierstrass curve). For these key types, interpret the byte string as integer in big-endian order. Discard it if it is not in the range [0, <em>N</em> - 2] where <em>N</em> is the boundary of the private key domain (the prime <em>p</em> for Diffie-Hellman, the subprime <em>q</em> for DSA, or the order of the curve’s base point for ECC). Add 1 to the resulting integer and use this as the private key <em>x</em>. This method allows compliance to NIST standards, specifically the methods titled “key-pair generation by testing candidates” in NIST SP 800-56A §5.6.1.1.4 for Diffie-Hellman, in FIPS 186-4 §B.1.2 for DSA, and in NIST SP 800-56A §5.6.1.2.2 or FIPS 186-4 §B.4.2 for elliptic curve keys.</li>
+</ul>
+</li>
+<li>For other key types, including <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the way in which the operation output is consumed is implementation-defined.</li>
+</ul>
+<p>In all cases, the data that is read is discarded from the operation. The operation’s capacity is decreased by the number of bytes read.</p>
+</div>
+<div class="section" id="psa_key_derivation_abort">
+<span id="c.psa_key_derivation_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_abort</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
+<dd>The operation to abort.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Abort a key derivation operation.</p>
+<p>Once a key derivation operation has been aborted, its capacity is zero. Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself.</p>
+<p>This function may be called at any time as long as the operation object has been initialized to <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>, to <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init()</span></code></a> or a zero value. In particular, it is valid to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort()</span></code></a> twice, or to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort()</span></code></a> on an operation that has not been set up.</p>
+<p>Once aborted, the key derivation operation object may be called.</p>
+</div>
+<div class="section" id="psa_raw_key_agreement">
+<span id="c.psa_raw_key_agreement"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_raw_key_agreement</span><span class="p">(</span><span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
+                                   <span class="n">psa_key_handle_t</span> <span class="n">private_key</span><span class="p">,</span>
+                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">peer_key</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="n">peer_key_length</span><span class="p">,</span>
+                                   <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
+                                   <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The key agreement algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">private_key</span></code></dt>
+<dd>Handle to the private key to use.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">peer_key</span></code></dt>
+<dd>Public key of the peer. It must be in the same format that <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> accepts. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">peer_key_length</span></code></dt>
+<dd>Size of <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Buffer where the decrypted message is to be written.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a key agreement algorithm</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>, or <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> is not valid for <code class="docutils literal notranslate"><span class="pre">alg</span></code> or not compatible with <code class="docutils literal notranslate"><span class="pre">private_key</span></code>.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key agreement algorithm.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Perform a key agreement and return the raw shared secret.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should not be used directly as key material. It should instead be passed as input to a key derivation algorithm. To chain a key agreement with a key derivation, use <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> and other functions from the key derivation interface.</p>
+</div>
+</div>
+</div>
+<div class="section" id="random-generation">
+<h1>Random generation</h1>
+<div class="section" id="psa_generate_random">
+<span id="c.psa_generate_random"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_generate_random</span><span class="p">(</span><span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
+                                 <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
+<dd>Output buffer for the generated data.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
+<dd>Number of bytes to generate and output.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Generate random bytes.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function <strong>can</strong> fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To generate a key, use <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a> instead.</p>
+</div>
+</div>
+<div class="section" id="psa_generate_key">
+<span id="c.psa_generate_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code> (function)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_generate_key</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
+                              <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
+<dd>The attributes for the new key.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
+<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Generate a key or key pair.</p>
+<p>The key is generated randomly. Its location, policy, type and size are taken from <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
+<p>The following type-specific considerations apply:</p>
+<ul class="simple">
+<li>For RSA keys (<a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="error-codes">
+<h1>Error codes</h1>
+<div class="section" id="psa_status_t">
+<span id="c.psa_status_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">int32_t</span> <span class="n">psa_status_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Function return status.</p>
+<p>This is either <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a> (which is zero), indicating success, or a small negative value indicating that an error occurred. Errors are encoded as one of the <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_xxx</span></code> values defined here.</p>
+</div>
+<div class="section" id="PSA_SUCCESS">
+<span id="c.PSA_SUCCESS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_SUCCESS  ((psa_status_t)0)</span>
+</pre></div>
+</div>
+<p>The action was completed successfully.</p>
+</div>
+<div class="section" id="PSA_ERROR_GENERIC_ERROR">
+<span id="c.PSA_ERROR_GENERIC_ERROR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_GENERIC_ERROR  ((psa_status_t)-132)</span>
+</pre></div>
+</div>
+<p>An error occurred that does not correspond to any defined failure cause.</p>
+<p>Implementations may use this error code if none of the other standard error codes are applicable.</p>
+</div>
+<div class="section" id="PSA_ERROR_NOT_SUPPORTED">
+<span id="c.PSA_ERROR_NOT_SUPPORTED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_NOT_SUPPORTED  ((psa_status_t)-134)</span>
+</pre></div>
+</div>
+<p>The requested operation or a parameter is not supported by this implementation.</p>
+<p>Implementations should return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> instead.</p>
+</div>
+<div class="section" id="PSA_ERROR_NOT_PERMITTED">
+<span id="c.PSA_ERROR_NOT_PERMITTED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_NOT_PERMITTED  ((psa_status_t)-133)</span>
+</pre></div>
+</div>
+<p>The requested action is denied by a policy.</p>
+<p>Implementations should return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.</p>
+<p>If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns <a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ERROR_BUFFER_TOO_SMALL">
+<span id="c.PSA_ERROR_BUFFER_TOO_SMALL"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_BUFFER_TOO_SMALL  ((psa_status_t)-138)</span>
+</pre></div>
+</div>
+<p>An output buffer is too small.</p>
+<p>Applications can call the <code class="docutils literal notranslate"><span class="pre">PSA_xxx_SIZE</span></code> macro listed in the function description to determine a sufficient buffer size.</p>
+<p>Implementations should preferably return this error code only in cases when performing the operation with a larger output buffer would succeed. However implementations may return this error if a function has invalid or unsupported parameters in addition to the parameters that determine the necessary output buffer size.</p>
+</div>
+<div class="section" id="PSA_ERROR_ALREADY_EXISTS">
+<span id="c.PSA_ERROR_ALREADY_EXISTS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_ALREADY_EXISTS  ((psa_status_t)-139)</span>
+</pre></div>
+</div>
+<p>Asking for an item that already exists.</p>
+<p>Implementations should return this error, when attempting to write an item (like a key) that already exists.</p>
+</div>
+<div class="section" id="PSA_ERROR_DOES_NOT_EXIST">
+<span id="c.PSA_ERROR_DOES_NOT_EXIST"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_DOES_NOT_EXIST  ((psa_status_t)-140)</span>
+</pre></div>
+</div>
+<p>Asking for an item that doesn’t exist.</p>
+<p>Implementations should return this error, if a requested item (like a key) does not exist.</p>
+</div>
+<div class="section" id="PSA_ERROR_BAD_STATE">
+<span id="c.PSA_ERROR_BAD_STATE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_BAD_STATE  ((psa_status_t)-137)</span>
+</pre></div>
+</div>
+<p>The requested action cannot be performed in the current state.</p>
+<p>Multipart operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.</p>
+<p>Implementations shall not return this error code to indicate that a key either exists or not, but shall instead return <a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a> as applicable.</p>
+<p>Implementations shall not return this error code to indicate that a key handle is invalid, but shall return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_ARGUMENT">
+<span id="c.PSA_ERROR_INVALID_ARGUMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_ARGUMENT  ((psa_status_t)-135)</span>
+</pre></div>
+</div>
+<p>The parameters passed to the function are invalid.</p>
+<p>Implementations may return this error any time a parameter or combination of parameters are recognized as invalid.</p>
+<p>Implementations shall not return this error code to indicate that a key handle is invalid, but shall return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_MEMORY">
+<span id="c.PSA_ERROR_INSUFFICIENT_MEMORY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_MEMORY  ((psa_status_t)-141)</span>
+</pre></div>
+</div>
+<p>There is not enough runtime memory.</p>
+<p>If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_STORAGE">
+<span id="c.PSA_ERROR_INSUFFICIENT_STORAGE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)-142)</span>
+</pre></div>
+</div>
+<p>There is not enough persistent storage.</p>
+<p>Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage may return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.</p>
+</div>
+<div class="section" id="PSA_ERROR_COMMUNICATION_FAILURE">
+<span id="c.PSA_ERROR_COMMUNICATION_FAILURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_COMMUNICATION_FAILURE  ((psa_status_t)-145)</span>
+</pre></div>
+</div>
+<p>There was a communication failure inside the implementation.</p>
+<p>This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure may be transient or permanent depending on the cause.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">If a function returns this error, it is undetermined whether the requested action has completed or not. Implementations should return <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a> on successful completion whenver possible, however functions may return <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a> if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.</p>
+</div>
+</div>
+<div class="section" id="PSA_ERROR_STORAGE_FAILURE">
+<span id="c.PSA_ERROR_STORAGE_FAILURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_STORAGE_FAILURE  ((psa_status_t)-146)</span>
+</pre></div>
+</div>
+<p>There was a storage failure that may have led to data loss.</p>
+<p>This error indicates that some persistent storage is corrupted. It should not be used for a corruption of volatile memory (use <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a>), for a communication error between the cryptoprocessor and its external storage (use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>), or when the storage is in a valid state but is full (use <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a>).</p>
+<p>Note that a storage failure does not indicate that any data that was previously read is invalid. However this previously read data may no longer be readable from storage.</p>
+<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data may or may not fail even if the data is still readable but its integrity cannot be guaranteed.</p>
+<p>Implementations should only use this error code to report a permanent storage corruption. However application writers should keep in mind that transient errors while reading the storage may be reported using this error code.</p>
+</div>
+<div class="section" id="PSA_ERROR_HARDWARE_FAILURE">
+<span id="c.PSA_ERROR_HARDWARE_FAILURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_HARDWARE_FAILURE  ((psa_status_t)-147)</span>
+</pre></div>
+</div>
+<p>A hardware failure was detected.</p>
+<p>A hardware failure may be transient or permanent depending on the cause.</p>
+</div>
+<div class="section" id="PSA_ERROR_CORRUPTION_DETECTED">
+<span id="c.PSA_ERROR_CORRUPTION_DETECTED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_CORRUPTION_DETECTED  ((psa_status_t)-151)</span>
+</pre></div>
+</div>
+<p>A tampering attempt was detected.</p>
+<p>If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. Applications should not perform any security function and should enter a safe failure state.</p>
+<p>Implementations may return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation’s security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation may forcibly terminate the application.</p>
+<p>This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations shall only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations shall not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation (use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a> or other applicable error code instead).</p>
+<p>This error indicates an attack against the application. Implementations shall not return this error code as a consequence of the behavior of the application itself.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_ENTROPY">
+<span id="c.PSA_ERROR_INSUFFICIENT_ENTROPY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)-148)</span>
+</pre></div>
+</div>
+<p>There is not enough entropy to generate random data needed for the requested action.</p>
+<p>This error indicates a failure of a hardware random generator. Application writers should note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.</p>
+<p>Implementations should avoid returning this error after <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a> has succeeded. Implementations should generate sufficient entropy during initialization and subsequently use a cryptographically secure pseudorandom generator (PRNG). However implementations may return this error at any time if a policy requires the PRNG to be reseeded during normal operation.</p>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_SIGNATURE">
+<span id="c.PSA_ERROR_INVALID_SIGNATURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_SIGNATURE  ((psa_status_t)-149)</span>
+</pre></div>
+</div>
+<p>The signature, MAC or hash is incorrect.</p>
+<p>Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.</p>
+<p>If the value to verify has an invalid size, implementations may return either <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_PADDING">
+<span id="c.PSA_ERROR_INVALID_PADDING"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_PADDING  ((psa_status_t)-150)</span>
+</pre></div>
+</div>
+<p>The decrypted padding is incorrect.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Applications should prefer protocols that use authenticated encryption rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer should take care not to reveal whether the padding is invalid.</p>
+</div>
+<p>Implementations should strive to make valid and invalid padding as close as possible to indistinguishable to an external observer. In particular, the timing of a decryption operation should not depend on the validity of the padding.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_DATA">
+<span id="c.PSA_ERROR_INSUFFICIENT_DATA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_DATA  ((psa_status_t)-143)</span>
+</pre></div>
+</div>
+<p>Return this error when there’s insufficient data when attempting to read from a resource.</p>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_HANDLE">
+<span id="c.PSA_ERROR_INVALID_HANDLE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_HANDLE  ((psa_status_t)-136)</span>
+</pre></div>
+</div>
+<p>The key handle is not valid.</p>
+</div>
+</div>
+<div class="section" id="key-and-algorithm-types">
+<h1>Key and algorithm types</h1>
+<div class="section" id="psa_key_type_t">
+<span id="c.psa_key_type_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_type_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Encoding of a key type.</p>
+</div>
+<div class="section" id="psa_ecc_curve_t">
+<span id="c.psa_ecc_curve_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint16_t</span> <span class="n">psa_ecc_curve_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of PSA elliptic curve identifiers.</p>
+</div>
+<div class="section" id="psa_dh_group_t">
+<span id="c.psa_dh_group_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_dh_group_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint16_t</span> <span class="n">psa_dh_group_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>The type of PSA Diffie-Hellman group identifiers.</p>
+</div>
+<div class="section" id="psa_algorithm_t">
+<span id="c.psa_algorithm_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_algorithm_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Encoding of a cryptographic algorithm.</p>
+<p>For algorithms that can be applied to multiple key types, this type does not encode the key type. For example, for symmetric ciphers based on a block cipher, <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> encodes the block cipher mode and the padding mode while the block cipher itself is encoded via <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_NONE">
+<span id="c.PSA_KEY_TYPE_NONE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_NONE  ((psa_key_type_t)0x00000000)</span>
+</pre></div>
+</div>
+<p>An invalid key type value.</p>
+<p>Zero is not the encoding of any key type.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_VENDOR_FLAG">
+<span id="c.PSA_KEY_TYPE_VENDOR_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_VENDOR_FLAG  ((psa_key_type_t)0x80000000)</span>
+</pre></div>
+</div>
+<p>Vendor-defined flag.</p>
+<p>Key types defined by this standard will never have the <a class="reference internal" href="#c.PSA_KEY_TYPE_VENDOR_FLAG" title="PSA_KEY_TYPE_VENDOR_FLAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code></a> bit set. Vendors who define additional key types must use an encoding with the <a class="reference internal" href="#c.PSA_KEY_TYPE_VENDOR_FLAG" title="PSA_KEY_TYPE_VENDOR_FLAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code></a> bit set and should respect the bitwise structure used by standard encodings whenever practical.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CATEGORY_MASK">
+<span id="c.PSA_KEY_TYPE_CATEGORY_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_MASK  ((psa_key_type_t)0x70000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CATEGORY_SYMMETRIC">
+<span id="c.PSA_KEY_TYPE_CATEGORY_SYMMETRIC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC  ((psa_key_type_t)0x40000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CATEGORY_RAW">
+<span id="c.PSA_KEY_TYPE_CATEGORY_RAW"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_RAW  ((psa_key_type_t)0x50000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY  ((psa_key_type_t)0x60000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CATEGORY_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_CATEGORY_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR  ((psa_key_type_t)0x70000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CATEGORY_FLAG_PAIR">
+<span id="c.PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR  ((psa_key_type_t)0x10000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_VENDOR_DEFINED">
+<span id="c.PSA_KEY_TYPE_IS_VENDOR_DEFINED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \</span>
+<span class="cp">    (((type) &amp; PSA_KEY_TYPE_VENDOR_FLAG) != 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is vendor-defined.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_UNSTRUCTURED">
+<span id="c.PSA_KEY_TYPE_IS_UNSTRUCTURED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \</span>
+<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK &amp; ~(psa_key_type_t)0x10000000) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is an unstructured array of bytes.</p>
+<p>This encompasses both symmetric keys and non-key data.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ASYMMETRIC">
+<span id="c.PSA_KEY_TYPE_IS_ASYMMETRIC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \</span>
+<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is asymmetric: either a key pair or a public key.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_IS_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \</span>
+<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is the public part of a key pair.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_IS_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_KEY_PAIR(type) \</span>
+<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is a key pair containing a private part and a public part.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \</span>
+<span class="cp">    ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd>A public key type or key pair type.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding key pair type. If <code class="docutils literal notranslate"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The key pair type corresponding to a public key type.</p>
+<p>You may also pass a key pair type as <code class="docutils literal notranslate"><span class="pre">type</span></code>, it will be left unchanged.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \</span>
+<span class="cp">    ((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd>A public key type or key pair type.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding public key type. If <code class="docutils literal notranslate"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The public key type corresponding to a key pair type.</p>
+<p>You may also pass a key pair type as <code class="docutils literal notranslate"><span class="pre">type</span></code>, it will be left unchanged.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_RAW_DATA">
+<span id="c.PSA_KEY_TYPE_RAW_DATA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_RAW_DATA  ((psa_key_type_t)0x50000001)</span>
+</pre></div>
+</div>
+<p>Raw data.</p>
+<p>A “key” of this type cannot be used for any cryptographic operation. Applications may use this type to store arbitrary data in the keystore.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_HMAC">
+<span id="c.PSA_KEY_TYPE_HMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_HMAC  ((psa_key_type_t)0x51000000)</span>
+</pre></div>
+</div>
+<p>HMAC key.</p>
+<p>The key policy determines which underlying hash algorithm the key can be used for.</p>
+<p>HMAC keys should generally have the same size as the underlying hash. This size can be calculated with <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the HMAC algorithm or the underlying hash algorithm.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DERIVE">
+<span id="c.PSA_KEY_TYPE_DERIVE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DERIVE  ((psa_key_type_t)0x52000000)</span>
+</pre></div>
+</div>
+<p>A secret for key derivation.</p>
+<p>The key policy determines which key derivation algorithm the key can be used for.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_AES">
+<span id="c.PSA_KEY_TYPE_AES"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_AES  ((psa_key_type_t)0x40000001)</span>
+</pre></div>
+</div>
+<p>Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.</p>
+<p>The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DES">
+<span id="c.PSA_KEY_TYPE_DES"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DES  ((psa_key_type_t)0x40000002)</span>
+</pre></div>
+</div>
+<p>Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).</p>
+<p>The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or 24 bytes (3-key 3DES).</p>
+<p>Note that single DES and 2-key 3DES are weak and strongly deprecated and should only be used to decrypt legacy data. 3-key 3DES is weak and deprecated and should only be used in legacy protocols.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CAMELLIA">
+<span id="c.PSA_KEY_TYPE_CAMELLIA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CAMELLIA  ((psa_key_type_t)0x40000003)</span>
+</pre></div>
+</div>
+<p>Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ARC4">
+<span id="c.PSA_KEY_TYPE_ARC4"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ARC4  ((psa_key_type_t)0x40000004)</span>
+</pre></div>
+</div>
+<p>Key for the RC4 stream cipher.</p>
+<p>Note that RC4 is weak and deprecated and should only be used in legacy protocols.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CHACHA20">
+<span id="c.PSA_KEY_TYPE_CHACHA20"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CHACHA20  ((psa_key_type_t)0x40000005)</span>
+</pre></div>
+</div>
+<p>Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.</p>
+<p>ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.</p>
+<p>Implementations must support 12-byte nonces, may support 8-byte nonces, and should reject other sizes.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_RSA_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_RSA_PUBLIC_KEY  ((psa_key_type_t)0x60010000)</span>
+</pre></div>
+</div>
+<p>RSA public key.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_RSA_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_RSA_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_RSA_KEY_PAIR  ((psa_key_type_t)0x70010000)</span>
+</pre></div>
+</div>
+<p>RSA key pair (private and public key).</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_RSA">
+<span id="c.PSA_KEY_TYPE_IS_RSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_RSA(type) \</span>
+<span class="cp">    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is an RSA key (pair or public-only).</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE">
+<span id="c.PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE  ((psa_key_type_t)0x60030000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_KEY_PAIR_BASE">
+<span id="c.PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE  ((psa_key_type_t)0x70030000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_CURVE_MASK">
+<span id="c.PSA_KEY_TYPE_ECC_CURVE_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_CURVE_MASK  ((psa_key_type_t)0x0000ffff)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_ECC_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \</span>
+<span class="cp">    (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">curve</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Elliptic curve key pair.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \</span>
+<span class="cp">    (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">curve</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Elliptic curve public key.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ECC">
+<span id="c.PSA_KEY_TYPE_IS_ECC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ECC(type) \</span>
+<span class="cp">    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is an elliptic curve key (pair or public-only).</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \</span>
+<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is an elliptic curve key pair.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \</span>
+<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is an elliptic curve public key.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_GET_CURVE">
+<span id="c.PSA_KEY_TYPE_GET_CURVE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_GET_CURVE(type) \</span>
+<span class="cp">    ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ? ((type) &amp; PSA_KEY_TYPE_ECC_CURVE_MASK) : 0))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Extract the curve from an elliptic curve key type.</p>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT163K1">
+<span id="c.PSA_ECC_CURVE_SECT163K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT163K1  ((psa_ecc_curve_t) 0x0001)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT163R1">
+<span id="c.PSA_ECC_CURVE_SECT163R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT163R1  ((psa_ecc_curve_t) 0x0002)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT163R2">
+<span id="c.PSA_ECC_CURVE_SECT163R2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT163R2  ((psa_ecc_curve_t) 0x0003)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT193R1">
+<span id="c.PSA_ECC_CURVE_SECT193R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT193R1  ((psa_ecc_curve_t) 0x0004)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT193R2">
+<span id="c.PSA_ECC_CURVE_SECT193R2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT193R2  ((psa_ecc_curve_t) 0x0005)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT233K1">
+<span id="c.PSA_ECC_CURVE_SECT233K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT233K1  ((psa_ecc_curve_t) 0x0006)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT233R1">
+<span id="c.PSA_ECC_CURVE_SECT233R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT233R1  ((psa_ecc_curve_t) 0x0007)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT239K1">
+<span id="c.PSA_ECC_CURVE_SECT239K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT239K1  ((psa_ecc_curve_t) 0x0008)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT283K1">
+<span id="c.PSA_ECC_CURVE_SECT283K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT283K1  ((psa_ecc_curve_t) 0x0009)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT283R1">
+<span id="c.PSA_ECC_CURVE_SECT283R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT283R1  ((psa_ecc_curve_t) 0x000a)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT409K1">
+<span id="c.PSA_ECC_CURVE_SECT409K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT409K1  ((psa_ecc_curve_t) 0x000b)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT409R1">
+<span id="c.PSA_ECC_CURVE_SECT409R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT409R1  ((psa_ecc_curve_t) 0x000c)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT571K1">
+<span id="c.PSA_ECC_CURVE_SECT571K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT571K1  ((psa_ecc_curve_t) 0x000d)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECT571R1">
+<span id="c.PSA_ECC_CURVE_SECT571R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT571R1  ((psa_ecc_curve_t) 0x000e)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP160K1">
+<span id="c.PSA_ECC_CURVE_SECP160K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP160K1  ((psa_ecc_curve_t) 0x000f)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP160R1">
+<span id="c.PSA_ECC_CURVE_SECP160R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP160R1  ((psa_ecc_curve_t) 0x0010)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP160R2">
+<span id="c.PSA_ECC_CURVE_SECP160R2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP160R2  ((psa_ecc_curve_t) 0x0011)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP192K1">
+<span id="c.PSA_ECC_CURVE_SECP192K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP192K1  ((psa_ecc_curve_t) 0x0012)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP192R1">
+<span id="c.PSA_ECC_CURVE_SECP192R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP192R1  ((psa_ecc_curve_t) 0x0013)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP224K1">
+<span id="c.PSA_ECC_CURVE_SECP224K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP224K1  ((psa_ecc_curve_t) 0x0014)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP224R1">
+<span id="c.PSA_ECC_CURVE_SECP224R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP224R1  ((psa_ecc_curve_t) 0x0015)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP256K1">
+<span id="c.PSA_ECC_CURVE_SECP256K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP256K1  ((psa_ecc_curve_t) 0x0016)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP256R1">
+<span id="c.PSA_ECC_CURVE_SECP256R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP256R1  ((psa_ecc_curve_t) 0x0017)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP384R1">
+<span id="c.PSA_ECC_CURVE_SECP384R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP384R1  ((psa_ecc_curve_t) 0x0018)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_SECP521R1">
+<span id="c.PSA_ECC_CURVE_SECP521R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP521R1  ((psa_ecc_curve_t) 0x0019)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_BRAINPOOL_P256R1">
+<span id="c.PSA_ECC_CURVE_BRAINPOOL_P256R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BRAINPOOL_P256R1  ((psa_ecc_curve_t) 0x001a)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_BRAINPOOL_P384R1">
+<span id="c.PSA_ECC_CURVE_BRAINPOOL_P384R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BRAINPOOL_P384R1  ((psa_ecc_curve_t) 0x001b)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_BRAINPOOL_P512R1">
+<span id="c.PSA_ECC_CURVE_BRAINPOOL_P512R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BRAINPOOL_P512R1  ((psa_ecc_curve_t) 0x001c)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_CURVE25519">
+<span id="c.PSA_ECC_CURVE_CURVE25519"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_CURVE25519  ((psa_ecc_curve_t) 0x001d)</span>
+</pre></div>
+</div>
+<p>Curve25519.</p>
+<p>This is the curve defined in Bernstein et al., <em>Curve25519: new Diffie-Hellman speed records</em>, LNCS 3958, 2006. The algorithm <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X25519 when used with this curve.</p>
+</div>
+<div class="section" id="PSA_ECC_CURVE_CURVE448">
+<span id="c.PSA_ECC_CURVE_CURVE448"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_CURVE448  ((psa_ecc_curve_t) 0x001e)</span>
+</pre></div>
+</div>
+<p>Curve448.</p>
+<p>This is the curve defined in Hamburg, <em>Ed448-Goldilocks, a new elliptic curve</em>, NIST ECC Workshop, 2015. The algorithm <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X448 when used with this curve.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE">
+<span id="c.PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE  ((psa_key_type_t)0x60040000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_KEY_PAIR_BASE">
+<span id="c.PSA_KEY_TYPE_DH_KEY_PAIR_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE  ((psa_key_type_t)0x70040000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_GROUP_MASK">
+<span id="c.PSA_KEY_TYPE_DH_GROUP_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_GROUP_MASK  ((psa_key_type_t)0x0000ffff)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_DH_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_KEY_PAIR(group) \</span>
+<span class="cp">    (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">group</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Diffie-Hellman key pair.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_DH_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \</span>
+<span class="cp">    (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">group</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Diffie-Hellman public key.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_DH">
+<span id="c.PSA_KEY_TYPE_IS_DH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_DH(type) \</span>
+<span class="cp">    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &amp; ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is a Diffie-Hellman key (pair or public-only).</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_DH_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \</span>
+<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_KEY_PAIR_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is a Diffie-Hellman key pair.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \</span>
+<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether a key type is a Diffie-Hellman public key.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_GET_GROUP">
+<span id="c.PSA_KEY_TYPE_GET_GROUP"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_GET_GROUP(type) \</span>
+<span class="cp">    ((psa_dh_group_t) (PSA_KEY_TYPE_IS_DH(type) ? ((type) &amp; PSA_KEY_TYPE_DH_GROUP_MASK) : 0))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Extract the group from a Diffie-Hellman key type.</p>
+</div>
+<div class="section" id="PSA_DH_GROUP_FFDHE2048">
+<span id="c.PSA_DH_GROUP_FFDHE2048"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE2048  ((psa_dh_group_t) 0x0100)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_DH_GROUP_FFDHE3072">
+<span id="c.PSA_DH_GROUP_FFDHE3072"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE3072  ((psa_dh_group_t) 0x0101)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_DH_GROUP_FFDHE4096">
+<span id="c.PSA_DH_GROUP_FFDHE4096"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE4096  ((psa_dh_group_t) 0x0102)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_DH_GROUP_FFDHE6144">
+<span id="c.PSA_DH_GROUP_FFDHE6144"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE6144  ((psa_dh_group_t) 0x0103)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_DH_GROUP_FFDHE8192">
+<span id="c.PSA_DH_GROUP_FFDHE8192"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE8192  ((psa_dh_group_t) 0x0104)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_BLOCK_CIPHER_BLOCK_SIZE">
+<span id="c.PSA_BLOCK_CIPHER_BLOCK_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \</span>
+<span class="cp">    ( (type) == PSA_KEY_TYPE_AES ? 16 : (type) == PSA_KEY_TYPE_DES ? 8 : (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : (type) == PSA_KEY_TYPE_ARC4 ? 1 : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
+<dd>A cipher key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The block size for a block cipher, or 1 for a stream cipher. The return value is undefined if <code class="docutils literal notranslate"><span class="pre">type</span></code> is not a supported cipher key type.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The block size of a block cipher.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">It is possible to build stream cipher algorithms on top of a block cipher, for example CTR mode (<a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code></a>). This macro only takes the key type into account, so it cannot be used to determine the size of the data that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> might buffer for future processing in general.</p>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This macro returns a compile-time constant if its argument is one.</p>
+</div>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This macro may evaluate its argument multiple times.</p>
+</div>
+</div>
+<div class="section" id="PSA_ALG_VENDOR_FLAG">
+<span id="c.PSA_ALG_VENDOR_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_VENDOR_FLAG  ((psa_algorithm_t)0x80000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_MASK">
+<span id="c.PSA_ALG_CATEGORY_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_MASK  ((psa_algorithm_t)0x7f000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_HASH">
+<span id="c.PSA_ALG_CATEGORY_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_HASH  ((psa_algorithm_t)0x01000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_MAC">
+<span id="c.PSA_ALG_CATEGORY_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_MAC  ((psa_algorithm_t)0x02000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_CIPHER">
+<span id="c.PSA_ALG_CATEGORY_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_CIPHER  ((psa_algorithm_t)0x04000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_AEAD">
+<span id="c.PSA_ALG_CATEGORY_AEAD"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_AEAD  ((psa_algorithm_t)0x06000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_SIGN">
+<span id="c.PSA_ALG_CATEGORY_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_SIGN  ((psa_algorithm_t)0x10000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION">
+<span id="c.PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION  ((psa_algorithm_t)0x12000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_KEY_DERIVATION">
+<span id="c.PSA_ALG_CATEGORY_KEY_DERIVATION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_KEY_DERIVATION  ((psa_algorithm_t)0x20000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CATEGORY_KEY_AGREEMENT">
+<span id="c.PSA_ALG_CATEGORY_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_KEY_AGREEMENT  ((psa_algorithm_t)0x30000000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_IS_VENDOR_DEFINED">
+<span id="c.PSA_ALG_IS_VENDOR_DEFINED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_VENDOR_DEFINED(alg)  (((alg) &amp; PSA_ALG_VENDOR_FLAG) != 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_IS_HASH">
+<span id="c.PSA_ALG_IS_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HASH(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a hash algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a hash algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_MAC">
+<span id="c.PSA_ALG_IS_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_MAC(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a MAC algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a MAC algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_CIPHER">
+<span id="c.PSA_ALG_IS_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_CIPHER(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a symmetric cipher algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a symmetric cipher algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_AEAD">
+<span id="c.PSA_ALG_IS_AEAD"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_AEAD(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an AEAD algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_SIGN">
+<span id="c.PSA_ALG_IS_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_SIGN(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a public-key signature algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a public-key signature algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">
+<span id="c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a public-key encryption algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a public-key encryption algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_KEY_AGREEMENT">
+<span id="c.PSA_ALG_IS_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_KEY_AGREEMENT(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a key agreement algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a key agreement algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_KEY_DERIVATION">
+<span id="c.PSA_ALG_IS_KEY_DERIVATION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_KEY_DERIVATION(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a key derivation algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a key derivation algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_HASH_MASK">
+<span id="c.PSA_ALG_HASH_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HASH_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HASH_MASK  ((psa_algorithm_t)0x000000ff)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_MD2">
+<span id="c.PSA_ALG_MD2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD2</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MD2  ((psa_algorithm_t)0x01000001)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_MD4">
+<span id="c.PSA_ALG_MD4"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD4</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MD4  ((psa_algorithm_t)0x01000002)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_MD5">
+<span id="c.PSA_ALG_MD5"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD5</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MD5  ((psa_algorithm_t)0x01000003)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_RIPEMD160">
+<span id="c.PSA_ALG_RIPEMD160"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RIPEMD160  ((psa_algorithm_t)0x01000004)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_SHA_1">
+<span id="c.PSA_ALG_SHA_1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_1  ((psa_algorithm_t)0x01000005)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_SHA_224">
+<span id="c.PSA_ALG_SHA_224"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_224  ((psa_algorithm_t)0x01000008)</span>
+</pre></div>
+</div>
+<p>SHA2-224.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA_256">
+<span id="c.PSA_ALG_SHA_256"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_256  ((psa_algorithm_t)0x01000009)</span>
+</pre></div>
+</div>
+<p>SHA2-256.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA_384">
+<span id="c.PSA_ALG_SHA_384"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_384  ((psa_algorithm_t)0x0100000a)</span>
+</pre></div>
+</div>
+<p>SHA2-384.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA_512">
+<span id="c.PSA_ALG_SHA_512"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_512  ((psa_algorithm_t)0x0100000b)</span>
+</pre></div>
+</div>
+<p>SHA2-512.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA_512_224">
+<span id="c.PSA_ALG_SHA_512_224"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_512_224  ((psa_algorithm_t)0x0100000c)</span>
+</pre></div>
+</div>
+<p>SHA2-512/224.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA_512_256">
+<span id="c.PSA_ALG_SHA_512_256"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_512_256  ((psa_algorithm_t)0x0100000d)</span>
+</pre></div>
+</div>
+<p>SHA2-512/256.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA3_224">
+<span id="c.PSA_ALG_SHA3_224"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_224  ((psa_algorithm_t)0x01000010)</span>
+</pre></div>
+</div>
+<p>SHA3-224.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA3_256">
+<span id="c.PSA_ALG_SHA3_256"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_256  ((psa_algorithm_t)0x01000011)</span>
+</pre></div>
+</div>
+<p>SHA3-256.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA3_384">
+<span id="c.PSA_ALG_SHA3_384"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_384  ((psa_algorithm_t)0x01000012)</span>
+</pre></div>
+</div>
+<p>SHA3-384.</p>
+</div>
+<div class="section" id="PSA_ALG_SHA3_512">
+<span id="c.PSA_ALG_SHA3_512"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_512  ((psa_algorithm_t)0x01000013)</span>
+</pre></div>
+</div>
+<p>SHA3-512.</p>
+</div>
+<div class="section" id="PSA_ALG_ANY_HASH">
+<span id="c.PSA_ALG_ANY_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ANY_HASH  ((psa_algorithm_t)0x010000ff)</span>
+</pre></div>
+</div>
+<p>In a hash-and-sign algorithm policy, allow any hash algorithm.</p>
+<p>This value may be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. The key may then be used to perform operations using the same signature algorithm parametrized with any supported hash.</p>
+<p>That is, suppose that <code class="docutils literal notranslate"><span class="pre">PSA_xxx_SIGNATURE</span></code> is one of the following macros:</p>
+<ul>
+<li><p class="first"><a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a>, <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code></a>,</p>
+</li>
+<li><p class="first"><a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code></a>, <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>. Then you may create and use a key as follows:</p>
+</li>
+<li><p class="first">Set the key usage field using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, for example:</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_set_key_usage_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">,</span> <span class="n">PSA_KEY_USAGE_SIGN</span><span class="p">);</span> <span class="c1">// or VERIFY</span>
+<span class="n">psa_set_key_algorithm</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_ANY_HASH</span><span class="p">));</span>
+</pre></div>
+</div>
+</li>
+<li><p class="first">Import or generate key material.</p>
+</li>
+<li><p class="first">Call <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a> or <a class="reference internal" href="#c.psa_asymmetric_verify" title="psa_asymmetric_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_verify()</span></code></a>, passing an algorithm built from <code class="docutils literal notranslate"><span class="pre">PSA_xxx_SIGNATURE</span></code> and a specific hash. Each call to sign or verify a message may use a different hash.</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_asymmetric_sign</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_SHA_256</span><span class="p">),</span> <span class="p">...);</span>
+<span class="n">psa_asymmetric_sign</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_SHA_512</span><span class="p">),</span> <span class="p">...);</span>
+<span class="n">psa_asymmetric_sign</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_SHA3_256</span><span class="p">),</span> <span class="p">...);</span>
+</pre></div>
+</div>
+</li>
+</ul>
+<p>This value may not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm <code class="docutils literal notranslate"><span class="pre">alg</span></code>, <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true.</p>
+<p>This value may not be used to build an algorithm specification to perform an operation. It is only valid to build policies.</p>
+</div>
+<div class="section" id="PSA_ALG_MAC_SUBCATEGORY_MASK">
+<span id="c.PSA_ALG_MAC_SUBCATEGORY_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MAC_SUBCATEGORY_MASK  ((psa_algorithm_t)0x00c00000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_HMAC_BASE">
+<span id="c.PSA_ALG_HMAC_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HMAC_BASE  ((psa_algorithm_t)0x02800000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_HMAC">
+<span id="c.PSA_ALG_HMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HMAC(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding HMAC algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build an HMAC algorithm.</p>
+<p>For example, <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code></a>(<a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code></a>) is HMAC-SHA-256.</p>
+</div>
+<div class="section" id="PSA_ALG_HMAC_GET_HASH">
+<span id="c.PSA_ALG_HMAC_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_GET_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HMAC_GET_HASH(hmac_alg) \</span>
+<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hmac_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hmac_alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_IS_HMAC">
+<span id="c.PSA_ALG_IS_HMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HMAC(alg) \</span>
+<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == PSA_ALG_HMAC_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an HMAC algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is an HMAC algorithm.</p>
+<p>HMAC is a family of MAC algorithms that are based on a hash function.</p>
+</div>
+<div class="section" id="PSA_ALG_MAC_TRUNCATION_MASK">
+<span id="c.PSA_ALG_MAC_TRUNCATION_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MAC_TRUNCATION_MASK  ((psa_algorithm_t)0x00003f00)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_MAC_TRUNCATION_OFFSET">
+<span id="c.PSA_MAC_TRUNCATION_OFFSET"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_TRUNCATION_OFFSET  8</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_TRUNCATED_MAC">
+<span id="c.PSA_ALG_TRUNCATED_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \</span>
+<span class="cp">    (((mac_alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK) | ((mac_length) &lt;&lt; PSA_MAC_TRUNCATION_OFFSET &amp; PSA_ALG_MAC_TRUNCATION_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_alg</span></code></dt>
+<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true). This may be a truncated or untruncated MAC algorithm.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
+<dd>Desired length of the truncated MAC in bytes. This must be at most the full length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum shall not be zero.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding MAC algorithm with the specified length.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported MAC algorithm or if <code class="docutils literal notranslate"><span class="pre">mac_length</span></code> is too small or too large for the specified MAC algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build a truncated MAC algorithm.</p>
+<p>A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first <code class="docutils literal notranslate"><span class="pre">mac_length</span></code> bytes of the MAC value for the untruncated algorithm.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This macro may allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.</p>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.</p>
+</div>
+</div>
+<div class="section" id="PSA_ALG_FULL_LENGTH_MAC">
+<span id="c.PSA_ALG_FULL_LENGTH_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \</span>
+<span class="cp">    ((mac_alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_alg</span></code></dt>
+<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true). This may be a truncated or untruncated MAC algorithm.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding base MAC algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported MAC algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build the base MAC algorithm corresponding to a truncated MAC algorithm.</p>
+</div>
+<div class="section" id="PSA_MAC_TRUNCATED_LENGTH">
+<span id="c.PSA_MAC_TRUNCATED_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \</span>
+<span class="cp">    (((mac_alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">mac_alg</span></code></dt>
+<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>Length of the truncated MAC in bytes.</p>
+<p>0 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a non-truncated MAC algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported MAC algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Length to which a MAC algorithm is truncated.</p>
+</div>
+<div class="section" id="PSA_ALG_CIPHER_MAC_BASE">
+<span id="c.PSA_ALG_CIPHER_MAC_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CIPHER_MAC_BASE  ((psa_algorithm_t)0x02c00000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CBC_MAC">
+<span id="c.PSA_ALG_CBC_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CBC_MAC  ((psa_algorithm_t)0x02c00001)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CMAC">
+<span id="c.PSA_ALG_CMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CMAC  ((psa_algorithm_t)0x02c00002)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_GMAC">
+<span id="c.PSA_ALG_GMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GMAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_GMAC  ((psa_algorithm_t)0x02c00003)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_IS_BLOCK_CIPHER_MAC">
+<span id="c.PSA_ALG_IS_BLOCK_CIPHER_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \</span>
+<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == PSA_ALG_CIPHER_MAC_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a MAC algorithm based on a block cipher, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a MAC algorithm based on a block cipher.</p>
+</div>
+<div class="section" id="PSA_ALG_CIPHER_STREAM_FLAG">
+<span id="c.PSA_ALG_CIPHER_STREAM_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CIPHER_STREAM_FLAG  ((psa_algorithm_t)0x00800000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CIPHER_FROM_BLOCK_FLAG">
+<span id="c.PSA_ALG_CIPHER_FROM_BLOCK_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG  ((psa_algorithm_t)0x00400000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_IS_STREAM_CIPHER">
+<span id="c.PSA_ALG_IS_STREAM_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_STREAM_CIPHER(alg) \</span>
+<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a stream cipher algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier or if it is not a symmetric cipher algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a stream cipher.</p>
+<p>A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.</p>
+</div>
+<div class="section" id="PSA_ALG_ARC4">
+<span id="c.PSA_ALG_ARC4"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ARC4</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ARC4  ((psa_algorithm_t)0x04800001)</span>
+</pre></div>
+</div>
+<p>The ARC4 stream cipher algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_CHACHA20">
+<span id="c.PSA_ALG_CHACHA20"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CHACHA20  ((psa_algorithm_t)0x04800005)</span>
+</pre></div>
+</div>
+<p>The ChaCha20 stream cipher.</p>
+<p>ChaCha20 is defined in RFC 7539.</p>
+<p>The nonce size for <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> must be 12.</p>
+<p>The initial block counter is always 0.</p>
+</div>
+<div class="section" id="PSA_ALG_CTR">
+<span id="c.PSA_ALG_CTR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CTR  ((psa_algorithm_t)0x04c00001)</span>
+</pre></div>
+</div>
+<p>The CTR stream cipher mode.</p>
+<p>CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type <a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and a length of 128 bits (16 bytes).</p>
+</div>
+<div class="section" id="PSA_ALG_CFB">
+<span id="c.PSA_ALG_CFB"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CFB</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CFB  ((psa_algorithm_t)0x04c00002)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_OFB">
+<span id="c.PSA_ALG_OFB"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_OFB</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_OFB  ((psa_algorithm_t)0x04c00003)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_XTS">
+<span id="c.PSA_ALG_XTS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_XTS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_XTS  ((psa_algorithm_t)0x044000ff)</span>
+</pre></div>
+</div>
+<p>The XTS cipher mode.</p>
+<p>XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks.</p>
+</div>
+<div class="section" id="PSA_ALG_CBC_NO_PADDING">
+<span id="c.PSA_ALG_CBC_NO_PADDING"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CBC_NO_PADDING  ((psa_algorithm_t)0x04600100)</span>
+</pre></div>
+</div>
+<p>The CBC block cipher chaining mode, with no padding.</p>
+<p>The underlying block cipher is determined by the key type.</p>
+<p>This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.</p>
+</div>
+<div class="section" id="PSA_ALG_CBC_PKCS7">
+<span id="c.PSA_ALG_CBC_PKCS7"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CBC_PKCS7  ((psa_algorithm_t)0x04600101)</span>
+</pre></div>
+</div>
+<p>The CBC block cipher chaining mode with PKCS#7 padding.</p>
+<p>The underlying block cipher is determined by the key type.</p>
+<p>This is the padding method defined by PKCS#7 (RFC 2315) §10.3.</p>
+</div>
+<div class="section" id="PSA_ALG_AEAD_FROM_BLOCK_FLAG">
+<span id="c.PSA_ALG_AEAD_FROM_BLOCK_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_FROM_BLOCK_FLAG  ((psa_algorithm_t)0x00400000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">
+<span id="c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \</span>
+<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an AEAD algorithm which is an AEAD mode based on a block cipher, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is an AEAD mode on a block cipher.</p>
+</div>
+<div class="section" id="PSA_ALG_CCM">
+<span id="c.PSA_ALG_CCM"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CCM  ((psa_algorithm_t)0x06401001)</span>
+</pre></div>
+</div>
+<p>The CCM authenticated encryption algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_GCM">
+<span id="c.PSA_ALG_GCM"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_GCM  ((psa_algorithm_t)0x06401002)</span>
+</pre></div>
+</div>
+<p>The GCM authenticated encryption algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_CHACHA20_POLY1305">
+<span id="c.PSA_ALG_CHACHA20_POLY1305"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CHACHA20_POLY1305  ((psa_algorithm_t)0x06001005)</span>
+</pre></div>
+</div>
+<p>The Chacha20-Poly1305 AEAD algorithm.</p>
+<p>The ChaCha20_Poly1305 construction is defined in RFC 7539.</p>
+<p>Implementations must support 12-byte nonces, may support 8-byte nonces, and should reject other sizes.</p>
+<p>Implementations must support 16-byte tags and should reject other sizes.</p>
+</div>
+<div class="section" id="PSA_ALG_AEAD_TAG_LENGTH_MASK">
+<span id="c.PSA_ALG_AEAD_TAG_LENGTH_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_TAG_LENGTH_MASK  ((psa_algorithm_t)0x00003f00)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_AEAD_TAG_LENGTH_OFFSET">
+<span id="c.PSA_AEAD_TAG_LENGTH_OFFSET"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_TAG_LENGTH_OFFSET  8</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_AEAD_WITH_TAG_LENGTH">
+<span id="c.PSA_ALG_AEAD_WITH_TAG_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \</span>
+<span class="cp">    (((aead_alg) &amp; ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | ((tag_length) &lt;&lt; PSA_AEAD_TAG_LENGTH_OFFSET &amp; PSA_ALG_AEAD_TAG_LENGTH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">aead_alg</span></code></dt>
+<dd>An AEAD algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">tag_length</span></code></dt>
+<dd>Desired length of the authentication tag in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding AEAD algorithm with the specified length.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported AEAD algorithm or if <code class="docutils literal notranslate"><span class="pre">tag_length</span></code> is not valid for the specified AEAD algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build a shortened AEAD algorithm.</p>
+<p>A shortened AEAD algorithm is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length may affect the calculation of the ciphertext.</p>
+</div>
+<div class="section" id="PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH">
+<span id="c.PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \</span>
+<span class="cp">    ( PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">aead_alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding AEAD algorithm with the default tag length for that algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Calculate the corresponding AEAD algorithm with the default tag length.</p>
+</div>
+<div class="section" id="PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE">
+<span id="c.PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref) \</span>
+<span class="cp">    PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? ref :</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">aead_alg</span></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ref</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_BASE">
+<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE  ((psa_algorithm_t)0x10020000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN">
+<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding RSA PKCS#1 v1.5 signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>RSA PKCS#1 v1.5 signature with hashing.</p>
+<p>This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.</p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">
+<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW  PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span>
+</pre></div>
+</div>
+<p>Raw PKCS#1 v1.5 signature.</p>
+<p>The input to this algorithm is the DigestInfo structure used by RFC 8017 (PKCS#1: RSA Cryptography Specifications), §9.2 steps 3–6.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RSA_PKCS1V15_SIGN">
+<span id="c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \</span>
+<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PSS_BASE">
+<span id="c.PSA_ALG_RSA_PSS_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PSS_BASE  ((psa_algorithm_t)0x10030000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_RSA_PSS">
+<span id="c.PSA_ALG_RSA_PSS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PSS(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding RSA PSS signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>RSA PSS signature with hashing.</p>
+<p>This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RSA_PSS">
+<span id="c.PSA_ALG_IS_RSA_PSS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RSA_PSS(alg) \</span>
+<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_ECDSA_BASE">
+<span id="c.PSA_ALG_ECDSA_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA_BASE  ((psa_algorithm_t)0x10060000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_ECDSA">
+<span id="c.PSA_ALG_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding ECDSA signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>ECDSA signature with hashing.</p>
+<p>This is the ECDSA signature scheme defined by ANSI X9.62, with a random per-message secret number (<em>k</em>).</p>
+<p>The representation of the signature as a byte string consists of the concatentation of the signature values <em>r</em> and <em>s</em>. Each of <em>r</em> and <em>s</em> is encoded as an <em>N</em>-octet string, where <em>N</em> is the length of the base point of the curve in octets. Each value is represented in big-endian order (most significant octet first).</p>
+</div>
+<div class="section" id="PSA_ALG_ECDSA_ANY">
+<span id="c.PSA_ALG_ECDSA_ANY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA_ANY  PSA_ALG_ECDSA_BASE</span>
+</pre></div>
+</div>
+<p>ECDSA signature without hashing.</p>
+<p>This is the same signature scheme as <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA()</span></code></a>, but without specifying a hash algorithm. This algorithm may only be used to sign or verify a sequence of bytes that should be an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size.</p>
+</div>
+<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA_BASE">
+<span id="c.PSA_ALG_DETERMINISTIC_ECDSA_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_DETERMINISTIC_ECDSA_BASE  ((psa_algorithm_t)0x10070000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA">
+<span id="c.PSA_ALG_DETERMINISTIC_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding deterministic ECDSA signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Deterministic ECDSA signature with hashing.</p>
+<p>This is the deterministic ECDSA signature scheme defined by RFC 6979.</p>
+<p>The representation of a signature is the same as with <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA()</span></code></a>.</p>
+<p>Note that when this algorithm is used for verification, signatures made with randomized ECDSA (<a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>)) with the same private key are accepted. In other words, <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) differs from <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) only for signature, not for verification.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_ECDSA">
+<span id="c.PSA_ALG_IS_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_ECDSA(alg) \</span>
+<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == PSA_ALG_ECDSA_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_ECDSA_IS_DETERMINISTIC">
+<span id="c.PSA_ALG_ECDSA_IS_DETERMINISTIC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_IS_DETERMINISTIC_ECDSA">
+<span id="c.PSA_ALG_IS_DETERMINISTIC_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_IS_RANDOMIZED_ECDSA">
+<span id="c.PSA_ALG_IS_RANDOMIZED_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_IS_HASH_AND_SIGN">
+<span id="c.PSA_ALG_IS_HASH_AND_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HASH_AND_SIGN(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_ECDSA(alg))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a hash-and-sign algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a hash-and-sign algorithm.</p>
+<p>Hash-and-sign algorithms are public-key signature algorithms structured in two parts: first the calculation of a hash in a way that does not depend on the key, then the calculation of a signature from the hash value and the key.</p>
+</div>
+<div class="section" id="PSA_ALG_SIGN_GET_HASH">
+<span id="c.PSA_ALG_SIGN_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SIGN_GET_HASH(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_HASH_AND_SIGN(alg) ? ((alg) &amp; PSA_ALG_HASH_MASK) == 0 ? </span><span class="cm">/*&quot;raw&quot; algorithm*/</span><span class="cp"> 0 : ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>A signature algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The underlying hash algorithm if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a hash-and-sign algorithm.</p>
+<p>0 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a signature algorithm that does not follow the hash-and-sign structure.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a signature algorithm or if it is not supported by the implementation.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Get the hash used by a hash-and-sign signature algorithm.</p>
+<p>A hash-and-sign algorithm is a signature algorithm which is composed of two phases: first a hashing phase which does not use the key and produces a hash of the input message, then a signing phase which only uses the hash and the key and not the message itself.</p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_CRYPT">
+<span id="c.PSA_ALG_RSA_PKCS1V15_CRYPT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_CRYPT  ((psa_algorithm_t)0x12020000)</span>
+</pre></div>
+</div>
+<p>RSA PKCS#1 v1.5 encryption.</p>
+</div>
+<div class="section" id="PSA_ALG_RSA_OAEP_BASE">
+<span id="c.PSA_ALG_RSA_OAEP_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_OAEP_BASE  ((psa_algorithm_t)0x12030000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_RSA_OAEP">
+<span id="c.PSA_ALG_RSA_OAEP"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_OAEP(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>The hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true) to use for MGF1.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding RSA OAEP signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>RSA OAEP encryption.</p>
+<p>This is the encryption scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RSA_OAEP">
+<span id="c.PSA_ALG_IS_RSA_OAEP"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RSA_OAEP(alg) \</span>
+<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_RSA_OAEP_GET_HASH">
+<span id="c.PSA_ALG_RSA_OAEP_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_OAEP_GET_HASH(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_RSA_OAEP(alg) ? ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_HKDF_BASE">
+<span id="c.PSA_ALG_HKDF_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HKDF_BASE  ((psa_algorithm_t)0x20000100)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_HKDF">
+<span id="c.PSA_ALG_HKDF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HKDF(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding HKDF algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build an HKDF algorithm.</p>
+<p>For example, <code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF(PSA_ALG_SHA256)</span></code> is HKDF using HMAC-SHA-256.</p>
+<p>This key derivation algorithm uses the following inputs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is the salt used in the “extract” step. It is optional; if omitted, the derivation uses an empty salt.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key used in the “extract” step.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> is the info string used in the “expand” step. You must pass <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> before <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>. You may pass <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> at any time after steup and before starting to generate output.</li>
+</ul>
+</div>
+<div class="section" id="PSA_ALG_IS_HKDF">
+<span id="c.PSA_ALG_IS_HKDF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HKDF(alg) \</span>
+<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an HKDF algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is an HKDF algorithm.</p>
+<p>HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.</p>
+</div>
+<div class="section" id="PSA_ALG_HKDF_GET_HASH">
+<span id="c.PSA_ALG_HKDF_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_GET_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \</span>
+<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hkdf_alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PRF_BASE">
+<span id="c.PSA_ALG_TLS12_PRF_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PRF_BASE  ((psa_algorithm_t)0x20000200)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PRF">
+<span id="c.PSA_ALG_TLS12_PRF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PRF(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding TLS-1.2 PRF algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build a TLS-1.2 PRF algorithm.</p>
+<p>TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in Section 5 of RFC 5246. It is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
+<p>This key derivation algorithm uses the following inputs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
+</ul>
+<p>For the application to TLS-1.2 key expansion, the seed is the concatenation of ServerHello.Random + ClientHello.Random, and the label is “key expansion”.</p>
+<p>For example, <code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)</span></code> represents the TLS 1.2 PRF using HMAC-SHA-256.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_TLS12_PRF">
+<span id="c.PSA_ALG_IS_TLS12_PRF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_TLS12_PRF(alg) \</span>
+<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a TLS-1.2 PRF algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a TLS-1.2 PRF algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PRF_GET_HASH">
+<span id="c.PSA_ALG_TLS12_PRF_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \</span>
+<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hkdf_alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS_BASE">
+<span id="c.PSA_ALG_TLS12_PSK_TO_MS_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS_BASE  ((psa_algorithm_t)0x20000300)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS">
+<span id="c.PSA_ALG_TLS12_PSK_TO_MS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \</span>
+<span class="cp">    (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding TLS-1.2 PSK to MS algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.</p>
+<p>In a pure-PSK handshake in TLS 1.2, the master secret is derived from the PreSharedKey (PSK) through the application of padding (RFC 4279, Section 2) and the TLS-1.2 PRF (RFC 5246, Section 5). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
+<p>This key derivation algorithm uses the following inputs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
+</ul>
+<p>For the application to TLS-1.2, the seed (which is forwarded to the TLS-1.2 PRF) is the concatenation of the ClientHello.Random + ServerHello.Random, and the label is “master secret” or “extended master secret”.</p>
+<p>For example, <code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)</span></code> represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_TLS12_PSK_TO_MS">
+<span id="c.PSA_ALG_IS_TLS12_PSK_TO_MS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \</span>
+<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a TLS-1.2 PSK to MS algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS_GET_HASH">
+<span id="c.PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \</span>
+<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">hkdf_alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_KEY_DERIVATION_MASK">
+<span id="c.PSA_ALG_KEY_DERIVATION_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_DERIVATION_MASK  ((psa_algorithm_t)0x0803ffff)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_KEY_AGREEMENT_MASK">
+<span id="c.PSA_ALG_KEY_AGREEMENT_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT_MASK  ((psa_algorithm_t)0x10fc0000)</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ALG_KEY_AGREEMENT">
+<span id="c.PSA_ALG_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg)  ((ka_alg) | (kdf_alg))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">ka_alg</span></code></dt>
+<dd>A key agreement algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">ka_alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">kdf_alg</span></code></dt>
+<dd>A key derivation algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a>(<code class="docutils literal notranslate"><span class="pre">kdf_alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The corresponding key agreement and derivation algorithm.</p>
+<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">ka_alg</span></code> is not a supported key agreement algorithm or <code class="docutils literal notranslate"><span class="pre">kdf_alg</span></code> is not a supported key derivation algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Macro to build a combined algorithm that chains a key agreement with a key derivation.</p>
+</div>
+<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_KDF">
+<span id="c.PSA_ALG_KEY_AGREEMENT_GET_KDF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_BASE">
+<span id="c.PSA_ALG_KEY_AGREEMENT_GET_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \</span>
+<span class="cp">    (((alg) &amp; PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_IS_RAW_KEY_AGREEMENT">
+<span id="c.PSA_ALG_IS_RAW_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_KEY_AGREEMENT(alg) &amp;&amp; PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a raw key agreement algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a raw key agreement algorithm.</p>
+<p>A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a <code class="docutils literal notranslate"><span class="pre">PSA_ALG_xxx</span></code> macro while non-raw key agreement algorithms are constructed with <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT">
+<span id="c.PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \</span>
+<span class="cp">    ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ALG_FFDH">
+<span id="c.PSA_ALG_FFDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_FFDH  ((psa_algorithm_t)0x30100000)</span>
+</pre></div>
+</div>
+<p>The finite-field Diffie-Hellman (DH) key agreement algorithm.</p>
+<p>The shared secret produced by key agreement is <code class="docutils literal notranslate"><span class="pre">g^{ab}</span></code> in big-endian format. It is <code class="docutils literal notranslate"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the size of the prime <code class="docutils literal notranslate"><span class="pre">p</span></code> in bits.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_FFDH">
+<span id="c.PSA_ALG_IS_FFDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_FFDH(alg) \</span>
+<span class="cp">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a finite field Diffie-Hellman algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is a finite field Diffie-Hellman algorithm.</p>
+<p>This includes the raw finite field Diffie-Hellman algorithm as well as finite-field Diffie-Hellman followed by any supporter key derivation algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_ECDH">
+<span id="c.PSA_ALG_ECDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDH  ((psa_algorithm_t)0x30200000)</span>
+</pre></div>
+</div>
+<p>The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.</p>
+<p>The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always <code class="docutils literal notranslate"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. When <code class="docutils literal notranslate"><span class="pre">m</span></code> is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.</p>
+<ul class="simple">
+<li>For Montgomery curves (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVEXXX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal notranslate"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519.</li>
+<li>For Weierstrass curves over prime fields (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECPXXX</span></code> and <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_PXXX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal notranslate"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal notranslate"><span class="pre">m</span> <span class="pre">=</span> <span class="pre">ceiling(log_2(p))</span></code> for the field <code class="docutils literal notranslate"><span class="pre">F_p</span></code>.</li>
+<li>For Weierstrass curves over binary fields (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECTXXX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal notranslate"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal notranslate"><span class="pre">m</span></code> for the field <code class="docutils literal notranslate"><span class="pre">F_{2^m}</span></code>.</li>
+</ul>
+</div>
+<div class="section" id="PSA_ALG_IS_ECDH">
+<span id="c.PSA_ALG_IS_ECDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_ECDH(alg) \</span>
+<span class="cp">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an elliptic curve Diffie-Hellman algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.</p>
+<p>This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_WILDCARD">
+<span id="c.PSA_ALG_IS_WILDCARD"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_WILDCARD(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_HASH_AND_SIGN(alg) ? PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : (alg) == PSA_ALG_ANY_HASH)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a wildcard algorithm encoding.</p>
+<p>0 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a non-wildcard algorithm encoding (suitable for an operation).</p>
+<p>This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Whether the specified algorithm encoding is a wildcard.</p>
+<p>Wildcard values may only be used to set the usage algorithm field in a policy, not to perform an operation.</p>
+</div>
+</div>
+<div class="section" id="key-lifetimes">
+<h1>Key lifetimes</h1>
+<div class="section" id="psa_key_lifetime_t">
+<span id="c.psa_key_lifetime_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_lifetime_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Encoding of key lifetimes.</p>
+<p>The lifetime of a key indicates where it is stored and what system actions may create and destroy it.</p>
+<p>Keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are automatically destroyed when the application terminates or on a power reset.</p>
+<p>Keys with a lifetime other than <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are said to be <em>persistent</em>. Persistent keys are preserved if the application or the system restarts. Persistent keys have a key identifier of type <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_id_t</span></code></a>. The application can call <a class="reference internal" href="#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key()</span></code></a> to open a persistent key that it created previously.</p>
+</div>
+<div class="section" id="psa_key_id_t">
+<span id="c.psa_key_id_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_id_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Encoding of identifiers of persistent keys.</p>
+<ul class="simple">
+<li>Applications may freely choose key identifiers in the range <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a> to <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a>.</li>
+<li>Implementations may define additional key identifiers in the range <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a> to <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a>.</li>
+<li>0 is reserved as an invalid key identifier.</li>
+<li>Key identifiers outside these ranges are reserved for future use.</li>
+</ul>
+</div>
+<div class="section" id="PSA_KEY_LIFETIME_VOLATILE">
+<span id="c.PSA_KEY_LIFETIME_VOLATILE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_LIFETIME_VOLATILE  ((psa_key_lifetime_t)0x00000000)</span>
+</pre></div>
+</div>
+<p>A volatile key only exists as long as the handle to it is not closed.</p>
+<p>The key material is guaranteed to be erased on a power reset.</p>
+</div>
+<div class="section" id="PSA_KEY_LIFETIME_PERSISTENT">
+<span id="c.PSA_KEY_LIFETIME_PERSISTENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_LIFETIME_PERSISTENT  ((psa_key_lifetime_t)0x00000001)</span>
+</pre></div>
+</div>
+<p>The default storage area for persistent keys.</p>
+<p>A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area, but implementations may provide their own mechanism (for example to perform a factory reset, to prepare for device refurbishment, or to uninstall an application).</p>
+<p>This lifetime value is the default storage area for the calling application. Implementations may offer other storage areas designated by other lifetime values as implementation-specific extensions.</p>
+</div>
+<div class="section" id="PSA_KEY_ID_USER_MIN">
+<span id="c.PSA_KEY_ID_USER_MIN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_USER_MIN  ((psa_key_id_t)0x00000001)</span>
+</pre></div>
+</div>
+<p>The minimum value for a key identifier chosen by the application.</p>
+</div>
+<div class="section" id="PSA_KEY_ID_USER_MAX">
+<span id="c.PSA_KEY_ID_USER_MAX"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_USER_MAX  ((psa_key_id_t)0x3fffffff)</span>
+</pre></div>
+</div>
+<p>The maximum value for a key identifier chosen by the application.</p>
+</div>
+<div class="section" id="PSA_KEY_ID_VENDOR_MIN">
+<span id="c.PSA_KEY_ID_VENDOR_MIN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_VENDOR_MIN  ((psa_key_id_t)0x40000000)</span>
+</pre></div>
+</div>
+<p>The minimum value for a key identifier chosen by the implementation.</p>
+</div>
+<div class="section" id="PSA_KEY_ID_VENDOR_MAX">
+<span id="c.PSA_KEY_ID_VENDOR_MAX"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_VENDOR_MAX  ((psa_key_id_t)0x7fffffff)</span>
+</pre></div>
+</div>
+<p>The maximum value for a key identifier chosen by the implementation.</p>
+</div>
+</div>
+<div class="section" id="key-policies">
+<h1>Key policies</h1>
+<div class="section" id="psa_key_usage_t">
+<span id="c.psa_key_usage_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_usage_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Encoding of permitted usage on a key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_EXPORT">
+<span id="c.PSA_KEY_USAGE_EXPORT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_EXPORT  ((psa_key_usage_t)0x00000001)</span>
+</pre></div>
+</div>
+<p>Whether the key may be exported.</p>
+<p>A public key or the public part of a key pair may always be exported regardless of the value of this permission flag.</p>
+<p>If a key does not have export permission, implementations shall not allow the key to be exported in plain form from the cryptoprocessor, whether through <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or through a proprietary interface. The key may however be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_COPY">
+<span id="c.PSA_KEY_USAGE_COPY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_COPY  ((psa_key_usage_t)0x00000002)</span>
+</pre></div>
+</div>
+<p>Whether the key may be copied.</p>
+<p>This flag allows the use of <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a> to make a copy of the key with the same policy or a more restrictive policy.</p>
+<p>For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>. Copying the key inside the secure element is permitted with just <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> if the secure element supports it. For keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> is sufficient to permit the copy.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_ENCRYPT">
+<span id="c.PSA_KEY_USAGE_ENCRYPT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_ENCRYPT  ((psa_key_usage_t)0x00000100)</span>
+</pre></div>
+</div>
+<p>Whether the key may be used to encrypt a message.</p>
+<p>This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key’s type and policy.</p>
+<p>For a key pair, this concerns the public key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_DECRYPT">
+<span id="c.PSA_KEY_USAGE_DECRYPT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_DECRYPT  ((psa_key_usage_t)0x00000200)</span>
+</pre></div>
+</div>
+<p>Whether the key may be used to decrypt a message.</p>
+<p>This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key’s type and policy.</p>
+<p>For a key pair, this concerns the private key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_SIGN">
+<span id="c.PSA_KEY_USAGE_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_SIGN  ((psa_key_usage_t)0x00000400)</span>
+</pre></div>
+</div>
+<p>Whether the key may be used to sign a message.</p>
+<p>This flag allows the key to be used for a MAC calculation operation or for an asymmetric signature operation, if otherwise permitted by the key’s type and policy.</p>
+<p>For a key pair, this concerns the private key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_VERIFY">
+<span id="c.PSA_KEY_USAGE_VERIFY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_VERIFY  ((psa_key_usage_t)0x00000800)</span>
+</pre></div>
+</div>
+<p>Whether the key may be used to verify a message signature.</p>
+<p>This flag allows the key to be used for a MAC verification operation or for an asymmetric signature verification operation, if otherwise permitted by by the key’s type and policy.</p>
+<p>For a key pair, this concerns the public key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_DERIVE">
+<span id="c.PSA_KEY_USAGE_DERIVE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_DERIVE  ((psa_key_usage_t)0x00001000)</span>
+</pre></div>
+</div>
+<p>Whether the key may be used to derive other keys.</p>
+</div>
+</div>
+<div class="section" id="key-derivation">
+<h1>Key derivation</h1>
+<div class="section" id="psa_key_derivation_step_t">
+<span id="c.psa_key_derivation_step_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_step_t</span></code> (type)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint16_t</span> <span class="n">psa_key_derivation_step_t</span><span class="p">;</span>
+</pre></div>
+</div>
+<p>Encoding of the step of a key derivation.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_SECRET">
+<span id="c.PSA_KEY_DERIVATION_INPUT_SECRET"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_SECRET  ((psa_key_derivation_step_t)0x0101)</span>
+</pre></div>
+</div>
+<p>A secret input for key derivation.</p>
+<p>This must be a key of type <a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_LABEL">
+<span id="c.PSA_KEY_DERIVATION_INPUT_LABEL"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_LABEL  ((psa_key_derivation_step_t)0x0201)</span>
+</pre></div>
+</div>
+<p>A label for key derivation.</p>
+<p>This must be a direct input.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_SALT">
+<span id="c.PSA_KEY_DERIVATION_INPUT_SALT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_SALT  ((psa_key_derivation_step_t)0x0202)</span>
+</pre></div>
+</div>
+<p>A salt for key derivation.</p>
+<p>This must be a direct input.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_INFO">
+<span id="c.PSA_KEY_DERIVATION_INPUT_INFO"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_INFO  ((psa_key_derivation_step_t)0x0203)</span>
+</pre></div>
+</div>
+<p>An information string for key derivation.</p>
+<p>This must be a direct input.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_SEED">
+<span id="c.PSA_KEY_DERIVATION_INPUT_SEED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_SEED  ((psa_key_derivation_step_t)0x0204)</span>
+</pre></div>
+</div>
+<p>A seed for key derivation.</p>
+<p>This must be a direct input.</p>
+</div>
+</div>
+<div class="section" id="other-definitions">
+<h1>Other definitions</h1>
+<div class="section" id="PSA_BITS_TO_BYTES">
+<span id="c.PSA_BITS_TO_BYTES"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_BITS_TO_BYTES</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_BITS_TO_BYTES(bits)  (((bits) + 7) / 8)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_BYTES_TO_BITS">
+<span id="c.PSA_BYTES_TO_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_BYTES_TO_BITS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_BYTES_TO_BITS(bytes)  ((bytes) * 8)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">bytes</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ROUND_UP_TO_MULTIPLE">
+<span id="c.PSA_ROUND_UP_TO_MULTIPLE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \</span>
+<span class="cp">    (((length) + (block_size) - 1) / (block_size) * (block_size))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">block_size</span></code></dt>
+<dd></dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">length</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_HASH_SIZE">
+<span id="c.PSA_HASH_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HASH_SIZE(alg) \</span>
+<span class="cp">    ( PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true), or an HMAC algorithm (<a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is a hash algorithm).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The hash size for the specified hash algorithm. If the hash algorithm is not recognized, return 0. An implementation may return either 0 or the correct size for a hash algorithm that it recognizes, but does not support.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The size of the output of <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>, in bytes.</p>
+<p>This is also the hash size that <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> expects.</p>
+</div>
+<div class="section" id="PSA_HASH_MAX_SIZE">
+<span id="c.PSA_HASH_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HASH_MAX_SIZE  64</span>
+</pre></div>
+</div>
+<p>Maximum size of a hash.</p>
+<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a hash supported by the implementation, in bytes, and must be no smaller than this maximum.</p>
+</div>
+<div class="section" id="PSA_HMAC_MAX_HASH_BLOCK_SIZE">
+<span id="c.PSA_HMAC_MAX_HASH_BLOCK_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HMAC_MAX_HASH_BLOCK_SIZE  128</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_MAC_MAX_SIZE">
+<span id="c.PSA_MAC_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_MAX_SIZE  PSA_HASH_MAX_SIZE</span>
+</pre></div>
+</div>
+<p>Maximum size of a MAC.</p>
+<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum.</p>
+</div>
+<div class="section" id="PSA_AEAD_TAG_LENGTH">
+<span id="c.PSA_AEAD_TAG_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_TAG_LENGTH(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_AEAD(alg) ? (((alg) &amp; PSA_ALG_AEAD_TAG_LENGTH_MASK) &gt;&gt; PSA_AEAD_TAG_LENGTH_OFFSET) : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The tag size for the specified algorithm. If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return 0. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The tag size for an AEAD algorithm, in bytes.</p>
+</div>
+<div class="section" id="PSA_VENDOR_RSA_MAX_KEY_BITS">
+<span id="c.PSA_VENDOR_RSA_MAX_KEY_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_VENDOR_RSA_MAX_KEY_BITS  4096</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_VENDOR_ECC_MAX_CURVE_BITS">
+<span id="c.PSA_VENDOR_ECC_MAX_CURVE_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_VENDOR_ECC_MAX_CURVE_BITS  521</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="PSA_ECC_CURVE_BITS">
+<span id="c.PSA_ECC_CURVE_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BITS</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BITS(curve)  </span><span class="cm">/*...*/</span><span class="cp"></span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">curve</span></code></dt>
+<dd>An elliptic curve (value of type <a class="reference internal" href="#c.psa_ecc_curve_t" title="psa_ecc_curve_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code></a>).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The size associated with <code class="docutils literal notranslate"><span class="pre">curve</span></code>, in bits. This may be 0 if the implementation does not support the specified curve.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Bit size associated with an elliptic curve.</p>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN">
+<span id="c.PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN  128</span>
+</pre></div>
+</div>
+<p>This macro returns the maximum length of the PSK supported by the TLS-1.2 PSK-to-MS key derivation.</p>
+<p>Quoting RFC 4279, Sect 5.3: TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.</p>
+<p>Therefore, no implementation should define a value smaller than 64 for <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN" title="PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE">
+<span id="c.PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \</span>
+<span class="cp">    PSA_BITS_TO_BYTES( PSA_VENDOR_RSA_MAX_KEY_BITS &gt; PSA_VENDOR_ECC_MAX_CURVE_BITS ? PSA_VENDOR_RSA_MAX_KEY_BITS : PSA_VENDOR_ECC_MAX_CURVE_BITS )</span>
+</pre></div>
+</div>
+<p>Maximum size of an asymmetric signature.</p>
+<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum.</p>
+</div>
+<div class="section" id="PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE">
+<span id="c.PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE  16</span>
+</pre></div>
+</div>
+<p>The maximum size of a block cipher supported by the implementation.</p>
+</div>
+<div class="section" id="PSA_MAC_FINAL_SIZE">
+<span id="c.PSA_MAC_FINAL_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \</span>
+<span class="cp">    ((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : ((void)(key_type), (void)(key_bits), 0))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
+<dd>The type of the MAC key.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the MAC key in bits.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>A MAC algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The MAC size for the specified algorithm with the specified key parameters.</p>
+<p>0 if the MAC algorithm is not recognized.</p>
+<p>Either 0 or the correct size for a MAC algorithm that the implementation recognizes, but does not support.</p>
+<p>Unspecified if the key parameters are not consistent with the algorithm.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The size of the output of <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a>, in bytes.</p>
+<p>This is also the MAC size that <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> expects.</p>
+</div>
+<div class="section" id="PSA_AEAD_ENCRYPT_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \</span>
+<span class="cp">    (PSA_AEAD_TAG_LENGTH(alg) != 0 ? (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of the plaintext in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The maximum size of the output of <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt()</span></code></a>, in bytes.</p>
+<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext may be smaller.</p>
+</div>
+<div class="section" id="PSA_AEAD_DECRYPT_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \</span>
+<span class="cp">    (PSA_AEAD_TAG_LENGTH(alg) != 0 ? (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
+<dd>Size of the plaintext in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>The maximum size of the output of <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt()</span></code></a>, in bytes.</p>
+<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext may be smaller.</p>
+</div>
+<div class="section" id="PSA_AEAD_UPDATE_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_UPDATE_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \</span>
+<span class="cp">    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : (input_length))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>A sufficient output buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output may be smaller in any given call.</p>
+</div>
+<div class="section" id="PSA_AEAD_FINISH_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_FINISH_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>A sufficient ciphertext buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>.</p>
+<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a> will not fail due to an insufficient ciphertext buffer size. The actual size of the output may be smaller in any given call.</p>
+</div>
+<div class="section" id="PSA_AEAD_VERIFY_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_VERIFY_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>A sufficient plaintext buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a>.</p>
+<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> will not fail due to an insufficient plaintext buffer size. The actual size of the output may be smaller in any given call.</p>
+</div>
+<div class="section" id="PSA_RSA_MINIMUM_PADDING_SIZE">
+<span id="c.PSA_RSA_MINIMUM_PADDING_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \</span>
+<span class="cp">    (PSA_ALG_IS_RSA_OAEP(alg) ? 2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : 11 </span><span class="cm">/*PKCS#1v1.5*/</span><span class="cp">)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_ECDSA_SIGNATURE_SIZE">
+<span id="c.PSA_ECDSA_SIGNATURE_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \</span>
+<span class="cp">    (PSA_BITS_TO_BYTES(curve_bits) * 2)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">curve_bits</span></code></dt>
+<dd>Curve size in bits.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>Signature size in bytes.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>ECDSA signature size for a given curve bit size.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This macro returns a compile-time constant if its argument is one.</p>
+</div>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE">
+<span id="c.PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \</span>
+<span class="cp">    (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : ((void)alg, 0))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
+<dd>An asymmetric key type (this may indifferently be a key pair type or a public key type).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The signature algorithm.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Sufficient signature buffer size for <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a>.</p>
+<p>This macro returns a sufficient buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature may be smaller (some algorithms produce a variable-size signature).</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
+</div>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE">
+<span id="c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \</span>
+<span class="cp">    (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
+<dd>An asymmetric key type (this may indifferently be a key pair type or a public key type).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The signature algorithm.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt()</span></code></a>.</p>
+<p>This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
+</div>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">
+<span id="c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \</span>
+<span class="cp">    (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
+<dd>An asymmetric key type (this may indifferently be a key pair type or a public key type).</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
+<dd>The signature algorithm.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt()</span></code></a>.</p>
+<p>This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
+</div>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits)  ((bits) / 8 + 5)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \</span>
+<span class="cp">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \</span>
+<span class="cp">    (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \</span>
+<span class="cp">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \</span>
+<span class="cp">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \</span>
+<span class="cp">    (2 * PSA_BITS_TO_BYTES(key_bits) + 1)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \</span>
+<span class="cp">    (PSA_BITS_TO_BYTES(key_bits))</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd></dd>
+</dl>
+<p class="subitem-title"><strong>Description:</strong></p>
+</div>
+<div class="section" id="PSA_KEY_EXPORT_MAX_SIZE">
+<span id="c.PSA_KEY_EXPORT_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code> (macro)</h2>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \</span>
+<span class="cp">    (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : 0)</span>
+</pre></div>
+</div>
+<p class="subitem-title"><strong>Parameters:</strong> </p>
+<dl class="docutils">
+<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
+<dd>A supported key type.</dd>
+<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+</dl>
+<p class="subitem-title"><strong>Returns:</strong> </p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
+<p class="subitem-title"><strong>Description:</strong></p>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</p>
+<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
+</div>
+<p>The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="n">PSA_KEY_ATTRIBUTES_INIT</span><span class="p">;</span>
+<span class="n">psa_status_t</span> <span class="n">status</span><span class="p">;</span>
+<span class="n">status</span> <span class="o">=</span> <span class="n">psa_get_key_attributes</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
+<span class="n">psa_key_type_t</span> <span class="n">key_type</span> <span class="o">=</span> <span class="n">psa_get_key_type</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="kt">size_t</span> <span class="n">key_bits</span> <span class="o">=</span> <span class="n">psa_get_key_bits</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="kt">size_t</span> <span class="n">buffer_size</span> <span class="o">=</span> <span class="n">PSA_KEY_EXPORT_MAX_SIZE</span><span class="p">(</span><span class="n">key_type</span><span class="p">,</span> <span class="n">key_bits</span><span class="p">);</span>
+<span class="n">psa_reset_key_attributes</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="n">buffer_size</span><span class="p">);</span>
+<span class="k">if</span> <span class="p">(</span><span class="n">buffer</span> <span class="o">==</span> <span class="nb">NULL</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
+<span class="kt">size_t</span> <span class="n">buffer_length</span><span class="p">;</span>
+<span class="n">status</span> <span class="o">=</span> <span class="n">psa_export_key</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">buffer</span><span class="p">,</span> <span class="n">buffer_size</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">buffer_length</span><span class="p">);</span>
+<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
+</pre></div>
+</div>
+<p>For <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>, calculate the buffer size from the public key type. You can use the macro <a class="reference internal" href="#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a> to convert a key pair type to the corresponding public key type.</p>
+<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="n">PSA_KEY_ATTRIBUTES_INIT</span><span class="p">;</span>
+<span class="n">psa_status_t</span> <span class="n">status</span><span class="p">;</span>
+<span class="n">status</span> <span class="o">=</span> <span class="n">psa_get_key_attributes</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
+<span class="n">psa_key_type_t</span> <span class="n">key_type</span> <span class="o">=</span> <span class="n">psa_get_key_type</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="n">psa_key_type_t</span> <span class="n">public_key_type</span> <span class="o">=</span> <span class="n">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span><span class="p">(</span><span class="n">key_type</span><span class="p">);</span>
+<span class="kt">size_t</span> <span class="n">key_bits</span> <span class="o">=</span> <span class="n">psa_get_key_bits</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="kt">size_t</span> <span class="n">buffer_size</span> <span class="o">=</span> <span class="n">PSA_KEY_EXPORT_MAX_SIZE</span><span class="p">(</span><span class="n">public_key_type</span><span class="p">,</span> <span class="n">key_bits</span><span class="p">);</span>
+<span class="n">psa_reset_key_attributes</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
+<span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="n">buffer_size</span><span class="p">);</span>
+<span class="k">if</span> <span class="p">(</span><span class="n">buffer</span> <span class="o">==</span> <span class="nb">NULL</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
+<span class="kt">size_t</span> <span class="n">buffer_length</span><span class="p">;</span>
+<span class="n">status</span> <span class="o">=</span> <span class="n">psa_export_public_key</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">buffer</span><span class="p">,</span> <span class="n">buffer_size</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">buffer_length</span><span class="p">);</span>
+<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
+</pre></div>
+</div>
+</div>
+</div>
+
+
+          </div>
+          
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
+
+
+
+
+
+
+
+
+<h3>Navigation</h3>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">Implementation-specific definitions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_handle_t"><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> (type)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#library-initialization">Library initialization</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_crypto_init"><code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-attributes">Key attributes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_attributes_t"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_attributes_init"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_id"><code class="docutils literal notranslate"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_id"><code class="docutils literal notranslate"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_type"><code class="docutils literal notranslate"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_type"><code class="docutils literal notranslate"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_reset_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-management">Key management</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_open_key"><code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_close_key"><code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-import-and-export">Key import and export</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_import_key"><code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_destroy_key"><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_export_key"><code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_export_public_key"><code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_copy_key"><code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#message-digests">Message digests</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_HASH_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_compute"><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_compare"><code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_setup"><code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_update"><code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_finish"><code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_verify"><code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_abort"><code class="docutils literal notranslate"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_hash_clone"><code class="docutils literal notranslate"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#message-authentication-codes">Message authentication codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_compute"><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_verify"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_sign_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_verify_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_update"><code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_sign_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_verify_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_mac_abort"><code class="docutils literal notranslate"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#symmetric-ciphers">Symmetric ciphers</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_generate_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_set_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_update"><code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_finish"><code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_abort"><code class="docutils literal notranslate"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_generate_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_set_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_set_lengths"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_update_ad"><code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_update"><code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_finish"><code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_verify"><code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_aead_abort"><code class="docutils literal notranslate"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#asymmetric-cryptography">Asymmetric cryptography</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_sign"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_verify"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_setup"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_get_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_set_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_input_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_input_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_output_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_output_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_abort"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_raw_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#random-generation">Random generation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_generate_random"><code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_generate_key"><code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#error-codes">Error codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-and-algorithm-types">Key and algorithm types</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_type_t"><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_ecc_curve_t"><code class="docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_dh_group_t"><code class="docutils literal notranslate"><span class="pre">psa_dh_group_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_algorithm_t"><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_NONE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_SYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_AES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_CURVE_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_GET_CURVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT163K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT163R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT163R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT193R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT193R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT233K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT233R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT239K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT283K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT283R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT409K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT409R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT571K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT571R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP160K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP160R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP160R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP192K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP192R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP224K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP224R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP256K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP521R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BRAINPOOL_P256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BRAINPOOL_P384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BRAINPOOL_P512R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_CURVE25519"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_CURVE448"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_GROUP_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_GET_GROUP"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE2048"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE3072"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE4096"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE6144"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE8192"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HASH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HASH_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MD2"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MD4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MD5"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RIPEMD160"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_1"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_512_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_512_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ANY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MAC_SUBCATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HMAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HMAC_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MAC_TRUNCATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_TRUNCATION_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_TRUNCATED_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CIPHER_MAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CBC_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_GMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CIPHER_STREAM_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CIPHER_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ARC4</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CTR"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_OFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_XTS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CBC_PKCS7"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_GCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_TAG_LENGTH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_TAG_LENGTH_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_WITH_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"><code class="docutils literal notranslate"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PSS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA_ANY"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_DETERMINISTIC_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA_IS_DETERMINISTIC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SIGN_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_OAEP_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_OAEP_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HKDF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HKDF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PRF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PRF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_DERIVATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_WILDCARD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-lifetimes">Key lifetimes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_lifetime_t"><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_id_t"><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_USER_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_USER_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-policies">Key policies</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_usage_t"><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_EXPORT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_COPY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_VERIFY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#key-derivation">Key derivation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_step_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#other-definitions">Other definitions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_BITS_TO_BYTES"><code class="docutils literal notranslate"><span class="pre">PSA_BITS_TO_BYTES</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_BYTES_TO_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_BYTES_TO_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ROUND_UP_TO_MULTIPLE"><code class="docutils literal notranslate"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_HASH_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_HASH_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_HMAC_MAX_HASH_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_VENDOR_RSA_MAX_KEY_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_VENDOR_ECC_MAX_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_FINAL_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_RSA_MINIMUM_PADDING_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ECDSA_SIGNATURE_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="general.html" title="previous chapter">Introduction</a></li>
+  </ul></li>
+</ul>
+</div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <div class="searchformwrapper">
+    <form class="search" action="search.html" method="get">
+      <input type="text" name="q" />
+      <input type="submit" value="Go" />
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+    </div>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+
+
+
+
+
+
+
+
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy;2019, Arm.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      
+      |
+      <a href="_sources/from_doxygen.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/functions.html b/docs/html/functions.html
deleted file mode 100644
index d4f8c35..0000000
--- a/docs/html/functions.html
+++ /dev/null
@@ -1,105 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Class Members</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li class="current"><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="annotated.html"><span>Class&#160;List</span></a></li>
-      <li><a href="classes.html"><span>Class&#160;Index</span></a></li>
-      <li class="current"><a href="functions.html"><span>Class&#160;Members</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow3" class="tabs2">
-    <ul class="tablist">
-      <li class="current"><a href="functions.html"><span>All</span></a></li>
-      <li><a href="functions_vars.html"><span>Variables</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="contents">
-<div class="textblock">Here is a list of all documented class members with links to the class documentation for each member:</div><ul>
-<li>e
-: <a class="el" href="structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d">psa_generate_key_extra_rsa</a>
-</li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/functions_vars.html b/docs/html/functions_vars.html
deleted file mode 100644
index 8f82460..0000000
--- a/docs/html/functions_vars.html
+++ /dev/null
@@ -1,105 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Class Members - Variables</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li class="current"><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="annotated.html"><span>Class&#160;List</span></a></li>
-      <li><a href="classes.html"><span>Class&#160;Index</span></a></li>
-      <li class="current"><a href="functions.html"><span>Class&#160;Members</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow3" class="tabs2">
-    <ul class="tablist">
-      <li><a href="functions.html"><span>All</span></a></li>
-      <li class="current"><a href="functions_vars.html"><span>Variables</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="contents">
-&#160;<ul>
-<li>e
-: <a class="el" href="structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d">psa_generate_key_extra_rsa</a>
-</li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/general.html b/docs/html/general.html
new file mode 100644
index 0000000..0a76f6d
--- /dev/null
+++ b/docs/html/general.html
@@ -0,0 +1,1456 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Introduction &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript" src="_static/jquery.js"></script>
+    <script type="text/javascript" src="_static/underscore.js"></script>
+    <script type="text/javascript" src="_static/doctools.js"></script>
+    <script type="text/javascript" src="_static/language_data.js"></script>
+    <link rel="index" title="Index" href="genindex.html" />
+    <link rel="search" title="Search" href="search.html" />
+    <link rel="next" title="Implementation-specific definitions" href="from_doxygen.html" />
+    <link rel="prev" title="PSA Cryptography API Specification" href="index.html" />
+   
+  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
+  
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head><body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          
+
+          <div class="body" role="main">
+            
+  <div class="section" id="introduction">
+<h1>Introduction</h1>
+<p>Arm’s Platform Security Architecture (PSA) is a holistic set of threat
+models, security analyses, hardware and firmware architecture
+specifications, and an open source firmware reference implementation.
+PSA provides a recipe, based on industry best practice, that allows
+security to be consistently designed in, at both a hardware and firmware
+level.</p>
+<p>The PSA Cryptographic API (Crypto API) described in this document is an
+important PSA component that provides an interface to modern
+cryptographic primitives on resource-constrained devices. The interface
+is user-friendly, while still providing access to the primitives used in
+modern cryptography. It does not require that the user have access to
+the key material. Instead, it uses opaque key handles.</p>
+<p>This document is part of the PSA family of specifications. It defines an
+interface for cryptographic services, including cryptography primitives
+and a key storage functionality.</p>
+<p>This document includes:</p>
+<ul class="simple">
+<li>A <a class="reference external" href="#design-goals">rationale</a> for the design.</li>
+<li>A <a class="reference external" href="#functionality-overview">high-level overview of the
+functionality</a> provided by the interface.</li>
+<li>A <a class="reference external" href="#sample-architectures">description of typical architectures</a> of
+implementations for this specification.</li>
+<li>General considerations <a class="reference external" href="#implementation-considerations">for
+implementers</a> of this
+specification and <a class="reference external" href="#usage-considerations">for applications</a> that
+use the interface defined in this specification.</li>
+<li>A detailed definition of the API.</li>
+</ul>
+<p>Companion documents will define <em>profiles</em> for this specification. A
+profile is a minimum mandatory subset of the interface that a compliant
+implementation must provide.</p>
+</div>
+<div class="section" id="design-goals">
+<h1>Design goals</h1>
+<div class="section" id="suitable-for-constrained-devices">
+<h2>Suitable for constrained devices</h2>
+<p>The interface is suitable for a vast range of devices: from
+special-purpose cryptographic processors that process data with a
+built-in key, to constrained devices running custom application code,
+such as microcontrollers, and multi-application devices, such as
+servers. Consequentially, the interface is scalable and modular.</p>
+<ul class="simple">
+<li><em>Scalable</em>: you shouldn’t pay for functionality that you don’t need.</li>
+<li><em>Modular</em>: larger devices implement larger subsets of the same
+interface, rather than different interfaces.</li>
+</ul>
+<p>Because this specification is suitable for very constrained devices,
+including those where memory is very limited, all operations on
+unbounded amounts of data allow <em>multipart</em> processing, as long as the
+calculations on the data are performed in a streaming manner. This means
+that the application does not need to store the whole message in memory
+at one time.</p>
+<p>Memory outside the keystore boundary is managed by the application. An
+implementation of the interface is not required to retain any state
+between function calls, apart from the content of the keystore and other
+data that must be kept inside the keystore security boundary.</p>
+<p>The interface does not expose the representation of keys and
+intermediate data, except when required for interchange. This allows
+each implementation to choose optimal data representations.
+Implementations with multiple components are also free to choose which
+memory area to use for internal data.</p>
+</div>
+<div class="section" id="a-keystore-interface">
+<h2>A keystore interface</h2>
+<p>The specification allows cryptographic operations to be performed on a
+key to which the application does not have direct access. Except where
+required for interchange, applications access all keys indirectly, by a
+handle. The key material corresponding to that handle can reside inside
+a security boundary that prevents it from being extracted, except as
+permitted by a policy that is defined when the key is created.</p>
+</div>
+<div class="section" id="optional-isolation">
+<h2>Optional isolation</h2>
+<p>Implementations can isolate the cryptoprocessor from the calling
+application, and can further isolate multiple calling applications. The
+interface allows the implementation to be separated between a frontend
+and a backend. In an isolated implementation, the frontend is the part
+of the implementation that is located in the same isolation boundary as
+the application, which the application accesses by function calls. The
+backend is the part of the implementation that is located in a different
+environment, which is protected from the frontend. Various technologies
+can provide protection, for example:</p>
+<ul class="simple">
+<li>Process isolation in an operating system.</li>
+<li>Partition isolation, either with a virtual machine or a partition
+manager.</li>
+<li>Physical separation between devices.</li>
+</ul>
+<p>Communication between the frontend and backend is beyond the scope of
+this specification.</p>
+<p>In an isolated implementation, the backend can serve more than one
+implementation instance. In this case, a single backend communicates
+with multiple instances of the frontend. The backend must enforce
+<strong>caller isolation</strong>: it must ensure that assets of one frontend are not
+visible to any other frontend. How callers are identified is beyond the
+scope of this specification. An implementation that provides caller
+isolation must document how callers are identified. An implementation
+that provides isolation must document any implementation-specific
+extension of the API that enables frontend instances to share data in
+any form.</p>
+<p>In summary, there are three types of implementations:</p>
+<ul class="simple">
+<li>No isolation: there is no security boundary between the application
+and the cryptoprocessor. For example, a statically or dynamically
+linked library is an implementation with no isolation.</li>
+<li>Cryptoprocessor isolation: there is a security boundary between the
+application and the cryptoprocessor, but the cryptoprocessor does not
+communicate with other applications. For example, a cryptoprocessor
+chip that is a companion to an application processor is an
+implementation with cryptoprocessor isolation.</li>
+<li>Caller isolation: there are multiple application instances, with a
+security boundary between the application instances among themselves,
+as well as between the cryptoprocessor and the application instances.
+For example, a cryptography service in a multiprocess environment is
+an implementation with caller and cryptoprocessor isolation.</li>
+</ul>
+</div>
+<div class="section" id="choice-of-algorithms">
+<h2>Choice of algorithms</h2>
+<p>The specification defines a low-level cryptographic interface, where the
+caller explicitly chooses which algorithm and which security parameters
+they use. This is necessary to implement protocols that are inescapable
+in various use cases. The design of the interface enables applications
+to implement widely-used protocols and data exchange formats, as well as
+custom ones.</p>
+<p>As a consequence, all cryptographic functionality operates according to
+the precise algorithm specified by the caller. However, this does not
+apply to device-internal functionality, which does not involve any form
+of interoperability, such as random number generation. The specification
+does not include generic higher-level interfaces, where the
+implementation chooses the best algorithm for a purpose. However,
+higher-level libraries can be built on top of the PSA Crypto API.</p>
+<p>Another consequence is that the specification permits the use of
+algorithms, key sizes and other parameters that, while known to be
+insecure, may be necessary to support legacy protocols or legacy data.
+Where major weaknesses are known, the algorithm description give
+applicable warnings. However, the lack of a warning does not and cannot
+indicate that an algorithm is secure in all circumstances. Application
+developers should research the security of the algorithms that they plan
+to use to determine if the algorithms meet their requirements.</p>
+<p>The interface facilitates algorithm agility. As a consequence,
+cryptographic primitives are presented through generic functions with a
+parameter indicating the specific choice of algorithm. For example,
+there is a single function to calculate a message digest, which takes a
+parameter that identifies the specific hash algorithm.</p>
+</div>
+<div class="section" id="ease-of-use">
+<h2>Ease of use</h2>
+<p>The interface is designed to be as user-friendly as possible, given the
+aforementioned constraints on suitability for various types of devices
+and on the freedom to choose algorithms.</p>
+<p>In particular, the code flows are designed to reduce the chance of
+dangerous misuse. The interface makes it harder to misuse than to use
+correctly, and typical mistakes result in test failures, rather than
+subtle security issues. Implementations avoid leaking data when a
+function is called with invalid parameters, to the extent allowed by the
+C language and by implementation size constraints.</p>
+</div>
+<div class="section" id="example-use-cases">
+<h2>Example use cases</h2>
+<p>This section lists some of the use cases that were considered while
+designing this API. This list is not exhaustive, nor are all
+implementations required to support all use cases.</p>
+<div class="section" id="network-security-tls">
+<h3>Network Security (TLS)</h3>
+<p>The API provides everything needed to establish TLS connections on the
+device side: asymmetric key management inside a key store, symmetric
+ciphers, MAC, HMAC, message digests, and AEAD.</p>
+</div>
+<div class="section" id="secure-storage">
+<h3>Secure Storage</h3>
+<p>The API provides all primitives related to storage encryption, block or
+file-based, with master encryption keys stored inside a key store.</p>
+</div>
+<div class="section" id="network-credentials">
+<h3>Network Credentials</h3>
+<p>The API provides network credential management inside a key store, for
+example, for X.509-based authentication or pre-shared keys on enterprise
+networks.</p>
+</div>
+<div class="section" id="device-pairing">
+<h3>Device Pairing</h3>
+<p>The API provides support for key agreement protocols that are often used
+for secure pairing of devices over wireless channels. For example, the
+pairing of an NFC token or a Bluetooth device could make use of key
+agreement protocols upon first use.</p>
+</div>
+<div class="section" id="secure-boot">
+<h3>Secure Boot</h3>
+<p>The API provides primitives for use during firmware integrity and
+authenticity validation, during a secure or trusted boot process.</p>
+</div>
+<div class="section" id="attestation">
+<h3>Attestation</h3>
+<p>The API provides primitives used in attestation activities. Attestation
+is the ability for a device to sign an array of bytes with a device
+private key and return the result to the caller. There are several use
+cases: from attestation of the device state to the ability to generate a
+key pair and prove that it has been generated inside a secure key store.
+The API provides access to the algorithms commonly used for attestation.</p>
+</div>
+<div class="section" id="factory-provisioning">
+<h3>Factory Provisioning</h3>
+<p>Most IoT devices receive a unique identity during the factory
+provisioning process, or once deployed to the field. This API provides
+the APIs necessary for populating a device with keys that represent that
+identity.</p>
+</div>
+</div>
+</div>
+<div class="section" id="functionality-overview">
+<h1>Functionality overview</h1>
+<p>This section provides a high-level overview of the functionality
+provided by the interface defined in this specification. Refer to the
+API definition for a detailed description.</p>
+<p>Due to the modularity of the interface, almost every part of the library
+is optional. The only mandatory function is <code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code>.</p>
+<div class="section" id="library-management">
+<h2>Library management</h2>
+<p>Before any use, applications must call <code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> to initialize
+the library.</p>
+</div>
+<div class="section" id="key-management">
+<h2>Key management</h2>
+<p>Applications always access keys via a handle. This allows keys to be
+non-extractable, that is, an application can perform operations using a
+key without having access to the key material. Non-extractable keys are
+bound to the device, can be rate-limited and can have their usage
+restricted by policies.</p>
+<p>Each key has a set of attributes that describe the key and the policy
+for using the key. A <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object contains all of the
+attributes, which is used when creating a key and when querying key
+attibutes.</p>
+<p>Each key has a <em>lifetime</em> that determines when the key material is
+destroyed. There are two types of lifetimes:
+<a class="reference external" href="#volatile-keys">volatile</a> and <a class="reference external" href="#persistent-keys">persistent</a>.</p>
+<div class="section" id="volatile-keys">
+<h3>Volatile keys</h3>
+<p>A <em>volatile</em> key is destroyed as soon as the application closes the
+handle to the key. When the application terminates, it conceptually
+closes all of its key handles. Conceptually, a volatile key is stored in
+RAM. Volatile keys have the lifetime <code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code>.</p>
+<p>To create a volatile key:</p>
+<ol class="arabic simple">
+<li>Populate a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object with the key’s type, size,
+policy and other attributes.</li>
+<li>Create the key with <code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code>,
+<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code>.</li>
+</ol>
+<p>To destroy a volatile key, call <code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code>
+(these functions are equivalent when called on a volatile key).</p>
+</div>
+<div class="section" id="persistent-keys">
+<h3>Persistent keys</h3>
+<p>A <em>persistent</em> key exists until it explicitly destroyed with
+<code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> or until it is wiped by the reset or destruction of
+the device.</p>
+<p>Each persistent key has a key identifier, which acts as a name for the
+key. Within an application, the key identifier corresponds to a single
+key. The application specifies the key identifier when the key is
+created, and uses the key identifier to obtain a handle to a persistent
+key that has already been created. If the implementation provides
+<a class="reference external" href="#optional-isolation">caller isolation</a>, then key identifiers are
+local to each application: the same key identifier in two applications
+corresponds to different keys.</p>
+<p>Persistent keys may be stored in different storage areas; this is
+indicated through different lifetime values. This specification defines
+a single lifetime value <code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> which
+corresponds to a default storage area. Implementations may define
+alternative lifetime values corresponding to different storage areas
+with different retention policies, or to secure elements with different
+security characteristics.</p>
+<p>To create a persistent key:</p>
+<ol class="arabic simple">
+<li>Populate a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object with the key’s type, size,
+policy and other attributes.</li>
+<li>In the attributes object, set the desired lifetime and persistent
+identifier for the key.</li>
+<li>Create the key with <code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code>,
+<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code>.</li>
+</ol>
+<p>To release memory resources associated with a key but keep the key in
+storage, call <code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code>. To access an existing persistent key,
+call <code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> with the same key identifier used when creating
+the key.</p>
+<p>To destroy a persistent key, open it (if it isn’t already open) and call
+<code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code>.</p>
+<p>The key lifetime and identifier are set when the key is created and
+cannot be changed without destroying the key first. If the original key
+permits copying, then the application can specify a different lifetime
+for the copy of the key.</p>
+</div>
+<div class="section" id="recommendations-of-minimum-standards-for-key-management">
+<h3>Recommendations of minimum standards for key management</h3>
+<p>Most implementations provide the function <code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code>. The only
+exceptions are implementations that only give access to a key or keys
+that are provisioned by proprietary means, and do not allow the main
+application to use its own cryptographic material.</p>
+<p>Most implementations provide <code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> and the
+<code class="docutils literal notranslate"><span class="pre">psa_get_key_xxx</span></code> accessor functions, as they are easy to implement,
+and it is difficult to write applications and to diagnose issues without
+being able to check the metadata.</p>
+<p>Most implementations also provide <code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> if they
+support any asymmetric algorithm, since public-key cryptography often
+requires the delivery of a public key that is associated with a
+protected private key.</p>
+<p>Most implementations provide <code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code>. However, highly
+constrained implementations that are designed to work only with
+short-term keys (no non-volatile storage), or only with long-term
+non-extractable keys, may omit this function.</p>
+</div>
+</div>
+<div class="section" id="usage-policies">
+<h2>Usage policies</h2>
+<p>All keys have an associated policy that regulates which operations are
+permitted on the key. Each key policy is a set of usage flags and a
+specific algorithm that is permitted with the key. The policy is part of
+the key attributes that are managed by a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code>
+object.</p>
+<p>The usage flags are encoded in a bitmask, which has the type
+<code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code>. Three kinds of usage flag can be specified: * The
+extractable flag <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> determines whether the key
+material can be extracted. * The copyable flag <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code>
+determines whether the key material can be copied into a new key, which
+can have a different lifetime or a more restrictive policy. * The usage
+flags <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code>, <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code>, and so on
+determine whether the corresponding operation is permitted on the key.</p>
+<p>In addition to the usage bitmask, a policy specifies which algorithm is
+permitted with the key. This specification only defines policies that
+restrict keys to a single algorithm, which is in keeping with common
+practice and with security good practice.</p>
+<p>A highly constrained implementation may not be able to support all the
+policies that can be expressed through this interface. If an
+implementation cannot create a key with the required policy, it must
+return an appropriate error code when the key is created.</p>
+</div>
+<div class="section" id="symmetric-cryptography">
+<h2>Symmetric cryptography</h2>
+<p>This specification defines interfaces for message digests (hash
+functions), MAC (message authentication codes), symmetric ciphers and
+authenticated encryption with associated data (AEAD). For each type of
+primitive, the API includes two standalone functions (compute and
+verify, or encrypt and decrypt) as well as a series of functions that
+permit <a class="reference external" href="#multipart-operations">multipart operations</a>.</p>
+<p>The standalone functions are:</p>
+<ul class="simple">
+<li><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> to calculate the hash
+of a message or compare the hash of a message with a reference value.</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> to calculate the MAC of a
+message of compare the MAC with a reference value.</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> to encrypt or
+decrypt a message using an unauthenticated symmetric cipher. The
+encryption function generates a random IV; to use a deterministic IV
+(which is not secure in general, but can be secure in some conditions
+that depend on the algorithm), use the multipart API.</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> to encrypt/decrypt and
+authenticate a message using an AEAD algorithm. These functions
+follow the interface recommended by RFC 5116.</li>
+</ul>
+<div class="section" id="multipart-operations">
+<h3>Multipart operations</h3>
+<p>The API provides a multipart interface to hash, MAC, symmetric cipher
+and AEAD primitives. These interfaces process messages one chunk at a
+time, with the size of chunks determined by the caller. This allows the
+processing of messages that cannot be assembled in memory. To perform a
+multipart operation:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object of the appropriate type. You can use any
+allocation strategy: stack, heap, static, etc.</li>
+<li>Initialize the operation object by one of the following methods:<ul>
+<li>Set it to all-bits-zero.</li>
+<li>Initialize it to logical zero.</li>
+<li>Assign the value of the associated macro <code class="docutils literal notranslate"><span class="pre">PSA_xxx_INIT</span></code>.</li>
+<li>Assign the result of calling the associated function
+<code class="docutils literal notranslate"><span class="pre">psa_xxx_init</span></code>.</li>
+</ul>
+</li>
+<li>Specify a key for the operation using the associated setup function:
+<code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code>,
+<code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code>,
+<code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code>.</li>
+<li>Provide additional parameters:<ul>
+<li>When encrypting data, generate or set an initialization vector
+(IV), nonce, or similar initial value such as an initial counter
+value.</li>
+<li>When decrypting, set the IV or nonce.</li>
+<li>For a symmetric cipher, to generate a random IV, which is
+recommended in most protocols, call <code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code>. To
+set the IV, call <code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code>.</li>
+<li>For AEAD, call <code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> or
+<code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code>.</li>
+</ul>
+</li>
+<li>Call the associated update function on successive chunks of the
+message: <code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code>,
+<code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code>.</li>
+<li>At the end of the message, call the applicable finishing function.
+There are three kinds of finishing function, depending on what to do
+with the verification tag.<ul>
+<li>Unauthenticated encryption and decryption does not involve a
+verification tag. Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code>.</li>
+<li>To calculate the digest or MAC or authentication tag of a message,
+call the associated function to calculate and output the
+verification tag: <code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> or
+<code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code>.</li>
+<li>To verify the digest or MAC of a message against a reference value
+or to verify the authentication tag at the end of AEAD decryption,
+call the associated function to compare the verification tag with
+the reference value: <code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code>,
+<code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code>.</li>
+</ul>
+</li>
+</ol>
+<p>Calling the setup function allocates resources inside the
+implementation. These resources are freed when calling the associated
+finishing function. In addition, each family of functions defines a
+function <code class="docutils literal notranslate"><span class="pre">psa_xxx_abort</span></code>, which can be called at any time to free the
+resources associated with an operation.</p>
+</div>
+<div class="section" id="authenticated-encryption">
+<h3>Authenticated encryption</h3>
+<p>Having a multipart interface to authenticated encryption raises specific
+issues.</p>
+<p>Multipart authenticated decryption produces partial results that are not
+authenticated. Applications must not use or expose partial results of
+authenticated decryption until <code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> has returned a
+success status, and must destroy all partial results without revealing
+them if <code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> returns a failure status. Revealing partial
+results (directly, or indirectly through the application’s behavior) can
+compromise the confidentiality of all inputs that are encrypted with the
+same key.</p>
+<p>For encryption, some common algorithms cannot be processed in a
+streaming fashion. For SIV mode, the whole plaintext must be known
+before the encryption can start; the multipart AEAD API is not meant to
+be usable with SIV mode. For CCM mode, the length of the plaintext must
+be known before the encryption can start; the application can call the
+function <code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> to provide these lengths before
+providing input.</p>
+</div>
+</div>
+<div class="section" id="key-derivation">
+<h2>Key derivation</h2>
+<p>The specification defines a mechanism for key derivation that allows the
+output of the derivation to be split into multiple keys, as well as
+non-key outputs.</p>
+<p>In an implementation with <a class="reference external" href="#optional-isolation">isolation</a>, the
+intermediate state of the key derivation is not visible to the caller,
+and if an output of the derivation is a non-exportable key, then this
+output cannot be recovered outside the isolation boundary.</p>
+<div class="section" id="key-derivation-operations">
+<h3>Key derivation operations</h3>
+<p>A key derivation operation encodes a deterministic method to generate a
+finite stream of bytes. This data stream is computed by the
+cryptoprocessor and extracted in chunks. If two key derivation
+operations are constructed with the same parameters, then they should
+produce the same outputs.</p>
+<p>Some example uses of key derivation operations are:</p>
+<ul class="simple">
+<li>A key derivation function: initialized with a secret, a salt and
+other parameters.</li>
+<li>A key agreement function: initialized with a public key (peer key), a
+key pair (own key) and other parameters.</li>
+</ul>
+<p>Applications use the <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> type to create
+key derivation operations.</p>
+<p>The lifecycle of a key derivation operation is as follows:</p>
+<ol class="arabic simple">
+<li>Setup: construct a <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> object, and set
+its parameters and inputs. The setup phase determines the key
+derivation operation’s capacity, which is the maximum number of bytes
+that can be output from this key derivation operation.</li>
+<li>Output: read bytes from the stream defined by the key derivation
+operation. This can be done any number of times, until the stream is
+exhausted when its capacity has been reached. Each output step can
+either be used to populate a key object
+(<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code>), or to read some bytes and
+extract them as cleartext (<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code>).</li>
+<li>Terminate: clear the key derivation operation and release associated
+resources (<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code>).</li>
+</ol>
+<p>A key derivation operation cannot be rewound. Once a part of the stream
+has been output, it cannot be output again. This ensures that the same
+part of the output will not be used for different purposes.</p>
+</div>
+<div class="section" id="key-derivation-function">
+<h3>Key derivation function</h3>
+<p>This specification defines functions to set up a key derivation. A key
+derivation consists of two parts:</p>
+<ol class="arabic simple">
+<li>Input collection. This is sometimes known as <em>extraction</em>: the
+operation “extracts” information from the inputs to generate a
+pseudorandom intermediate secret value.</li>
+<li>Output generation. This is sometimes known as <em>expansion</em>: the
+operation “expands” the intermediate secret value to the desired
+output length.</li>
+</ol>
+<p>To perform a key derivation:</p>
+<ol class="arabic simple">
+<li>Initialize a <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> object to zero or to
+<code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERAITON_INIT</span></code>.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> to select a key derivation
+algorithm.</li>
+<li>Call the functions <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> and
+<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code>, or
+<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> to provide the inputs to the key
+derivation algorithm. Many key derivation algorithms take multiple
+inputs; the “step” parameter to these functions indicates which input
+is being passed. The documentation for each key derivation algorithm
+describes the expected inputs for that algorithm.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> to create a derived key, or
+<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> to export the derived data. These
+functions may be called multiple times to read successive output from
+the key derivation.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> to release the key derivation
+operation memory.</li>
+</ol>
+<p>Here is an example of a use case where a master key is used to generate
+both a message encryption key and an IV for the encryption, and the
+derived key and IV are then used to encrypt a message.</p>
+<ol class="arabic simple">
+<li>Derive the message encryption material from the master key.<ol class="arabic">
+<li>Initialize a <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> object to zero or
+to <code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code>.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> with <code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> as the
+algorithm.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> with the step
+<code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> and the master key.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> with the step
+<code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> and a public value that uniquely
+identifies the message.</li>
+<li>Populate a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object with the derived
+message encryption key’s attributes.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> to create the derived
+message key.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> to generate the derived
+IV.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> to release the key derivation
+operation memory.</li>
+</ol>
+</li>
+<li>Encrypt the message with the derived material.<ol class="arabic">
+<li>Initialize a <code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> object to zero or to
+<code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code>.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> with the derived message
+encryption key.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> using the derived IV retrieved above.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> one or more times to encrypt the
+message.</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> at the end of the message.</li>
+</ol>
+</li>
+<li>Call <code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> to clear the generated key.</li>
+</ol>
+</div>
+</div>
+<div class="section" id="asymmetric-cryptography">
+<h2>Asymmetric cryptography</h2>
+<p>The asymmetric cryptography part of this interface defines functions for
+asymmetric encryption, asymmetric signature and two-way key agreement.</p>
+<div class="section" id="asymmetric-encryption">
+<h3>Asymmetric encryption</h3>
+<p>Asymmetric encryption is provided through the functions
+<code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code>.</p>
+</div>
+<div class="section" id="hash-and-sign">
+<h3>Hash-and-sign</h3>
+<p>The signature and verification functions <code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> and
+<code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> take a hash as one of their inputs. This hash
+should be calculated with <code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> and
+<code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> before calling <code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> or
+<code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code>. To determine which hash algorithm to use,
+call the macro <code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> on the corresponding signature
+algorithm.</p>
+</div>
+<div class="section" id="key-agreement">
+<h3>Key agreement</h3>
+<p>This specification defines two functions for a Diffie-Hellman-style key
+agreement where each party combines its own private key with the peer’s
+public key.</p>
+<p>The recommended approach is to use a <a class="reference external" href="#key-derivation">key derivation
+operation</a> with the
+<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> input function, which calculates a
+shared secret for the key derivation function.</p>
+<p>In case an application needs direct access to the shared secret, it can
+call <code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> instead. Note that in general the shared
+secret is not directly suitable for use as a key because it is biased.</p>
+</div>
+</div>
+<div class="section" id="randomness-and-key-generation">
+<h2>Randomness and key generation</h2>
+<p>We strongly recommended that implementations include a random generator,
+consisting of a cryptographically secure pseudo-random generator
+(CSPRNG), which is adequately seeded with a cryptographic-quality
+hardware entropy source, commonly referred to as a true random number
+generator (TRNG). Constrained implementations may omit the random
+generation functionality if they do not implement any algorithm that
+requires randomness internally, and they do not provide a key generation
+functionality. For example, a special-purpose component for signature
+verification can omit this.</p>
+<p>Applications should use <code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code>,
+<code class="docutils literal notranslate"><span class="pre">psa_encrypt_generate_iv</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_generate_iv</span></code> to generate
+suitably-formatted random data, as applicable. In addition, the API
+includes a function <code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> to generate and extract
+arbitrary random data.</p>
+</div>
+<div class="section" id="future-additions">
+<h2>Future additions</h2>
+<p>We plan to cover the following features in future drafts and editions of
+this specification:</p>
+<ul class="simple">
+<li>Single-shot functions for symmetric operations.</li>
+<li>Multi-part operations for hybrid cryptography. For example, this
+includes hash-and-sign for EdDSA, and hybrid encryption for ECIES.</li>
+<li>Key exchange and a more general interface to key derivation. This
+would enable an application to derive a non-extractable session key
+from non-extractable secrets, without leaking the intermediate
+material.</li>
+<li>Key wrapping mechanisms to extract and import keys in a protected
+form (encrypted and authenticated).</li>
+<li>Key discovery mechanisms. This would enable an application to locate
+a key by its name or attributes.</li>
+<li>Implementation capability description. This would enable an
+application to determine the algorithms, key types and storage
+lifetimes that the implementation provides.</li>
+<li>An ownership and access control mechanism allowing a multi-client
+implementation to have privileged clients that are able to manage
+keys of other clients.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="sample-architectures">
+<h1>Sample architectures</h1>
+<p>This section describes some example architectures that can be used for
+implementations of the interface described in this specification. This
+list is not exhaustive and the section is entirely non-normative.</p>
+<div class="section" id="single-partition-architecture">
+<h2>Single-partition architecture</h2>
+<p>In this architecture, there is no security boundary inside the system.
+The application code may access all the system memory, including the
+memory used by the cryptographic services described in this
+specification. Thus, the architecture provides <a class="reference external" href="#optional-isolation">no
+isolation</a>.</p>
+<p>This architecture does not conform to the Arm <em>Platform Security
+Architecture Security Model</em>. However, it may be useful for providing
+cryptographic services that use the same interface, even on devices that
+cannot support any security boundary. So, while this architecture is not
+the primary design goal of the API defined in the present specification,
+it is supported.</p>
+<p>The functions in this specification simply execute the underlying
+algorithmic code. Security checks can be kept to a minimum, since the
+cryptoprocessor cannot defend against a malicious application. Key
+import and export copy data inside the same memory space.</p>
+<p>This architecture also describes a subset of some larger systems, where
+the cryptographic services are implemented inside a high-security
+partition, separate from the code of the main application, though it
+shares this high-security partition with other platform security
+services.</p>
+</div>
+<div class="section" id="cryptographic-token-and-single-application-processor">
+<h2>Cryptographic token and single-application processor</h2>
+<p>This system is composed of two partitions: one is a cryptoprocessor and
+the other partition runs an application. There is a security boundary
+between the two partitions, so that the application cannot access the
+cryptoprocessor, except through its public interface. Thus, the
+architecture provides <a class="reference external" href="#optional-isolation">cryptoprocessor
+isolation</a>. The cryptoprocessor has some
+nonvolatile storage, a TRNG, and possibly, some cryptographic
+accelerators.</p>
+<p>There are a number of potential physical realizations: the
+cryptoprocessor may be a separate chip, a separate processor on the same
+chip, or a logical partition using a combination of hardware and
+software to provide the isolation. These realizations are functionally
+equivalent in terms of the offered software interface, but they would
+typically offer different levels of security guarantees.</p>
+<p>The PSA crypto API in the application processor consists of a thin layer
+of code that translates function calls to remote procedure calls in the
+cryptoprocessor. All cryptographic computations are, therefore,
+performed inside the cryptoprocessor. Non-volatile keys are stored
+inside the cryptoprocessor.</p>
+</div>
+<div class="section" id="cryptoprocessor-with-no-key-storage">
+<h2>Cryptoprocessor with no key storage</h2>
+<p>As in the <a class="reference external" href="#cryptographic-token-and-single-application-processor">previous
+example</a>, this
+system is also composed of two partitions separated by a security
+boundary. Thus, this architecture also provides <a class="reference external" href="#optional-isolation">cryptoprocessor
+isolation</a>. However, unlike the previous
+architecture, in this system, the cryptoprocessor does not have any
+secure, persistent storage that could be used to store application keys.</p>
+<p>If the cryptoprocessor is not capable of storing cryptographic material,
+then there is little use for a separate cryptoprocessor, since all data
+would have to be imported by the application.</p>
+<p>The cryptoprocessor can provide useful services if it is able to store
+at least one key. This may be a hardware unique key that is burnt to
+one-time programmable memory during the manufacturing of the device.
+This key can be used for one or more purposes:</p>
+<ul class="simple">
+<li>Encrypt and authenticate data stored in the application processor.</li>
+<li>Communicate with a paired device.</li>
+<li>Allow the application to perform operations with keys that are
+derived from the hardware unique key.</li>
+</ul>
+</div>
+<div class="section" id="multi-client-cryptoprocessor">
+<h2>Multi-client cryptoprocessor</h2>
+<p>This is an expanded variant of the <a class="reference external" href="#cryptographic-token-and-single-application-processor">cryptographic token plus application
+architecture</a>.
+In this variant, the cryptoprocessor serves multiple applications that
+are mutually untrustworthy. This architecture provides <a class="reference external" href="#optional-isolation">caller
+isolation</a>.</p>
+<p>In this architecture, API calls are translated to remote procedure
+calls, which encode the identity of the client application. The
+cryptoprocessor carefully segments its internal storage to ensure that a
+client’s data is never leaked to another client.</p>
+</div>
+<div class="section" id="multi-cryptoprocessor-architecture">
+<h2>Multi-cryptoprocessor architecture</h2>
+<p>This system includes multiple cryptoprocessors. There are several
+reasons to have multiple cryptoprocessors:</p>
+<ul class="simple">
+<li>Different compromises between security and performance for different
+keys. Typically, this means a cryptoprocessor that runs on the same
+hardware as the main application and processes short-term secrets, a
+secure element or a similar separate chip that retains long-term
+secrets.</li>
+<li>Independent provisioning of certain secrets.</li>
+<li>A combination of a non-removable cryptoprocessor and removable ones,
+for example, a smartcard or HSM.</li>
+<li>Cryptoprocessors managed by different stakeholders who do not trust
+each other.</li>
+</ul>
+<p>The keystore implementation needs to dispatch each request to the
+correct processor. For example: * All requests involving a
+non-extractable key must be processed in the cryptoprocessor that holds
+that key. * Requests involving a persistent key must be processed in
+the cryptoprocessor that corresponds to the key’s lifetime value. *
+Requests involving a volatile key may target a cryptoprocessor based on
+parameters supplied by the application, or based on considerations such
+as performance inside the implementation.</p>
+</div>
+</div>
+<div class="section" id="library-conventions">
+<h1>Library conventions</h1>
+<div class="section" id="error-handling">
+<h2>Error handling</h2>
+<div class="section" id="return-status">
+<h3>Return status</h3>
+<p>Almost all functions return a status indication of type
+<code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>. This is an enumeration of integer values, with 0
+(<code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code>) indicating successful operation and other values
+indicating errors. The exception is data structure accessor functions,
+which cannot fail. Such functions may return <code class="docutils literal notranslate"><span class="pre">void</span></code> or a data value.</p>
+<p>Unless specified otherwise, if multiple error conditions apply, an
+implementation is free to return any of the applicable error codes. The
+choice of error code is considered an implementation quality issue.
+Different implementations may make different choices, for example to
+favor code size over ease of debugging or vice versa.</p>
+<p>Note that if the behavior is undefined (for example, if a function
+receives an invalid pointer as a parameter), this specification makes no
+guarantee that the function will return an error. Implementations are
+encouraged to return an error or halt the application in a manner that
+is appropriate for the platform if the undefined behavior condition can
+be detected. However, application programmers should be aware that
+undefined behavior conditions cannot be detected in general.</p>
+</div>
+<div class="section" id="behavior-on-error">
+<h3>Behavior on error</h3>
+<p>All function calls must be implemented atomically:</p>
+<ul class="simple">
+<li>When a function returns a type other than <code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>, the
+requested action has been carried out.</li>
+<li>When a function returns the status <code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code>, the requested
+action has been carried out.</li>
+<li>When a function returns another status of type <code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>, no
+action has been carried out. The content of the output parameters is
+undefined, but otherwise the state of the system has not changed,
+except as described below.</li>
+</ul>
+<p>In general, functions that modify the system state, for example,
+creating or destroying a key, must leave the system state unchanged if
+they return an error code. There are specific conditions that can result
+in different behavior:</p>
+<ul class="simple">
+<li>The status <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> indicates that a parameter was not
+in a valid state for the requested action. This parameter may have
+been modified by the call and is now in an undefined state. The only
+valid action on an object in an undefined state is to abort it with
+the appropriate <code class="docutils literal notranslate"><span class="pre">psa_abort_xxx</span></code> function.</li>
+<li>The status <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> indicates that a key
+derivation object has reached its maximum capacity. The key
+derivation operation may have been modified by the call. Any further
+attempt to obtain output from the key derivation operation will
+return <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code>.</li>
+<li>The status <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> indicates that the
+communication between the application and the cryptoprocessor has
+broken down. In this case, the cryptoprocessor must either finish the
+requested action successfully, or interrupt the action and roll back
+the system to its original state. Because it is often impossible to
+report the outcome to the application after a communication failure,
+this specification does not provide a way for the application to
+determine whether the action was successful.</li>
+<li>The statuses <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code>,
+<code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> and <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code>
+may indicate data corruption in the system state. When a function
+returns one of these statuses, the system state may have changed from
+its previous state before the function call, even though the function
+call failed.</li>
+<li>Some system states cannot be rolled back, for example, the internal
+state of the random number generator or the content of access logs.</li>
+</ul>
+<p>Unless otherwise documented, the content of output parameters is not
+defined when a function returns a status other than <code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code>.
+Implementations should set output parameters to safe defaults to avoid
+leaking confidential data and limit risk, in case an application does
+not properly handle all errors.</p>
+</div>
+</div>
+<div class="section" id="parameter-conventions">
+<h2>Parameter conventions</h2>
+<div class="section" id="pointer-conventions">
+<h3>Pointer conventions</h3>
+<p>Unless explicitly stated in the documentation of a function, all
+pointers must be valid pointers to an object of the specified type.</p>
+<p>A parameter is considered a <strong>buffer</strong> if it points to an array of
+bytes. A buffer parameter always has the type <code class="docutils literal notranslate"><span class="pre">uint8_t</span> <span class="pre">*</span></code> or
+<code class="docutils literal notranslate"><span class="pre">const</span> <span class="pre">uint8_t</span> <span class="pre">*</span></code>, and always has an associated parameter indicating
+the size of the array. Note that a parameter of type <code class="docutils literal notranslate"><span class="pre">void</span> <span class="pre">*</span></code> is never
+considered a buffer.</p>
+<p>All parameters of pointer type must be valid non-null pointers, unless
+the pointer is to a buffer of length 0 or the function’s documentation
+explicitly describes the behavior when the pointer is null.
+Implementations where a null pointer dereference usually aborts the
+application, passing <code class="docutils literal notranslate"><span class="pre">NULL</span></code> as a function parameter where a null
+pointer is not allowed, should abort the caller in the habitual manner.</p>
+<p>Pointers to input parameters may be in read-only memory. Output
+parameters must be in writable memory. Output parameters that are not
+buffers must also be readable, and the implementation must be able to
+write to a non-buffer output parameter and read back the same value, as
+explained in the <a class="reference external" href="#stability-of-parameters">“Stability of
+parameters”</a> section.</p>
+</div>
+<div class="section" id="input-buffer-sizes">
+<h3>Input buffer sizes</h3>
+<p>For input buffers, the parameter convention is:</p>
+<ul class="simple">
+<li><code class="docutils literal notranslate"><span class="pre">const</span> <span class="pre">uint8_t</span> <span class="pre">*foo</span></code>: pointer to the first byte of the data. The
+pointer may be invalid if the buffer size is 0.</li>
+<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">foo_length</span></code>: size of the buffer in bytes.</li>
+</ul>
+<p>The interface never uses input-output buffers.</p>
+</div>
+<div class="section" id="output-buffer-sizes">
+<h3>Output buffer sizes</h3>
+<p>For output buffers, the parameter convention is:</p>
+<ul class="simple">
+<li><code class="docutils literal notranslate"><span class="pre">uint8_t</span> <span class="pre">*foo</span></code>: pointer to the first byte of the data. The pointer
+may be invalid if the buffer size is 0.</li>
+<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">foo_size</span></code>: the size of the buffer in bytes.</li>
+<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">*foo_length</span></code>: on successful return, contains the length of
+the output in bytes.</li>
+</ul>
+<p>The content of the data buffer and of <code class="docutils literal notranslate"><span class="pre">*foo_length</span></code> on errors is
+unspecified, unless explicitly mentioned in the function description.
+They may be unmodified or set to a safe default. On successful
+completion, the content of the buffer between the offsets
+<code class="docutils literal notranslate"><span class="pre">*foo_length</span></code> and <code class="docutils literal notranslate"><span class="pre">foo_size</span></code> is also unspecified.</p>
+<p>Functions return <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> if the buffer size is
+insufficient to carry out the requested operation. The interface defines
+macros to calculate a sufficient buffer size for each operation that has
+an output buffer. These macros return compile-time constants if their
+arguments are compile-time constants, so they are suitable for static or
+stack allocation. Refer to an individual function’s documentation for
+the associated output size macro.</p>
+<p>Some functions always return exactly as much data as the size of the
+output buffer. In this case, the parameter convention changes to:</p>
+<ul class="simple">
+<li><code class="docutils literal notranslate"><span class="pre">uint8_t</span> <span class="pre">*foo</span></code>: pointer to the first byte of the output. The
+pointer may be invalid if the buffer size is 0.</li>
+<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">foo_length</span></code>: the number of bytes to return in <code class="docutils literal notranslate"><span class="pre">foo</span></code> if
+successful.</li>
+</ul>
+</div>
+<div class="section" id="overlap-between-parameters">
+<h3>Overlap between parameters</h3>
+<p>Output parameters that are not buffers must not overlap with any input
+buffer or with any other output parameter. Otherwise, the behavior is
+undefined.</p>
+<p>Output buffers may overlap with input buffers. If this happens, the
+implementation must return the same result, as if the buffers did not
+overlap. In other words, the implementation must behave as if it had
+copied all the inputs into temporary memory, as far as the result is
+concerned. However, application developers should note that overlap
+between parameters may affect the performance of a function call.
+Overlap may also affect memory management security if the buffer is
+located in memory that the caller shares with another security context,
+as described in the <a class="reference external" href="#stability-of-parameters">“Stability of
+parameters”</a> section.</p>
+</div>
+<div class="section" id="stability-of-parameters">
+<h3>Stability of parameters</h3>
+<p>In some environments, it is possible for the content of a parameter to
+change while a function is executing. It may also be possible for the
+content of an output parameter to be read before the function
+terminates. This can happen if the application is multithreaded. In some
+implementations, memory can be shared between security contexts, for
+example, between tasks in a multitasking operating system, between a
+user land task and the kernel, or between the non-secure world and the
+secure world of a trusted execution environment. This section describes
+what implementations need or need not guarantee in such cases.</p>
+<p>Parameters that are not buffers are assumed to be under the caller’s
+full control. In a shared memory environment, this means that the
+parameter must be in memory that is exclusively accessible by the
+application. In a multithreaded environment, this means that the
+parameter may not be modified during the execution, and the value of an
+output parameter is undetermined until the function returns. The
+implementation may read an input parameter that is not a buffer multiple
+times and expect to read the same data. The implementation may write to
+an output parameter that is not a buffer and expect to read back the
+value that it last wrote. The implementation has the same permissions on
+buffers that overlap with a buffer in the opposite direction.</p>
+<p>In an environment with multiple threads or with shared memory, the
+implementation carefully accesses non-overlapping buffer parameters in
+order to prevent any security risk resulting from the content of the
+buffer being modified or observed during the execution of the function.
+In an input buffer that does not overlap with an output buffer, the
+implementation reads each byte of the input once, at most. The
+implementation does not read from an output buffer that does not overlap
+with an input buffer. Additionally, the implementation does not write
+data to a non-overlapping output buffer if this data is potentially
+confidential and the implementation has not yet verified that outputting
+this data is authorized.</p>
+</div>
+</div>
+<div class="section" id="key-types-and-algorithms">
+<h2>Key types and algorithms</h2>
+<p>Types of cryptographic keys and cryptographic algorithms are encoded
+separately. Each is encoded by using an integral type:
+<code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code>, respectively.</p>
+<p>There is some overlap in the information conveyed by key types and
+algorithms. Both types contain enough information, so that the meaning
+of an algorithm type value does not depend on what type of key it is
+used with, and vice versa. However, the particular instance of an
+algorithm may depend on the key type. For example, the algorithm
+<code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> can be instantiated as any AEAD algorithm using the GCM
+mode over a block cipher. The underlying block cipher is determined by
+the key type.</p>
+<p>Key types do not encode the key size. For example, AES-128, AES-192 and
+AES-256 share a key type <code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code>.</p>
+<div class="section" id="structure-of-key-and-algorithm-types">
+<h3>Structure of key and algorithm types</h3>
+<p>Both types use a partial bitmask structure, which allows the analysis
+and building of values from parts. However, the interface defines
+constants, so that applications do not need to depend on the encoding,
+and an implementation may only care about the encoding for code size
+optimization.</p>
+<p>The encodings follows a few conventions:</p>
+<ul class="simple">
+<li>The highest bit is a vendor flag. Current and future versions of this
+specification will only define values where this bit is clear.
+Implementations that wish to define additional
+implementation-specific values must use values where this bit is set,
+to avoid conflicts with future versions of this specification.</li>
+<li>The next few highest bits indicate the corresponding algorithm
+category: hash, MAC, symmetric cipher, asymmetric encryption, and so
+on.</li>
+<li>The following bits identify a family of algorithms in a
+category-dependent manner.</li>
+<li>In some categories and algorithm families, the lowest-order bits
+indicate a variant in a systematic way. For example, algorithm
+families that are parametrized around a hash function encode the hash
+in the 8 lowest bits.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="concurrent-calls">
+<h2>Concurrent calls</h2>
+<p>In some environments, an application can make calls to the PSA crypto
+API in separate threads. In such an environment, concurrent calls are
+performed correctly, as if the calls were executed in sequence, provided
+that they obey the following constraints:</p>
+<ul class="simple">
+<li>There is no overlap between an output parameter of one call and an
+input or output parameter of another call. Overlap between input
+parameters is permitted.</li>
+<li>If a call modifies a key, then no other call must modify or use that
+key. <em>Using</em>, in this context, includes all functions of multipart
+operations using the key. Concurrent calls that merely use the same
+key are permitted.</li>
+<li>Concurrent calls must not use the same operation object.</li>
+</ul>
+<p>If any of these constraints are violated, the behavior is undefined.</p>
+<p>Individual implementations may provide additional guarantees.</p>
+</div>
+</div>
+<div class="section" id="implementation-considerations">
+<h1>Implementation considerations</h1>
+<div class="section" id="implementation-specific-aspects-of-the-interface">
+<h2>Implementation-specific aspects of the interface</h2>
+<div class="section" id="implementation-profile">
+<h3>Implementation profile</h3>
+<p>Implementations may implement a subset of the API and a subset of the
+available algorithms. The implemented subset is known as the
+implementation’s profile. The documentation for each implementation must
+describe the profile that it implements. This specification’s companion
+documents also define a number of standard profiles.</p>
+</div>
+<div class="section" id="implementation-specific-types">
+<h3>Implementation-specific types</h3>
+<p>This specification defines a number of platform-specific types, which
+represent data structures whose content depends on the implementation.
+These are C <code class="docutils literal notranslate"><span class="pre">struct</span></code> types. In the associated header files,
+<code class="docutils literal notranslate"><span class="pre">crypto.h</span></code> declares the <code class="docutils literal notranslate"><span class="pre">struct</span></code> tags and <code class="docutils literal notranslate"><span class="pre">crypto_struct.h</span></code>
+provides a definition for the structures.</p>
+</div>
+<div class="section" id="implementation-specific-macros">
+<h3>Implementation-specific macros</h3>
+<p>Some macros compute a result based on an algorithm or key type. This
+specification provides a sample implementation of these macros, which
+works for all standard types. If an implementation defines
+vendor-specific algorithms or key types, then it must provide an
+implementation for such macros that takes all relevant algorithms and
+types into account. Conversely, an implementation that does not support
+a certain algorithm or key type can define such macros in a simpler way
+that does not take unsupported argument values into account.</p>
+<p>Some macros define the minimum sufficient output buffer size for certain
+functions. In some cases, an implementation is allowed to require a
+buffer size that is larger than the theoretical minimum. An
+implementation must define minimum-size macros in such a way that it
+guarantees that the buffer of the resulting size is sufficient for the
+output of the corresponding function. Refer to each macro’s
+documentation for the applicable requirements.</p>
+</div>
+</div>
+<div class="section" id="porting-to-a-platform">
+<h2>Porting to a platform</h2>
+<div class="section" id="platform-assumptions">
+<h3>Platform assumptions</h3>
+<p>This specification is designed for a C89 platform. The interface is
+defined in terms of C macros, functions and objects.</p>
+<p>The specification assumes 8-bit bytes, and “byte” and “octet” are used
+synonymously.</p>
+</div>
+<div class="section" id="platform-specific-types">
+<h3>Platform-specific types</h3>
+<p>The specification makes use of some platform-specific types, which
+should be defined in <code class="docutils literal notranslate"><span class="pre">crypto_platform.h</span></code> or by a header included in
+this file. <code class="docutils literal notranslate"><span class="pre">crypto_platform.h</span></code> must define the following types:</p>
+<ul class="simple">
+<li><code class="docutils literal notranslate"><span class="pre">uint8_t</span></code>, <code class="docutils literal notranslate"><span class="pre">uint16_t</span></code>, <code class="docutils literal notranslate"><span class="pre">uint32_t</span></code>: unsigned integer types with
+8, 16 and 32 value bits respectively. These may be the types defined
+by the C99 header <code class="docutils literal notranslate"><span class="pre">stdint.h</span></code>.</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code>: an unsigned integer type of the
+implementation’s choice.</li>
+</ul>
+</div>
+<div class="section" id="cryptographic-hardware-support">
+<h3>Cryptographic hardware support</h3>
+<p>Implementations are encouraged to make use of hardware accelerators
+where available. A future version of this specification will define a
+function interface that calls drivers for hardware accelerators and
+external cryptographic hardware.</p>
+</div>
+</div>
+<div class="section" id="security-requirements-and-recommendations">
+<h2>Security requirements and recommendations</h2>
+<div class="section" id="error-detection">
+<h3>Error detection</h3>
+<p>Implementations that provide isolation between the caller and the
+cryptography processing environment must validate parameters to ensure
+that the cryptography processing environment is protected from attacks
+caused by passing invalid parameters.</p>
+<p>Even implementations that do not provide isolation should strive to
+detect bad parameters and fail-safe as much as possible.</p>
+</div>
+<div class="section" id="memory-cleanup">
+<h3>Memory cleanup</h3>
+<p>Implementations must wipe all sensitive data from memory when it is no
+longer used. They should wipe this sensitive data as soon as possible.
+In any case, all temporary data used during the execution of a function,
+such as stack buffers, must be wiped before the function returns. All
+data associated with an object, such as a multipart operation, must be
+wiped, at the latest, when the object becomes inactive, for example,
+when a multipart operation is aborted.</p>
+<p>The rationale for this non-functional requirement is to minimize impact
+if the system is compromised. If sensitive data is wiped immediately
+after use, only data that is currently in use can be leaked. It does not
+compromise past data.</p>
+</div>
+<div class="section" id="safe-outputs-on-error">
+<h3>Safe outputs on error</h3>
+<p>Implementations must ensure that confidential data is not written to
+output parameters before validating that the disclosure of this
+confidential data is authorized. This requirement is especially
+important for implementations where the caller may share memory with
+another security context, as described in the <a class="reference external" href="#stability-of-parameters">“Stability of
+parameters”</a> section.</p>
+<p>In most cases, the specification does not define the content of output
+parameters when an error occurs. Implementations should try to ensure
+that the content of output parameters is as safe as possible, in case an
+application flaw or a data leak causes it to be used. In particular, Arm
+recommends that implementations avoid placing partial output in output
+buffers when an action is interrupted. The meaning of “safe as possible”
+depends on the implementation, as different environments require
+different compromises between implementation complexity, overall
+robustness and performance. Some common strategies are to leave output
+parameters unchanged, in case of errors, or zeroing them out.</p>
+</div>
+<div class="section" id="attack-resistance">
+<h3>Attack resistance</h3>
+<p>Cryptographic code tends to manipulate high-value secrets, from which
+other secrets can be unlocked. As such, it is a high-value target for
+attacks. There is a vast body of literature on attack types, such as
+side channel attacks and glitch attacks. Typical side channels include
+timing, cache access patterns, branch-prediction access patterns, power
+consumption, radio emissions and more.</p>
+<p>This specification does not specify particular requirements for attack
+resistance. Therefore, implementers should consider the attack
+resistance desired in each use case and design their implementation
+accordingly. Security standards for attack resistance for particular
+targets may be applicable in certain use cases.</p>
+</div>
+</div>
+<div class="section" id="other-implementation-considerations">
+<h2>Other implementation considerations</h2>
+<div class="section" id="philosophy-of-resource-management">
+<h3>Philosophy of resource management</h3>
+<p>The specification allows most functions to return
+<code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code>. This gives implementations the
+freedom to manage memory as they please.</p>
+<p>Alternatively, the interface is also designed for conservative
+strategies of memory management. An implementation may avoid dynamic
+memory allocation altogether by obeying certain restrictions:</p>
+<ul class="simple">
+<li>Pre-allocate memory for a predefined number of keys, each with
+sufficient memory for all key types that can be stored.</li>
+<li>For multipart operations, in an implementation without isolation,
+place all the data that needs to be carried over from one step to the
+next in the operation object. The application is then fully in
+control of how memory is allocated for the operation.</li>
+<li>In an implementation with isolation, pre-allocate memory for a
+predefined number of operations inside the cryptoprocessor.</li>
+</ul>
+<!--
+#### Inclusion of algorithms
+
+Inline algorithm-generic functions into specialized functions at compile/link time
+--></div>
+</div>
+</div>
+<div class="section" id="usage-considerations">
+<h1>Usage considerations</h1>
+<div class="section" id="security-recommendations">
+<h2>Security recommendations</h2>
+<div class="section" id="always-check-for-errors">
+<h3>Always check for errors</h3>
+<p>Most functions in this API can return errors. All functions that can
+fail have the return type <code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>. A few functions cannot fail,
+and thus, return <code class="docutils literal notranslate"><span class="pre">void</span></code> or some other type.</p>
+<p>If an error occurs, unless otherwise specified, the content of the
+output parameters is undefined and must not be used.</p>
+<p>Some common causes of errors include:</p>
+<ul class="simple">
+<li>In implementations where the keys are stored and processed in a
+separate environment from the application, all functions that need to
+access the cryptography processing environment may fail due to an
+error in the communication between the two environments.</li>
+<li>If an algorithm is implemented with a hardware accelerator, which is
+logically separate from the application processor, the accelerator
+may fail, even when the application processor keeps running normally.</li>
+<li>All functions may fail due to a lack of resources. However, some
+implementations guarantee that certain functions always have
+sufficient memory.</li>
+<li>All functions that access persistent keys may fail due to a storage
+failure.</li>
+<li>All functions that require randomness may fail due to a lack of
+entropy. Implementations are encouraged to seed the random generator
+with sufficient entropy during the execution of <code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code>.
+However, some security standards require periodic reseeding from a
+hardware random generator, which can fail.</li>
+</ul>
+</div>
+<div class="section" id="shared-memory-and-concurrency">
+<h3>Shared memory and concurrency</h3>
+<p>Some environments allow applications to be multithreaded, while others
+do not. In some environments, applications may share memory with a
+different security context. In environments with multithreaded
+applications or shared memory, applications must be written carefully to
+avoid data corruption or leakage. This specification requires the
+application to obey certain constraints.</p>
+<p>In general, this API allows either one writer or any number of
+simultaneous readers, on any given object. In other words, if two or
+more calls access the same object concurrently, then the behavior is
+only well-defined if all the calls are only reading from the object and
+do not modify it. Read accesses include reading memory by input
+parameters and reading keystore content by using a key. For more
+details, refer to the <a class="reference external" href="#concurrent-calls">“Concurrent calls”</a>
+section.</p>
+<p>If an application shares memory with another security context, it may
+pass shared memory blocks as input buffers or output buffers, but not as
+non-buffer parameters. For more details, refer to the <a class="reference external" href="#stability-of-parameters">“Stability of
+parameters”</a> section.</p>
+</div>
+<div class="section" id="cleaning-up-after-use">
+<h3>Cleaning up after use</h3>
+<p>To minimize impact if the system is compromised, applications should
+wipe all sensitive data from memory when it is no longer used. That way,
+only data that is currently in use may be leaked, and past data is not
+compromised.</p>
+<p>Wiping sensitive data includes:</p>
+<ul class="simple">
+<li>Clearing temporary buffers in the stack or on the heap.</li>
+<li>Aborting operations if they will not be finished.</li>
+<li>Destroying keys that are no longer used.</li>
+</ul>
+</div>
+</div>
+</div>
+
+
+          </div>
+          
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
+
+
+
+
+
+
+
+
+<h3>Navigation</h3>
+<ul class="current">
+<li class="toctree-l1 current"><a class="current reference internal" href="#">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="#design-goals">Design goals</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#a-keystore-interface">A keystore interface</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#optional-isolation">Optional isolation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#choice-of-algorithms">Choice of algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#ease-of-use">Ease of use</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#example-use-cases">Example use cases</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#network-security-tls">Network Security (TLS)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#secure-storage">Secure Storage</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#network-credentials">Network Credentials</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#device-pairing">Device Pairing</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#secure-boot">Secure Boot</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#attestation">Attestation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#factory-provisioning">Factory Provisioning</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#functionality-overview">Functionality overview</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#library-management">Library management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#key-management">Key management</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#volatile-keys">Volatile keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#persistent-keys">Persistent keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#usage-policies">Usage policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#symmetric-cryptography">Symmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#multipart-operations">Multipart operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#authenticated-encryption">Authenticated encryption</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#key-derivation">Key derivation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#key-derivation-operations">Key derivation operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-derivation-function">Key derivation function</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#asymmetric-cryptography">Asymmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#asymmetric-encryption">Asymmetric encryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#hash-and-sign">Hash-and-sign</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-agreement">Key agreement</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#randomness-and-key-generation">Randomness and key generation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#future-additions">Future additions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#sample-architectures">Sample architectures</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#single-partition-architecture">Single-partition architecture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#library-conventions">Library conventions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#error-handling">Error handling</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#return-status">Return status</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#behavior-on-error">Behavior on error</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#parameter-conventions">Parameter conventions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#pointer-conventions">Pointer conventions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#input-buffer-sizes">Input buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#output-buffer-sizes">Output buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#overlap-between-parameters">Overlap between parameters</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#stability-of-parameters">Stability of parameters</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#key-types-and-algorithms">Key types and algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#concurrent-calls">Concurrent calls</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#implementation-considerations">Implementation considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#implementation-profile">Implementation profile</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#implementation-specific-types">Implementation-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#implementation-specific-macros">Implementation-specific macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#porting-to-a-platform">Porting to a platform</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#platform-assumptions">Platform assumptions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#platform-specific-types">Platform-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#cryptographic-hardware-support">Cryptographic hardware support</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#error-detection">Error detection</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#memory-cleanup">Memory cleanup</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#safe-outputs-on-error">Safe outputs on error</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#attack-resistance">Attack resistance</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#other-implementation-considerations">Other implementation considerations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#philosophy-of-resource-management">Philosophy of resource management</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="#usage-considerations">Usage considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#security-recommendations">Security recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#always-check-for-errors">Always check for errors</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#cleaning-up-after-use">Cleaning up after use</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
+</ul>
+
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="index.html" title="previous chapter">PSA Cryptography API Specification</a></li>
+      <li>Next: <a href="from_doxygen.html" title="next chapter">Implementation-specific definitions</a></li>
+  </ul></li>
+</ul>
+</div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <div class="searchformwrapper">
+    <form class="search" action="search.html" method="get">
+      <input type="text" name="q" />
+      <input type="submit" value="Go" />
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+    </div>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+
+
+
+
+
+
+
+
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy;2019, Arm.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      
+      |
+      <a href="_sources/general.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/genindex.html b/docs/html/genindex.html
new file mode 100644
index 0000000..b0e55bf
--- /dev/null
+++ b/docs/html/genindex.html
@@ -0,0 +1,132 @@
+
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Index &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript" src="_static/jquery.js"></script>
+    <script type="text/javascript" src="_static/underscore.js"></script>
+    <script type="text/javascript" src="_static/doctools.js"></script>
+    <script type="text/javascript" src="_static/language_data.js"></script>
+    <link rel="index" title="Index" href="#" />
+    <link rel="search" title="Search" href="search.html" />
+   
+  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
+  
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head><body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          
+
+          <div class="body" role="main">
+            
+
+<h1 id="index">Index</h1>
+
+<div class="genindex-jumpbox">
+ 
+</div>
+
+
+          </div>
+          
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
+
+
+
+
+
+
+
+
+<h3>Navigation</h3>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
+</ul>
+
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="index.html">Documentation overview</a><ul>
+  </ul></li>
+</ul>
+</div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <div class="searchformwrapper">
+    <form class="search" action="search.html" method="get">
+      <input type="text" name="q" />
+      <input type="submit" value="Go" />
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+    </div>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+
+
+
+
+
+
+
+
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy;2019, Arm.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/globals.html b/docs/html/globals.html
deleted file mode 100644
index a355aaf..0000000
--- a/docs/html/globals.html
+++ /dev/null
@@ -1,812 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: File Members</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li class="current"><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow3" class="tabs2">
-    <ul class="tablist">
-      <li class="current"><a href="globals.html"><span>All</span></a></li>
-      <li><a href="globals_func.html"><span>Functions</span></a></li>
-      <li><a href="globals_type.html"><span>Typedefs</span></a></li>
-      <li><a href="globals_defs.html"><span>Macros</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow4" class="tabs3">
-    <ul class="tablist">
-      <li class="current"><a href="globals.html#index_p"><span>p</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="contents">
-<div class="textblock">Here is a list of all documented file members with links to the documentation:</div>
-
-<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
-<li>psa_aead_abort()
-: <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">crypto.h</a>
-</li>
-<li>psa_aead_decrypt()
-: <a class="el" href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">crypto.h</a>
-</li>
-<li>PSA_AEAD_DECRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a1d057796166c16eb673ad1997e48a60b">crypto_sizes.h</a>
-</li>
-<li>psa_aead_decrypt_setup()
-: <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">crypto.h</a>
-</li>
-<li>psa_aead_encrypt()
-: <a class="el" href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">crypto.h</a>
-</li>
-<li>PSA_AEAD_ENCRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a85667d47a7aa6c7b99a80e5273671266">crypto_sizes.h</a>
-</li>
-<li>psa_aead_encrypt_setup()
-: <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">crypto.h</a>
-</li>
-<li>psa_aead_finish()
-: <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">crypto.h</a>
-</li>
-<li>PSA_AEAD_FINISH_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#ab097f6e054f1a73e975d597ade9029a6">crypto_sizes.h</a>
-</li>
-<li>psa_aead_generate_nonce()
-: <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">crypto.h</a>
-</li>
-<li>PSA_AEAD_OPERATION_INIT
-: <a class="el" href="group__aead.html#gaf52e036794c0dc6fbadd93a2b990f366">crypto.h</a>
-</li>
-<li>psa_aead_operation_t
-: <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">crypto.h</a>
-</li>
-<li>psa_aead_set_lengths()
-: <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">crypto.h</a>
-</li>
-<li>psa_aead_set_nonce()
-: <a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">crypto.h</a>
-</li>
-<li>PSA_AEAD_TAG_LENGTH
-: <a class="el" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">crypto_sizes.h</a>
-</li>
-<li>psa_aead_update()
-: <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">crypto.h</a>
-</li>
-<li>psa_aead_update_ad()
-: <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">crypto.h</a>
-</li>
-<li>psa_aead_verify()
-: <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">crypto.h</a>
-</li>
-<li>PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH
-: <a class="el" href="group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_AEAD_WITH_TAG_LENGTH
-: <a class="el" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ANY_HASH
-: <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ARC4
-: <a class="el" href="group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CBC_NO_PADDING
-: <a class="el" href="group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CBC_PKCS7
-: <a class="el" href="group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CCM
-: <a class="el" href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CTR
-: <a class="el" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">crypto_values.h</a>
-</li>
-<li>PSA_ALG_DETERMINISTIC_DSA
-: <a class="el" href="group__crypto__types.html#gab8eb98fb6d2e094e47f3b44dfe128f94">crypto_values.h</a>
-</li>
-<li>PSA_ALG_DETERMINISTIC_ECDSA
-: <a class="el" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03">crypto_values.h</a>
-</li>
-<li>PSA_ALG_DSA
-: <a class="el" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ECDH
-: <a class="el" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ECDSA
-: <a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ECDSA_ANY
-: <a class="el" href="group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_FFDH
-: <a class="el" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_FULL_LENGTH_MAC
-: <a class="el" href="group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1">crypto_values.h</a>
-</li>
-<li>PSA_ALG_GCM
-: <a class="el" href="group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c">crypto_values.h</a>
-</li>
-<li>PSA_ALG_HKDF
-: <a class="el" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82">crypto_values.h</a>
-</li>
-<li>PSA_ALG_HMAC
-: <a class="el" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_AEAD
-: <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_ASYMMETRIC_ENCRYPTION
-: <a class="el" href="group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_BLOCK_CIPHER_MAC
-: <a class="el" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_CIPHER
-: <a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_ECDH
-: <a class="el" href="group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_FFDH
-: <a class="el" href="group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HASH
-: <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HASH_AND_SIGN
-: <a class="el" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HKDF
-: <a class="el" href="group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HMAC
-: <a class="el" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_KEY_AGREEMENT
-: <a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_KEY_DERIVATION
-: <a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_MAC
-: <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_RAW_KEY_AGREEMENT
-: <a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_SIGN
-: <a class="el" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_STREAM_CIPHER
-: <a class="el" href="group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_TLS12_PRF
-: <a class="el" href="group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_TLS12_PSK_TO_MS
-: <a class="el" href="group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_WILDCARD
-: <a class="el" href="group__crypto__types.html#gacf83d7430e82b97cecb8b26ca6fa1426">crypto_values.h</a>
-</li>
-<li>PSA_ALG_KEY_AGREEMENT
-: <a class="el" href="group__crypto__types.html#ga78bb81cffb87a635c247725eeb2a2682">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_OAEP
-: <a class="el" href="group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PKCS1V15_CRYPT
-: <a class="el" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PKCS1V15_SIGN
-: <a class="el" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PKCS1V15_SIGN_RAW
-: <a class="el" href="group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PSS
-: <a class="el" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_224
-: <a class="el" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_256
-: <a class="el" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_384
-: <a class="el" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_512
-: <a class="el" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_224
-: <a class="el" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_256
-: <a class="el" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_384
-: <a class="el" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_512
-: <a class="el" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_512_224
-: <a class="el" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_512_256
-: <a class="el" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SIGN_GET_HASH
-: <a class="el" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">crypto_values.h</a>
-</li>
-<li>PSA_ALG_TLS12_PRF
-: <a class="el" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5">crypto_values.h</a>
-</li>
-<li>PSA_ALG_TLS12_PSK_TO_MS
-: <a class="el" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68">crypto_values.h</a>
-</li>
-<li>PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
-: <a class="el" href="crypto__sizes_8h.html#ab589ea3b86f2bfa18880459299c58f8a">crypto_sizes.h</a>
-</li>
-<li>PSA_ALG_TRUNCATED_MAC
-: <a class="el" href="group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276">crypto_values.h</a>
-</li>
-<li>PSA_ALG_XTS
-: <a class="el" href="group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125">crypto_values.h</a>
-</li>
-<li>psa_algorithm_t
-: <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">crypto_types.h</a>
-</li>
-<li>psa_allocate_key()
-: <a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">crypto.h</a>
-</li>
-<li>psa_asymmetric_decrypt()
-: <a class="el" href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e">crypto.h</a>
-</li>
-<li>PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a61a246f3eac41989821d982e56fea6c1">crypto_sizes.h</a>
-</li>
-<li>psa_asymmetric_encrypt()
-: <a class="el" href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004">crypto.h</a>
-</li>
-<li>PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a66ba3bd93e5ec52870ccc3848778bad8">crypto_sizes.h</a>
-</li>
-<li>psa_asymmetric_sign()
-: <a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07">crypto.h</a>
-</li>
-<li>PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a77565b9b4fe6d8730fd2120f4c8378ab">crypto_sizes.h</a>
-</li>
-<li>PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#ad755101764dba14589e5919ee41be7ca">crypto_sizes.h</a>
-</li>
-<li>psa_asymmetric_verify()
-: <a class="el" href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7">crypto.h</a>
-</li>
-<li>PSA_BLOCK_CIPHER_BLOCK_SIZE
-: <a class="el" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">crypto_values.h</a>
-</li>
-<li>psa_cipher_abort()
-: <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">crypto.h</a>
-</li>
-<li>psa_cipher_decrypt()
-: <a class="el" href="group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216">crypto.h</a>
-</li>
-<li>psa_cipher_decrypt_setup()
-: <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">crypto.h</a>
-</li>
-<li>psa_cipher_encrypt()
-: <a class="el" href="group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2">crypto.h</a>
-</li>
-<li>psa_cipher_encrypt_setup()
-: <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">crypto.h</a>
-</li>
-<li>psa_cipher_finish()
-: <a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">crypto.h</a>
-</li>
-<li>psa_cipher_generate_iv()
-: <a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">crypto.h</a>
-</li>
-<li>PSA_CIPHER_OPERATION_INIT
-: <a class="el" href="group__cipher.html#ga2da0541aabf9a4995cf2004e36311919">crypto.h</a>
-</li>
-<li>psa_cipher_operation_t
-: <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">crypto.h</a>
-</li>
-<li>psa_cipher_set_iv()
-: <a class="el" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">crypto.h</a>
-</li>
-<li>psa_cipher_update()
-: <a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">crypto.h</a>
-</li>
-<li>psa_close_key()
-: <a class="el" href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">crypto.h</a>
-</li>
-<li>psa_copy_key()
-: <a class="el" href="group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d">crypto.h</a>
-</li>
-<li>psa_create_key()
-: <a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">crypto.h</a>
-</li>
-<li>PSA_CRYPTO_GENERATOR_INIT
-: <a class="el" href="group__generators.html#ga4788b471385fc667876fbd8a0d3fe062">crypto.h</a>
-</li>
-<li>psa_crypto_generator_t
-: <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">crypto.h</a>
-</li>
-<li>psa_crypto_init()
-: <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9">crypto.h</a>
-</li>
-<li>psa_destroy_key()
-: <a class="el" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c">crypto.h</a>
-</li>
-<li>psa_ecc_curve_t
-: <a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">crypto_types.h</a>
-</li>
-<li>PSA_ECDSA_SIGNATURE_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11">crypto_sizes.h</a>
-</li>
-<li>PSA_ERROR_BAD_STATE
-: <a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_BUFFER_TOO_SMALL
-: <a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_COMMUNICATION_FAILURE
-: <a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_EMPTY_SLOT
-: <a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_HARDWARE_FAILURE
-: <a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_CAPACITY
-: <a class="el" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_ENTROPY
-: <a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_MEMORY
-: <a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_STORAGE
-: <a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_ARGUMENT
-: <a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_HANDLE
-: <a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_PADDING
-: <a class="el" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_SIGNATURE
-: <a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_NOT_PERMITTED
-: <a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_NOT_SUPPORTED
-: <a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_OCCUPIED_SLOT
-: <a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_STORAGE_FAILURE
-: <a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_TAMPERING_DETECTED
-: <a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_UNKNOWN_ERROR
-: <a class="el" href="group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f">crypto_values.h</a>
-</li>
-<li>psa_export_key()
-: <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">crypto.h</a>
-</li>
-<li>psa_export_public_key()
-: <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">crypto.h</a>
-</li>
-<li>psa_generate_key()
-: <a class="el" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd">crypto.h</a>
-</li>
-<li>psa_generate_random()
-: <a class="el" href="group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5">crypto.h</a>
-</li>
-<li>psa_generator_abort()
-: <a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">crypto.h</a>
-</li>
-<li>psa_generator_import_key()
-: <a class="el" href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">crypto.h</a>
-</li>
-<li>psa_generator_read()
-: <a class="el" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">crypto.h</a>
-</li>
-<li>PSA_GENERATOR_UNBRIDLED_CAPACITY
-: <a class="el" href="group__generators.html#gac3222df9b9ecca4d33ae56a7b8fbb1c9">crypto.h</a>
-</li>
-<li>psa_get_generator_capacity()
-: <a class="el" href="group__generators.html#ga7453491e3b440193be2c5dccc2040fd2">crypto.h</a>
-</li>
-<li>psa_get_key_domain_parameters()
-: <a class="el" href="group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7">crypto.h</a>
-</li>
-<li>psa_get_key_information()
-: <a class="el" href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">crypto.h</a>
-</li>
-<li>psa_get_key_lifetime()
-: <a class="el" href="group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022">crypto.h</a>
-</li>
-<li>psa_get_key_policy()
-: <a class="el" href="group__policy.html#gaed087d1386b807edee66b2e445ba9111">crypto.h</a>
-</li>
-<li>psa_hash_abort()
-: <a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">crypto.h</a>
-</li>
-<li>psa_hash_clone()
-: <a class="el" href="group__hash.html#ga39673348f3302b4646bd780034a5aeda">crypto.h</a>
-</li>
-<li>psa_hash_compare()
-: <a class="el" href="group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc">crypto.h</a>
-</li>
-<li>psa_hash_compute()
-: <a class="el" href="group__hash.html#gac69f7f19d96a56c28cf3799d11b12156">crypto.h</a>
-</li>
-<li>psa_hash_finish()
-: <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">crypto.h</a>
-</li>
-<li>PSA_HASH_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29">crypto_sizes.h</a>
-</li>
-<li>PSA_HASH_OPERATION_INIT
-: <a class="el" href="group__hash.html#ga6ab7fe8d3500bc2f21be840b4f4f8d1d">crypto.h</a>
-</li>
-<li>psa_hash_operation_t
-: <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">crypto.h</a>
-</li>
-<li>psa_hash_setup()
-: <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">crypto.h</a>
-</li>
-<li>PSA_HASH_SIZE
-: <a class="el" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">crypto_sizes.h</a>
-</li>
-<li>psa_hash_update()
-: <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">crypto.h</a>
-</li>
-<li>psa_hash_verify()
-: <a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">crypto.h</a>
-</li>
-<li>psa_import_key()
-: <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a">crypto.h</a>
-</li>
-<li>PSA_KDF_STEP_INFO
-: <a class="el" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0">crypto_values.h</a>
-</li>
-<li>PSA_KDF_STEP_LABEL
-: <a class="el" href="group__derivation.html#ga9f4da10191bcb690b88756ed8470b03c">crypto_values.h</a>
-</li>
-<li>PSA_KDF_STEP_SALT
-: <a class="el" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327">crypto_values.h</a>
-</li>
-<li>PSA_KDF_STEP_SECRET
-: <a class="el" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168">crypto_values.h</a>
-</li>
-<li>psa_key_agreement()
-: <a class="el" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">crypto.h</a>
-</li>
-<li>psa_key_agreement_raw_shared_secret()
-: <a class="el" href="group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006">crypto.h</a>
-</li>
-<li>psa_key_derivation_input_bytes()
-: <a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">crypto.h</a>
-</li>
-<li>psa_key_derivation_input_key()
-: <a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">crypto.h</a>
-</li>
-<li>psa_key_derivation_setup()
-: <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">crypto.h</a>
-</li>
-<li>psa_key_derivation_step_t
-: <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">crypto_types.h</a>
-</li>
-<li>PSA_KEY_EXPORT_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">crypto_sizes.h</a>
-</li>
-<li>psa_key_handle_t
-: <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">crypto.h</a>
-</li>
-<li>psa_key_id_t
-: <a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">crypto_types.h</a>
-</li>
-<li>PSA_KEY_LIFETIME_PERSISTENT
-: <a class="el" href="group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02">crypto_values.h</a>
-</li>
-<li>psa_key_lifetime_t
-: <a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">crypto_types.h</a>
-</li>
-<li>PSA_KEY_LIFETIME_VOLATILE
-: <a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">crypto_values.h</a>
-</li>
-<li>psa_key_policy_get_algorithm()
-: <a class="el" href="group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86">crypto.h</a>
-</li>
-<li>psa_key_policy_get_usage()
-: <a class="el" href="group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab">crypto.h</a>
-</li>
-<li>PSA_KEY_POLICY_INIT
-: <a class="el" href="group__policy.html#ga5e6bc5f550e88fdc7790f2a75e79f7c5">crypto.h</a>
-</li>
-<li>psa_key_policy_set_usage()
-: <a class="el" href="group__policy.html#gac16792fd6d375a5f76d372090df40607">crypto.h</a>
-</li>
-<li>psa_key_policy_t
-: <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">crypto.h</a>
-</li>
-<li>PSA_KEY_TYPE_AES
-: <a class="el" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_ARC4
-: <a class="el" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_CAMELLIA
-: <a class="el" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DERIVE
-: <a class="el" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DES
-: <a class="el" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DH_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DH_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DSA_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DSA_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_ECC_KEYPAIR
-: <a class="el" href="group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_ECC_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_GET_CURVE
-: <a class="el" href="group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_HMAC
-: <a class="el" href="group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ASYMMETRIC
-: <a class="el" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_DH
-: <a class="el" href="group__crypto__types.html#ga248ae35c0e2becaebbf479fc1c3a3b0e">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_DSA
-: <a class="el" href="group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ECC
-: <a class="el" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ECC_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_KEYPAIR
-: <a class="el" href="group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_RSA
-: <a class="el" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_UNSTRUCTURED
-: <a class="el" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_VENDOR_DEFINED
-: <a class="el" href="group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_NONE
-: <a class="el" href="group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR
-: <a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_RAW_DATA
-: <a class="el" href="group__crypto__types.html#gaa97f92025533102616b32d571c940d80">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_RSA_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_RSA_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">crypto_values.h</a>
-</li>
-<li>psa_key_type_t
-: <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">crypto_types.h</a>
-</li>
-<li>PSA_KEY_TYPE_VENDOR_FLAG
-: <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_DECRYPT
-: <a class="el" href="group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_DERIVE
-: <a class="el" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_ENCRYPT
-: <a class="el" href="group__policy.html#ga75153b296d045d529d97203a6a995dad">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_EXPORT
-: <a class="el" href="group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_SIGN
-: <a class="el" href="group__policy.html#ga99b9f456cf59efc4b5579465407aef5a">crypto_values.h</a>
-</li>
-<li>psa_key_usage_t
-: <a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">crypto_types.h</a>
-</li>
-<li>PSA_KEY_USAGE_VERIFY
-: <a class="el" href="group__policy.html#ga39b54ffd5958b69634607924fa53cea6">crypto_values.h</a>
-</li>
-<li>psa_mac_abort()
-: <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">crypto.h</a>
-</li>
-<li>psa_mac_compute()
-: <a class="el" href="group__MAC.html#gace78d9b51394f9d4f77952963665897a">crypto.h</a>
-</li>
-<li>PSA_MAC_FINAL_SIZE
-: <a class="el" href="crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee">crypto_sizes.h</a>
-</li>
-<li>PSA_MAC_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a4681cc4f6226883a2160122c562ca682">crypto_sizes.h</a>
-</li>
-<li>PSA_MAC_OPERATION_INIT
-: <a class="el" href="group__MAC.html#ga441b6efc161a4573d06465bd22d9dc2d">crypto.h</a>
-</li>
-<li>psa_mac_operation_t
-: <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">crypto.h</a>
-</li>
-<li>psa_mac_sign_finish()
-: <a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">crypto.h</a>
-</li>
-<li>psa_mac_sign_setup()
-: <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">crypto.h</a>
-</li>
-<li>PSA_MAC_TRUNCATED_LENGTH
-: <a class="el" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">crypto_values.h</a>
-</li>
-<li>psa_mac_update()
-: <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">crypto.h</a>
-</li>
-<li>psa_mac_verify()
-: <a class="el" href="group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c">crypto.h</a>
-</li>
-<li>psa_mac_verify_finish()
-: <a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">crypto.h</a>
-</li>
-<li>psa_mac_verify_setup()
-: <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">crypto.h</a>
-</li>
-<li>PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE
-: <a class="el" href="crypto__sizes_8h.html#aa3cfcff0291d6da279fec8fe834d5dec">crypto_sizes.h</a>
-</li>
-<li>psa_open_key()
-: <a class="el" href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">crypto.h</a>
-</li>
-<li>psa_set_generator_capacity()
-: <a class="el" href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">crypto.h</a>
-</li>
-<li>psa_set_key_domain_parameters()
-: <a class="el" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300">crypto.h</a>
-</li>
-<li>psa_set_key_policy()
-: <a class="el" href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b">crypto.h</a>
-</li>
-<li>psa_status_t
-: <a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">crypto_types.h</a>
-</li>
-<li>PSA_SUCCESS
-: <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">crypto_values.h</a>
-</li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html
deleted file mode 100644
index 3f4c571..0000000
--- a/docs/html/globals_defs.html
+++ /dev/null
@@ -1,551 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: File Members</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li class="current"><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow3" class="tabs2">
-    <ul class="tablist">
-      <li><a href="globals.html"><span>All</span></a></li>
-      <li><a href="globals_func.html"><span>Functions</span></a></li>
-      <li><a href="globals_type.html"><span>Typedefs</span></a></li>
-      <li class="current"><a href="globals_defs.html"><span>Macros</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow4" class="tabs3">
-    <ul class="tablist">
-      <li class="current"><a href="#index_p"><span>p</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="contents">
-&#160;
-
-<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
-<li>PSA_AEAD_DECRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a1d057796166c16eb673ad1997e48a60b">crypto_sizes.h</a>
-</li>
-<li>PSA_AEAD_ENCRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a85667d47a7aa6c7b99a80e5273671266">crypto_sizes.h</a>
-</li>
-<li>PSA_AEAD_FINISH_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#ab097f6e054f1a73e975d597ade9029a6">crypto_sizes.h</a>
-</li>
-<li>PSA_AEAD_OPERATION_INIT
-: <a class="el" href="group__aead.html#gaf52e036794c0dc6fbadd93a2b990f366">crypto.h</a>
-</li>
-<li>PSA_AEAD_TAG_LENGTH
-: <a class="el" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">crypto_sizes.h</a>
-</li>
-<li>PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH
-: <a class="el" href="group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_AEAD_WITH_TAG_LENGTH
-: <a class="el" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ANY_HASH
-: <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ARC4
-: <a class="el" href="group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CBC_NO_PADDING
-: <a class="el" href="group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CBC_PKCS7
-: <a class="el" href="group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CCM
-: <a class="el" href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">crypto_values.h</a>
-</li>
-<li>PSA_ALG_CTR
-: <a class="el" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">crypto_values.h</a>
-</li>
-<li>PSA_ALG_DETERMINISTIC_DSA
-: <a class="el" href="group__crypto__types.html#gab8eb98fb6d2e094e47f3b44dfe128f94">crypto_values.h</a>
-</li>
-<li>PSA_ALG_DETERMINISTIC_ECDSA
-: <a class="el" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03">crypto_values.h</a>
-</li>
-<li>PSA_ALG_DSA
-: <a class="el" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ECDH
-: <a class="el" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ECDSA
-: <a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">crypto_values.h</a>
-</li>
-<li>PSA_ALG_ECDSA_ANY
-: <a class="el" href="group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_FFDH
-: <a class="el" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_FULL_LENGTH_MAC
-: <a class="el" href="group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1">crypto_values.h</a>
-</li>
-<li>PSA_ALG_GCM
-: <a class="el" href="group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c">crypto_values.h</a>
-</li>
-<li>PSA_ALG_HKDF
-: <a class="el" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82">crypto_values.h</a>
-</li>
-<li>PSA_ALG_HMAC
-: <a class="el" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_AEAD
-: <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_ASYMMETRIC_ENCRYPTION
-: <a class="el" href="group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_BLOCK_CIPHER_MAC
-: <a class="el" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_CIPHER
-: <a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_ECDH
-: <a class="el" href="group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_FFDH
-: <a class="el" href="group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HASH
-: <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HASH_AND_SIGN
-: <a class="el" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HKDF
-: <a class="el" href="group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_HMAC
-: <a class="el" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_KEY_AGREEMENT
-: <a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_KEY_DERIVATION
-: <a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_MAC
-: <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_RAW_KEY_AGREEMENT
-: <a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_SIGN
-: <a class="el" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_STREAM_CIPHER
-: <a class="el" href="group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_TLS12_PRF
-: <a class="el" href="group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_TLS12_PSK_TO_MS
-: <a class="el" href="group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_IS_WILDCARD
-: <a class="el" href="group__crypto__types.html#gacf83d7430e82b97cecb8b26ca6fa1426">crypto_values.h</a>
-</li>
-<li>PSA_ALG_KEY_AGREEMENT
-: <a class="el" href="group__crypto__types.html#ga78bb81cffb87a635c247725eeb2a2682">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_OAEP
-: <a class="el" href="group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PKCS1V15_CRYPT
-: <a class="el" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PKCS1V15_SIGN
-: <a class="el" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PKCS1V15_SIGN_RAW
-: <a class="el" href="group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817">crypto_values.h</a>
-</li>
-<li>PSA_ALG_RSA_PSS
-: <a class="el" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_224
-: <a class="el" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_256
-: <a class="el" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_384
-: <a class="el" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA3_512
-: <a class="el" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_224
-: <a class="el" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_256
-: <a class="el" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_384
-: <a class="el" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_512
-: <a class="el" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_512_224
-: <a class="el" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SHA_512_256
-: <a class="el" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">crypto_values.h</a>
-</li>
-<li>PSA_ALG_SIGN_GET_HASH
-: <a class="el" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">crypto_values.h</a>
-</li>
-<li>PSA_ALG_TLS12_PRF
-: <a class="el" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5">crypto_values.h</a>
-</li>
-<li>PSA_ALG_TLS12_PSK_TO_MS
-: <a class="el" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68">crypto_values.h</a>
-</li>
-<li>PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
-: <a class="el" href="crypto__sizes_8h.html#ab589ea3b86f2bfa18880459299c58f8a">crypto_sizes.h</a>
-</li>
-<li>PSA_ALG_TRUNCATED_MAC
-: <a class="el" href="group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276">crypto_values.h</a>
-</li>
-<li>PSA_ALG_XTS
-: <a class="el" href="group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125">crypto_values.h</a>
-</li>
-<li>PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a61a246f3eac41989821d982e56fea6c1">crypto_sizes.h</a>
-</li>
-<li>PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a66ba3bd93e5ec52870ccc3848778bad8">crypto_sizes.h</a>
-</li>
-<li>PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a77565b9b4fe6d8730fd2120f4c8378ab">crypto_sizes.h</a>
-</li>
-<li>PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#ad755101764dba14589e5919ee41be7ca">crypto_sizes.h</a>
-</li>
-<li>PSA_BLOCK_CIPHER_BLOCK_SIZE
-: <a class="el" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">crypto_values.h</a>
-</li>
-<li>PSA_CIPHER_OPERATION_INIT
-: <a class="el" href="group__cipher.html#ga2da0541aabf9a4995cf2004e36311919">crypto.h</a>
-</li>
-<li>PSA_CRYPTO_GENERATOR_INIT
-: <a class="el" href="group__generators.html#ga4788b471385fc667876fbd8a0d3fe062">crypto.h</a>
-</li>
-<li>PSA_ECDSA_SIGNATURE_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11">crypto_sizes.h</a>
-</li>
-<li>PSA_ERROR_BAD_STATE
-: <a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_BUFFER_TOO_SMALL
-: <a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_COMMUNICATION_FAILURE
-: <a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_EMPTY_SLOT
-: <a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_HARDWARE_FAILURE
-: <a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_CAPACITY
-: <a class="el" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_ENTROPY
-: <a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_MEMORY
-: <a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INSUFFICIENT_STORAGE
-: <a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_ARGUMENT
-: <a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_HANDLE
-: <a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_PADDING
-: <a class="el" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_INVALID_SIGNATURE
-: <a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_NOT_PERMITTED
-: <a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_NOT_SUPPORTED
-: <a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_OCCUPIED_SLOT
-: <a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_STORAGE_FAILURE
-: <a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_TAMPERING_DETECTED
-: <a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">crypto_values.h</a>
-</li>
-<li>PSA_ERROR_UNKNOWN_ERROR
-: <a class="el" href="group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f">crypto_values.h</a>
-</li>
-<li>PSA_GENERATOR_UNBRIDLED_CAPACITY
-: <a class="el" href="group__generators.html#gac3222df9b9ecca4d33ae56a7b8fbb1c9">crypto.h</a>
-</li>
-<li>PSA_HASH_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29">crypto_sizes.h</a>
-</li>
-<li>PSA_HASH_OPERATION_INIT
-: <a class="el" href="group__hash.html#ga6ab7fe8d3500bc2f21be840b4f4f8d1d">crypto.h</a>
-</li>
-<li>PSA_HASH_SIZE
-: <a class="el" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">crypto_sizes.h</a>
-</li>
-<li>PSA_KDF_STEP_INFO
-: <a class="el" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0">crypto_values.h</a>
-</li>
-<li>PSA_KDF_STEP_LABEL
-: <a class="el" href="group__derivation.html#ga9f4da10191bcb690b88756ed8470b03c">crypto_values.h</a>
-</li>
-<li>PSA_KDF_STEP_SALT
-: <a class="el" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327">crypto_values.h</a>
-</li>
-<li>PSA_KDF_STEP_SECRET
-: <a class="el" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168">crypto_values.h</a>
-</li>
-<li>PSA_KEY_EXPORT_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">crypto_sizes.h</a>
-</li>
-<li>PSA_KEY_LIFETIME_PERSISTENT
-: <a class="el" href="group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02">crypto_values.h</a>
-</li>
-<li>PSA_KEY_LIFETIME_VOLATILE
-: <a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">crypto_values.h</a>
-</li>
-<li>PSA_KEY_POLICY_INIT
-: <a class="el" href="group__policy.html#ga5e6bc5f550e88fdc7790f2a75e79f7c5">crypto.h</a>
-</li>
-<li>PSA_KEY_TYPE_AES
-: <a class="el" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_ARC4
-: <a class="el" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_CAMELLIA
-: <a class="el" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DERIVE
-: <a class="el" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DES
-: <a class="el" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DH_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DH_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DSA_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_DSA_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_ECC_KEYPAIR
-: <a class="el" href="group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_ECC_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_GET_CURVE
-: <a class="el" href="group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_HMAC
-: <a class="el" href="group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ASYMMETRIC
-: <a class="el" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_DH
-: <a class="el" href="group__crypto__types.html#ga248ae35c0e2becaebbf479fc1c3a3b0e">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_DSA
-: <a class="el" href="group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ECC
-: <a class="el" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ECC_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_KEYPAIR
-: <a class="el" href="group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_RSA
-: <a class="el" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_UNSTRUCTURED
-: <a class="el" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_IS_VENDOR_DEFINED
-: <a class="el" href="group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_NONE
-: <a class="el" href="group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR
-: <a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_RAW_DATA
-: <a class="el" href="group__crypto__types.html#gaa97f92025533102616b32d571c940d80">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_RSA_KEYPAIR
-: <a class="el" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_RSA_PUBLIC_KEY
-: <a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">crypto_values.h</a>
-</li>
-<li>PSA_KEY_TYPE_VENDOR_FLAG
-: <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_DECRYPT
-: <a class="el" href="group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_DERIVE
-: <a class="el" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_ENCRYPT
-: <a class="el" href="group__policy.html#ga75153b296d045d529d97203a6a995dad">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_EXPORT
-: <a class="el" href="group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_SIGN
-: <a class="el" href="group__policy.html#ga99b9f456cf59efc4b5579465407aef5a">crypto_values.h</a>
-</li>
-<li>PSA_KEY_USAGE_VERIFY
-: <a class="el" href="group__policy.html#ga39b54ffd5958b69634607924fa53cea6">crypto_values.h</a>
-</li>
-<li>PSA_MAC_FINAL_SIZE
-: <a class="el" href="crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee">crypto_sizes.h</a>
-</li>
-<li>PSA_MAC_MAX_SIZE
-: <a class="el" href="crypto__sizes_8h.html#a4681cc4f6226883a2160122c562ca682">crypto_sizes.h</a>
-</li>
-<li>PSA_MAC_OPERATION_INIT
-: <a class="el" href="group__MAC.html#ga441b6efc161a4573d06465bd22d9dc2d">crypto.h</a>
-</li>
-<li>PSA_MAC_TRUNCATED_LENGTH
-: <a class="el" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">crypto_values.h</a>
-</li>
-<li>PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE
-: <a class="el" href="crypto__sizes_8h.html#aa3cfcff0291d6da279fec8fe834d5dec">crypto_sizes.h</a>
-</li>
-<li>PSA_SUCCESS
-: <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">crypto_values.h</a>
-</li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/globals_func.html b/docs/html/globals_func.html
deleted file mode 100644
index 1413d25..0000000
--- a/docs/html/globals_func.html
+++ /dev/null
@@ -1,326 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: File Members</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li class="current"><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow3" class="tabs2">
-    <ul class="tablist">
-      <li><a href="globals.html"><span>All</span></a></li>
-      <li class="current"><a href="globals_func.html"><span>Functions</span></a></li>
-      <li><a href="globals_type.html"><span>Typedefs</span></a></li>
-      <li><a href="globals_defs.html"><span>Macros</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow4" class="tabs3">
-    <ul class="tablist">
-      <li class="current"><a href="#index_p"><span>p</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="contents">
-&#160;
-
-<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
-<li>psa_aead_abort()
-: <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">crypto.h</a>
-</li>
-<li>psa_aead_decrypt()
-: <a class="el" href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">crypto.h</a>
-</li>
-<li>psa_aead_decrypt_setup()
-: <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">crypto.h</a>
-</li>
-<li>psa_aead_encrypt()
-: <a class="el" href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">crypto.h</a>
-</li>
-<li>psa_aead_encrypt_setup()
-: <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">crypto.h</a>
-</li>
-<li>psa_aead_finish()
-: <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">crypto.h</a>
-</li>
-<li>psa_aead_generate_nonce()
-: <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">crypto.h</a>
-</li>
-<li>psa_aead_set_lengths()
-: <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">crypto.h</a>
-</li>
-<li>psa_aead_set_nonce()
-: <a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">crypto.h</a>
-</li>
-<li>psa_aead_update()
-: <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">crypto.h</a>
-</li>
-<li>psa_aead_update_ad()
-: <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">crypto.h</a>
-</li>
-<li>psa_aead_verify()
-: <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">crypto.h</a>
-</li>
-<li>psa_allocate_key()
-: <a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">crypto.h</a>
-</li>
-<li>psa_asymmetric_decrypt()
-: <a class="el" href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e">crypto.h</a>
-</li>
-<li>psa_asymmetric_encrypt()
-: <a class="el" href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004">crypto.h</a>
-</li>
-<li>psa_asymmetric_sign()
-: <a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07">crypto.h</a>
-</li>
-<li>psa_asymmetric_verify()
-: <a class="el" href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7">crypto.h</a>
-</li>
-<li>psa_cipher_abort()
-: <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">crypto.h</a>
-</li>
-<li>psa_cipher_decrypt()
-: <a class="el" href="group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216">crypto.h</a>
-</li>
-<li>psa_cipher_decrypt_setup()
-: <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">crypto.h</a>
-</li>
-<li>psa_cipher_encrypt()
-: <a class="el" href="group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2">crypto.h</a>
-</li>
-<li>psa_cipher_encrypt_setup()
-: <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">crypto.h</a>
-</li>
-<li>psa_cipher_finish()
-: <a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">crypto.h</a>
-</li>
-<li>psa_cipher_generate_iv()
-: <a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">crypto.h</a>
-</li>
-<li>psa_cipher_set_iv()
-: <a class="el" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">crypto.h</a>
-</li>
-<li>psa_cipher_update()
-: <a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">crypto.h</a>
-</li>
-<li>psa_close_key()
-: <a class="el" href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">crypto.h</a>
-</li>
-<li>psa_copy_key()
-: <a class="el" href="group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d">crypto.h</a>
-</li>
-<li>psa_create_key()
-: <a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">crypto.h</a>
-</li>
-<li>psa_crypto_init()
-: <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9">crypto.h</a>
-</li>
-<li>psa_destroy_key()
-: <a class="el" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c">crypto.h</a>
-</li>
-<li>psa_export_key()
-: <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">crypto.h</a>
-</li>
-<li>psa_export_public_key()
-: <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">crypto.h</a>
-</li>
-<li>psa_generate_key()
-: <a class="el" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd">crypto.h</a>
-</li>
-<li>psa_generate_random()
-: <a class="el" href="group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5">crypto.h</a>
-</li>
-<li>psa_generator_abort()
-: <a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">crypto.h</a>
-</li>
-<li>psa_generator_import_key()
-: <a class="el" href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">crypto.h</a>
-</li>
-<li>psa_generator_read()
-: <a class="el" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">crypto.h</a>
-</li>
-<li>psa_get_generator_capacity()
-: <a class="el" href="group__generators.html#ga7453491e3b440193be2c5dccc2040fd2">crypto.h</a>
-</li>
-<li>psa_get_key_domain_parameters()
-: <a class="el" href="group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7">crypto.h</a>
-</li>
-<li>psa_get_key_information()
-: <a class="el" href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">crypto.h</a>
-</li>
-<li>psa_get_key_lifetime()
-: <a class="el" href="group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022">crypto.h</a>
-</li>
-<li>psa_get_key_policy()
-: <a class="el" href="group__policy.html#gaed087d1386b807edee66b2e445ba9111">crypto.h</a>
-</li>
-<li>psa_hash_abort()
-: <a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">crypto.h</a>
-</li>
-<li>psa_hash_clone()
-: <a class="el" href="group__hash.html#ga39673348f3302b4646bd780034a5aeda">crypto.h</a>
-</li>
-<li>psa_hash_compare()
-: <a class="el" href="group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc">crypto.h</a>
-</li>
-<li>psa_hash_compute()
-: <a class="el" href="group__hash.html#gac69f7f19d96a56c28cf3799d11b12156">crypto.h</a>
-</li>
-<li>psa_hash_finish()
-: <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">crypto.h</a>
-</li>
-<li>psa_hash_setup()
-: <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">crypto.h</a>
-</li>
-<li>psa_hash_update()
-: <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">crypto.h</a>
-</li>
-<li>psa_hash_verify()
-: <a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">crypto.h</a>
-</li>
-<li>psa_import_key()
-: <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a">crypto.h</a>
-</li>
-<li>psa_key_agreement()
-: <a class="el" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">crypto.h</a>
-</li>
-<li>psa_key_agreement_raw_shared_secret()
-: <a class="el" href="group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006">crypto.h</a>
-</li>
-<li>psa_key_derivation_input_bytes()
-: <a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">crypto.h</a>
-</li>
-<li>psa_key_derivation_input_key()
-: <a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">crypto.h</a>
-</li>
-<li>psa_key_derivation_setup()
-: <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">crypto.h</a>
-</li>
-<li>psa_key_policy_get_algorithm()
-: <a class="el" href="group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86">crypto.h</a>
-</li>
-<li>psa_key_policy_get_usage()
-: <a class="el" href="group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab">crypto.h</a>
-</li>
-<li>psa_key_policy_set_usage()
-: <a class="el" href="group__policy.html#gac16792fd6d375a5f76d372090df40607">crypto.h</a>
-</li>
-<li>psa_mac_abort()
-: <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">crypto.h</a>
-</li>
-<li>psa_mac_compute()
-: <a class="el" href="group__MAC.html#gace78d9b51394f9d4f77952963665897a">crypto.h</a>
-</li>
-<li>psa_mac_sign_finish()
-: <a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">crypto.h</a>
-</li>
-<li>psa_mac_sign_setup()
-: <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">crypto.h</a>
-</li>
-<li>psa_mac_update()
-: <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">crypto.h</a>
-</li>
-<li>psa_mac_verify()
-: <a class="el" href="group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c">crypto.h</a>
-</li>
-<li>psa_mac_verify_finish()
-: <a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">crypto.h</a>
-</li>
-<li>psa_mac_verify_setup()
-: <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">crypto.h</a>
-</li>
-<li>psa_open_key()
-: <a class="el" href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">crypto.h</a>
-</li>
-<li>psa_set_generator_capacity()
-: <a class="el" href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">crypto.h</a>
-</li>
-<li>psa_set_key_domain_parameters()
-: <a class="el" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300">crypto.h</a>
-</li>
-<li>psa_set_key_policy()
-: <a class="el" href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b">crypto.h</a>
-</li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/globals_type.html b/docs/html/globals_type.html
deleted file mode 100644
index 83d5c82..0000000
--- a/docs/html/globals_type.html
+++ /dev/null
@@ -1,148 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: File Members</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li class="current"><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="files.html"><span>File&#160;List</span></a></li>
-      <li class="current"><a href="globals.html"><span>File&#160;Members</span></a></li>
-    </ul>
-  </div>
-  <div id="navrow3" class="tabs2">
-    <ul class="tablist">
-      <li><a href="globals.html"><span>All</span></a></li>
-      <li><a href="globals_func.html"><span>Functions</span></a></li>
-      <li class="current"><a href="globals_type.html"><span>Typedefs</span></a></li>
-      <li><a href="globals_defs.html"><span>Macros</span></a></li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="contents">
-&#160;<ul>
-<li>psa_aead_operation_t
-: <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">crypto.h</a>
-</li>
-<li>psa_algorithm_t
-: <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">crypto_types.h</a>
-</li>
-<li>psa_cipher_operation_t
-: <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">crypto.h</a>
-</li>
-<li>psa_crypto_generator_t
-: <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">crypto.h</a>
-</li>
-<li>psa_ecc_curve_t
-: <a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">crypto_types.h</a>
-</li>
-<li>psa_hash_operation_t
-: <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">crypto.h</a>
-</li>
-<li>psa_key_derivation_step_t
-: <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">crypto_types.h</a>
-</li>
-<li>psa_key_handle_t
-: <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">crypto.h</a>
-</li>
-<li>psa_key_id_t
-: <a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">crypto_types.h</a>
-</li>
-<li>psa_key_lifetime_t
-: <a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">crypto_types.h</a>
-</li>
-<li>psa_key_policy_t
-: <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">crypto.h</a>
-</li>
-<li>psa_key_type_t
-: <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">crypto_types.h</a>
-</li>
-<li>psa_key_usage_t
-: <a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">crypto_types.h</a>
-</li>
-<li>psa_mac_operation_t
-: <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">crypto.h</a>
-</li>
-<li>psa_status_t
-: <a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">crypto_types.h</a>
-</li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/graph_legend.html b/docs/html/graph_legend.html
deleted file mode 100644
index 8e69841..0000000
--- a/docs/html/graph_legend.html
+++ /dev/null
@@ -1,120 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Graph Legend</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="headertitle">
-<div class="title">Graph Legend</div>  </div>
-</div><!--header-->
-<div class="contents">
-<p>This page explains how to interpret the graphs that are generated by doxygen.</p>
-<p>Consider the following example: </p><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;/*! Invisible class because of truncation */</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;class Invisible { };</div><div class="line"><a name="l00003"></a><span class="lineno">    3</span>&#160;</div><div class="line"><a name="l00004"></a><span class="lineno">    4</span>&#160;/*! Truncated class, inheritance relation is hidden */</div><div class="line"><a name="l00005"></a><span class="lineno">    5</span>&#160;class Truncated : public Invisible { };</div><div class="line"><a name="l00006"></a><span class="lineno">    6</span>&#160;</div><div class="line"><a name="l00007"></a><span class="lineno">    7</span>&#160;/* Class not documented with doxygen comments */</div><div class="line"><a name="l00008"></a><span class="lineno">    8</span>&#160;class Undocumented { };</div><div class="line"><a name="l00009"></a><span class="lineno">    9</span>&#160;</div><div class="line"><a name="l00010"></a><span class="lineno">   10</span>&#160;/*! Class that is inherited using public inheritance */</div><div class="line"><a name="l00011"></a><span class="lineno">   11</span>&#160;class PublicBase : public Truncated { };</div><div class="line"><a name="l00012"></a><span class="lineno">   12</span>&#160;</div><div class="line"><a name="l00013"></a><span class="lineno">   13</span>&#160;/*! A template class */</div><div class="line"><a name="l00014"></a><span class="lineno">   14</span>&#160;template&lt;class T&gt; class Templ { };</div><div class="line"><a name="l00015"></a><span class="lineno">   15</span>&#160;</div><div class="line"><a name="l00016"></a><span class="lineno">   16</span>&#160;/*! Class that is inherited using protected inheritance */</div><div class="line"><a name="l00017"></a><span class="lineno">   17</span>&#160;class ProtectedBase { };</div><div class="line"><a name="l00018"></a><span class="lineno">   18</span>&#160;</div><div class="line"><a name="l00019"></a><span class="lineno">   19</span>&#160;/*! Class that is inherited using private inheritance */</div><div class="line"><a name="l00020"></a><span class="lineno">   20</span>&#160;class PrivateBase { };</div><div class="line"><a name="l00021"></a><span class="lineno">   21</span>&#160;</div><div class="line"><a name="l00022"></a><span class="lineno">   22</span>&#160;/*! Class that is used by the Inherited class */</div><div class="line"><a name="l00023"></a><span class="lineno">   23</span>&#160;class Used { };</div><div class="line"><a name="l00024"></a><span class="lineno">   24</span>&#160;</div><div class="line"><a name="l00025"></a><span class="lineno">   25</span>&#160;/*! Super class that inherits a number of other classes */</div><div class="line"><a name="l00026"></a><span class="lineno">   26</span>&#160;class Inherited : public PublicBase,</div><div class="line"><a name="l00027"></a><span class="lineno">   27</span>&#160;                  protected ProtectedBase,</div><div class="line"><a name="l00028"></a><span class="lineno">   28</span>&#160;                  private PrivateBase,</div><div class="line"><a name="l00029"></a><span class="lineno">   29</span>&#160;                  public Undocumented,</div><div class="line"><a name="l00030"></a><span class="lineno">   30</span>&#160;                  public Templ&lt;int&gt;</div><div class="line"><a name="l00031"></a><span class="lineno">   31</span>&#160;{</div><div class="line"><a name="l00032"></a><span class="lineno">   32</span>&#160;  private:</div><div class="line"><a name="l00033"></a><span class="lineno">   33</span>&#160;    Used *m_usedClass;</div><div class="line"><a name="l00034"></a><span class="lineno">   34</span>&#160;};</div></div><!-- fragment --><p> This will result in the following graph:</p>
-<center><div class="image">
-<img src="graph_legend.png" />
-</div>
-</center><p>The boxes in the above graph have the following meaning: </p>
-<ul>
-<li>
-A filled gray box represents the struct or class for which the graph is generated. </li>
-<li>
-A box with a black border denotes a documented struct or class. </li>
-<li>
-A box with a gray border denotes an undocumented struct or class. </li>
-<li>
-A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries. </li>
-</ul>
-<p>The arrows have the following meaning: </p>
-<ul>
-<li>
-A dark blue arrow is used to visualize a public inheritance relation between two classes. </li>
-<li>
-A dark green arrow is used for protected inheritance. </li>
-<li>
-A dark red arrow is used for private inheritance. </li>
-<li>
-A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible. </li>
-<li>
-A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance. </li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/graph_legend.md5 b/docs/html/graph_legend.md5
deleted file mode 100644
index a06ed05..0000000
--- a/docs/html/graph_legend.md5
+++ /dev/null
@@ -1 +0,0 @@
-387ff8eb65306fa251338d3c9bd7bfff
\ No newline at end of file
diff --git a/docs/html/graph_legend.png b/docs/html/graph_legend.png
deleted file mode 100644
index 37f264e..0000000
--- a/docs/html/graph_legend.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/group__MAC.html b/docs/html/group__MAC.html
deleted file mode 100644
index be57bf1..0000000
--- a/docs/html/group__MAC.html
+++ /dev/null
@@ -1,679 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Message authentication codes</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Message authentication codes</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga441b6efc161a4573d06465bd22d9dc2d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga441b6efc161a4573d06465bd22d9dc2d">PSA_MAC_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga441b6efc161a4573d06465bd22d9dc2d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga78f0838b0c4e3db28b26355624d4bd37"><td class="memItemLeft" align="right" valign="top">typedef struct psa_mac_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a></td></tr>
-<tr class="separator:ga78f0838b0c4e3db28b26355624d4bd37"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:gace78d9b51394f9d4f77952963665897a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gace78d9b51394f9d4f77952963665897a">psa_mac_compute</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length)</td></tr>
-<tr class="separator:gace78d9b51394f9d4f77952963665897a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga08e2e8c21bfe762a907266f3bdd1d07c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c">psa_mac_verify</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *mac, const size_t mac_length)</td></tr>
-<tr class="separator:ga08e2e8c21bfe762a907266f3bdd1d07c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad33f2b15119593571ca6b8e7c757ab0e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:gad33f2b15119593571ca6b8e7c757ab0e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa721a59ae6d085ec90c7dc918879a027"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:gaa721a59ae6d085ec90c7dc918879a027"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5560af371497babefe03c9da4e8a1c05"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, const uint8_t *input, size_t input_length)</td></tr>
-<tr class="separator:ga5560af371497babefe03c9da4e8a1c05"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac22bc0125580c96724a09226cfbc97f2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, uint8_t *mac, size_t mac_size, size_t *mac_length)</td></tr>
-<tr class="separator:gac22bc0125580c96724a09226cfbc97f2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac92b2930d6728e1be4d011c05d485822"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation, const uint8_t *mac, size_t mac_length)</td></tr>
-<tr class="separator:gac92b2930d6728e1be4d011c05d485822"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacd8dd54855ba1bc0a03f104f252884fd"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort</a> (<a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *operation)</td></tr>
-<tr class="separator:gacd8dd54855ba1bc0a03f104f252884fd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga441b6efc161a4573d06465bd22d9dc2d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_MAC_OPERATION_INIT&#160;&#160;&#160;{0}</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>This macro returns a suitable initializer for a MAC operation object of type <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a>. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="ga78f0838b0c4e3db28b26355624d4bd37"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef struct psa_mac_operation_s <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The type of the state data structure for multipart MAC operations.</p>
-<p>Before calling any function on a MAC operation object, the application must initialize it by any of the following means:</p><ul>
-<li>Set the structure to all-bits-zero, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_mac_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;memset(&amp;operation, 0, sizeof(operation));</div></div><!-- fragment --></li>
-<li>Initialize the structure to logical zero values, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_mac_operation_t operation = {0};</div></div><!-- fragment --></li>
-<li>Initialize the structure to the initializer <a class="el" href="group__MAC.html#ga441b6efc161a4573d06465bd22d9dc2d">PSA_MAC_OPERATION_INIT</a>, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;</div></div><!-- fragment --></li>
-<li>Assign the result of the function psa_mac_operation_init() to the structure, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_mac_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;operation = psa_mac_operation_init();</div></div><!-- fragment --></li>
-</ul>
-<p>This is an implementation-defined <code>struct</code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="gacd8dd54855ba1bc0a03f104f252884fd"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_abort </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Abort a MAC operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code>operation</code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup()</a> or <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup()</a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p><ul>
-<li>A call to <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup()</a> or <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup()</a>, whether it succeeds or not.</li>
-<li>Initializing the <code>struct</code> to all-bits-zero.</li>
-<li>Initializing the <code>struct</code> to logical zeros, e.g. <code>psa_mac_operation_t operation = {0}</code>.</li>
-</ul>
-<p>In particular, calling <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort()</a> after the operation has been terminated by a call to <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort()</a>, <a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish()</a> or <a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish()</a> is safe and has no effect.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Initialized MAC operation.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td><code>operation</code> is not an active MAC operation. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gace78d9b51394f9d4f77952963665897a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_compute </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>mac</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>mac_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>mac_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Calculate the MAC (message authentication code) of a message.</p>
-<dl class="section note"><dt>Note</dt><dd>To verify the MAC of a message against an expected value, use <a class="el" href="group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c">psa_mac_verify()</a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code>memcmp</code> is risky because the time taken by the comparison may leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The MAC algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the input message. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">mac</td><td>Buffer where the MAC value is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">mac_size</td><td>Size of the <code>mac</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">mac_length</td><td>On success, the number of bytes that make up the MAC value.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a MAC algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gac22bc0125580c96724a09226cfbc97f2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_sign_finish </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>mac</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>mac_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>mac_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Finish the calculation of the MAC of a message.</p>
-<p>The application must call <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup()</a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update()</a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<dl class="section warning"><dt>Warning</dt><dd>Applications should not call this function if they expect a specific value for the MAC. Call <a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish()</a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code>memcmp</code> is risky because the time taken by the comparison may leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active MAC operation. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">mac</td><td>Buffer where the MAC value is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">mac_size</td><td>Size of the <code>mac</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">mac_length</td><td>On success, the number of bytes that make up the MAC value. This is always <a class="el" href="crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee">PSA_MAC_FINAL_SIZE</a>(<code>key_type</code>, <code>key_bits</code>, <code>alg</code>) where <code>key_type</code> and <code>key_bits</code> are the type and bit-size respectively of the key and <code>alg</code> is the MAC algorithm that is calculated.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>mac</code> buffer is too small. You can determine a sufficient buffer size by calling <a class="el" href="crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee">PSA_MAC_FINAL_SIZE()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gad33f2b15119593571ca6b8e7c757ab0e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_sign_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set up a multipart MAC calculation operation.</p>
-<p>This function sets up the calculation of the MAC (message authentication code) of a byte string. To verify the MAC of a message against an expected value, use <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup()</a> instead.</p>
-<p>The sequence of operations to calculate a MAC is as follows:</p><ol type="1">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a>, e.g. PSA_MAC_OPERATION_INIT.</li>
-<li>Call <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup()</a> to specify the algorithm and key.</li>
-<li>Call <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update()</a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
-<li>At the end of the message, call <a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish()</a> to finish calculating the MAC value and retrieve it.</li>
-</ol>
-<p>The application may call <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort()</a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup()</a>, the application must eventually terminate the operation through one of the following methods:</p><ul>
-<li>A failed call to <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update()</a>.</li>
-<li>A call to <a class="el" href="group__MAC.html#gac22bc0125580c96724a09226cfbc97f2">psa_mac_sign_finish()</a> or <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>The operation object to set up. It must have been initialized as per the documentation for <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> and not yet in use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The MAC algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a MAC algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga5560af371497babefe03c9da4e8a1c05"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_update </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Add a message fragment to a multipart MAC operation.</p>
-<p>The application must call <a class="el" href="group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e">psa_mac_sign_setup()</a> or <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup()</a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active MAC operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message fragment to add to the MAC calculation. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga08e2e8c21bfe762a907266f3bdd1d07c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_verify </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>mac</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const size_t&#160;</td>
-          <td class="paramname"><em>mac_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Calculate the MAC of a message and compare it with a reference value.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The MAC algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the input message. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">mac</td><td>Buffer containing the expected MAC value. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">mac_length</td><td>Size of the <code>mac</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>The expected MAC is identical to the actual MAC of the input. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a></td><td>The MAC of the message was calculated successfully, but it differs from the expected value. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a MAC algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gac92b2930d6728e1be4d011c05d485822"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_verify_finish </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>mac</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>mac_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Finish the calculation of the MAC of a message and compare it with an expected value.</p>
-<p>The application must call <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup()</a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update()</a>. It then compares the calculated MAC with the expected MAC passed as a parameter to this function.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<dl class="section note"><dt>Note</dt><dd>Implementations shall make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active MAC operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">mac</td><td>Buffer containing the expected MAC value. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">mac_length</td><td>Size of the <code>mac</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>The expected MAC is identical to the actual MAC of the message. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a></td><td>The MAC of the message was calculated successfully, but it differs from the expected MAC. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa721a59ae6d085ec90c7dc918879a027"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_mac_verify_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set up a multipart MAC verification operation.</p>
-<p>This function sets up the verification of the MAC (message authentication code) of a byte string against an expected value.</p>
-<p>The sequence of operations to verify a MAC is as follows:</p><ol type="1">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a>, e.g. PSA_MAC_OPERATION_INIT.</li>
-<li>Call <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup()</a> to specify the algorithm and key.</li>
-<li>Call <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update()</a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
-<li>At the end of the message, call <a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish()</a> to finish calculating the actual MAC of the message and verify it against the expected value.</li>
-</ol>
-<p>The application may call <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort()</a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="el" href="group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027">psa_mac_verify_setup()</a>, the application must eventually terminate the operation through one of the following methods:</p><ul>
-<li>A failed call to <a class="el" href="group__MAC.html#ga5560af371497babefe03c9da4e8a1c05">psa_mac_update()</a>.</li>
-<li>A call to <a class="el" href="group__MAC.html#gac92b2930d6728e1be4d011c05d485822">psa_mac_verify_finish()</a> or <a class="el" href="group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd">psa_mac_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>The operation object to set up. It must have been initialized as per the documentation for <a class="el" href="group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37">psa_mac_operation_t</a> and not yet in use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The MAC algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a MAC algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__aead.html b/docs/html/group__aead.html
deleted file mode 100644
index 9ff9a21..0000000
--- a/docs/html/group__aead.html
+++ /dev/null
@@ -1,1057 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Authenticated encryption with associated data (AEAD)</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Authenticated encryption with associated data (AEAD)</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:gaf52e036794c0dc6fbadd93a2b990f366"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gaf52e036794c0dc6fbadd93a2b990f366">PSA_AEAD_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:gaf52e036794c0dc6fbadd93a2b990f366"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga14f6a01afbaa8c5b3d8c5d345cbaa3ed"><td class="memItemLeft" align="right" valign="top">typedef struct psa_aead_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a></td></tr>
-<tr class="separator:ga14f6a01afbaa8c5b3d8c5d345cbaa3ed"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga44de092cf58bb6c820c5c80a6c51610d"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d">psa_aead_encrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)</td></tr>
-<tr class="separator:ga44de092cf58bb6c820c5c80a6c51610d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa8ce6527f2e227f1071fadbf2099793b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b">psa_aead_decrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)</td></tr>
-<tr class="separator:gaa8ce6527f2e227f1071fadbf2099793b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga47265dc4852f1476f852752218fd12b2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga47265dc4852f1476f852752218fd12b2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga439896519d4a367ec86b47f201884152"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga439896519d4a367ec86b47f201884152"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3eadcf2a29f662129ea4fb3454969ba2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, unsigned char *nonce, size_t nonce_size, size_t *nonce_length)</td></tr>
-<tr class="separator:ga3eadcf2a29f662129ea4fb3454969ba2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga40641d0721ca7fe01bbcd9ef635fbc46"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const unsigned char *nonce, size_t nonce_length)</td></tr>
-<tr class="separator:ga40641d0721ca7fe01bbcd9ef635fbc46"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad3431e28d05002c2a7b0760610176050"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, size_t ad_length, size_t plaintext_length)</td></tr>
-<tr class="separator:gad3431e28d05002c2a7b0760610176050"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d0eed03f832e5c9c91cb8adf2882569"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const uint8_t *input, size_t input_length)</td></tr>
-<tr class="separator:ga6d0eed03f832e5c9c91cb8adf2882569"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3b105de2088cef7c3d9e2fd8048c841c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:ga3b105de2088cef7c3d9e2fd8048c841c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga759791bbe1763b377c3b5447641f1fc8"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length)</td></tr>
-<tr class="separator:ga759791bbe1763b377c3b5447641f1fc8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaed211fc61977c859d6ff07f39f59219"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation, const uint8_t *tag, size_t tag_length)</td></tr>
-<tr class="separator:gaaed211fc61977c859d6ff07f39f59219"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae8a5f93d92318c8f592ee9fbb9d36ba0"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort</a> (<a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *operation)</td></tr>
-<tr class="separator:gae8a5f93d92318c8f592ee9fbb9d36ba0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="gaf52e036794c0dc6fbadd93a2b990f366"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_AEAD_OPERATION_INIT&#160;&#160;&#160;{0}</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>This macro returns a suitable initializer for an AEAD operation object of type <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a>. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="ga14f6a01afbaa8c5b3d8c5d345cbaa3ed"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef struct psa_aead_operation_s <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The type of the state data structure for multipart AEAD operations.</p>
-<p>Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:</p><ul>
-<li>Set the structure to all-bits-zero, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_aead_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;memset(&amp;operation, 0, sizeof(operation));</div></div><!-- fragment --></li>
-<li>Initialize the structure to logical zero values, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_aead_operation_t operation = {0};</div></div><!-- fragment --></li>
-<li>Initialize the structure to the initializer <a class="el" href="group__aead.html#gaf52e036794c0dc6fbadd93a2b990f366">PSA_AEAD_OPERATION_INIT</a>, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;</div></div><!-- fragment --></li>
-<li>Assign the result of the function psa_aead_operation_init() to the structure, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_aead_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;operation = psa_aead_operation_init();</div></div><!-- fragment --></li>
-</ul>
-<p>This is an implementation-defined <code>struct</code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="gae8a5f93d92318c8f592ee9fbb9d36ba0"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_abort </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Abort an AEAD operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code>operation</code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a> or <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup()</a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p><ul>
-<li>A call to <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a> or <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup()</a>, whether it succeeds or not.</li>
-<li>Initializing the <code>struct</code> to all-bits-zero.</li>
-<li>Initializing the <code>struct</code> to logical zeros, e.g. <code>psa_aead_operation_t operation = {0}</code>.</li>
-</ul>
-<p>In particular, calling <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort()</a> after the operation has been terminated by a call to <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort()</a> or <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish()</a> is safe and has no effect.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Initialized AEAD operation.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td><code>operation</code> is not an active AEAD operation. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa8ce6527f2e227f1071fadbf2099793b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_decrypt </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>nonce</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>nonce_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>additional_data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>additional_data_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>ciphertext</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>ciphertext_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>plaintext</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>plaintext_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>plaintext_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Process an authenticated decryption operation.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The AEAD algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">nonce</td><td>Nonce or IV to use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">nonce_length</td><td>Size of the <code>nonce</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">additional_data</td><td>Additional data that has been authenticated but not encrypted. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">additional_data_length</td><td>Size of <code>additional_data</code> in bytes. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">ciphertext</td><td>Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">ciphertext_length</td><td>Size of <code>ciphertext</code> in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">plaintext</td><td>Output buffer for the decrypted data. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">plaintext_size</td><td>Size of the <code>plaintext</code> buffer in bytes. This must be at least <a class="el" href="crypto__sizes_8h.html#a1d057796166c16eb673ad1997e48a60b">PSA_AEAD_DECRYPT_OUTPUT_SIZE</a>(<code>alg</code>, <code>ciphertext_length</code>). </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">plaintext_length</td><td>On success, the size of the output in the <code>plaintext</code> buffer.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a></td><td>The ciphertext is not authentic. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not an AEAD algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga439896519d4a367ec86b47f201884152"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_decrypt_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set the key for a multipart authenticated decryption operation.</p>
-<p>The sequence of operations to decrypt a message with authentication is as follows:</p><ol type="1">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a>, e.g. PSA_AEAD_OPERATION_INIT.</li>
-<li>Call <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup()</a> to specify the algorithm and key.</li>
-<li>If needed, call <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a> to specify the length of the inputs to the subsequent calls to <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> and <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a>. See the documentation of <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a> for details.</li>
-<li>Call <a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce()</a> with the nonce for the decryption.</li>
-<li>Call <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
-<li>Call <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> zero, one or more times, passing a fragment of the ciphertext to decrypt each time.</li>
-<li>Call <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a>.</li>
-</ol>
-<p>The application may call <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort()</a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup()</a>, the application must eventually terminate the operation. The following events terminate an operation:</p><ul>
-<li>A failed call to any of the <code>psa_aead_xxx</code> functions.</li>
-<li>A call to <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish()</a>, <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a> or <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>The operation object to set up. It must have been initialized as per the documentation for <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> and not yet in use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The AEAD algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not an AEAD algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga44de092cf58bb6c820c5c80a6c51610d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_encrypt </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>nonce</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>nonce_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>additional_data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>additional_data_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>plaintext</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>plaintext_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>ciphertext</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>ciphertext_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>ciphertext_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Process an authenticated encryption operation.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The AEAD algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">nonce</td><td>Nonce or IV to use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">nonce_length</td><td>Size of the <code>nonce</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">additional_data</td><td>Additional data that will be authenticated but not encrypted. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">additional_data_length</td><td>Size of <code>additional_data</code> in bytes. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">plaintext</td><td>Data that will be authenticated and encrypted. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">plaintext_length</td><td>Size of <code>plaintext</code> in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">ciphertext</td><td>Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">ciphertext_size</td><td>Size of the <code>ciphertext</code> buffer in bytes. This must be at least <a class="el" href="crypto__sizes_8h.html#a85667d47a7aa6c7b99a80e5273671266">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</a>(<code>alg</code>, <code>plaintext_length</code>). </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">ciphertext_length</td><td>On success, the size of the output in the <code>ciphertext</code> buffer.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not an AEAD algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga47265dc4852f1476f852752218fd12b2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_encrypt_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set the key for a multipart authenticated encryption operation.</p>
-<p>The sequence of operations to encrypt a message with authentication is as follows:</p><ol type="1">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a>, e.g. PSA_AEAD_OPERATION_INIT.</li>
-<li>Call <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a> to specify the algorithm and key.</li>
-<li>If needed, call <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a> to specify the length of the inputs to the subsequent calls to <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> and <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a>. See the documentation of <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a> for details.</li>
-<li>Call either <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce()</a> or <a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce()</a> to generate or set the nonce. You should use <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce()</a> unless the protocol you are implementing requires a specific nonce value.</li>
-<li>Call <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
-<li>Call <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> zero, one or more times, passing a fragment of the message to encrypt each time.</li>
-<li>Call <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish()</a>.</li>
-</ol>
-<p>The application may call <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort()</a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a>, the application must eventually terminate the operation. The following events terminate an operation:</p><ul>
-<li>A failed call to any of the <code>psa_aead_xxx</code> functions.</li>
-<li>A call to <a class="el" href="group__aead.html#ga759791bbe1763b377c3b5447641f1fc8">psa_aead_finish()</a>, <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a> or <a class="el" href="group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0">psa_aead_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>The operation object to set up. It must have been initialized as per the documentation for <a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> and not yet in use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The AEAD algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not an AEAD algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga759791bbe1763b377c3b5447641f1fc8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_finish </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>ciphertext</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>ciphertext_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>ciphertext_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>tag</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>tag_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>tag_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Finish encrypting a message in an AEAD operation.</p>
-<p>The operation must have been set up with <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a>.</p>
-<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> with the plaintext formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a>.</p>
-<p>This function has two output buffers:</p><ul>
-<li><code>ciphertext</code> contains trailing ciphertext that was buffered from preceding calls to <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a>. For all standard AEAD algorithms, <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> does not buffer any output and therefore <code>ciphertext</code> will not contain any output and can be a 0-sized buffer.</li>
-<li><code>tag</code> contains the authentication tag. Its length is always <a class="el" href="crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49">PSA_AEAD_TAG_LENGTH</a>(<code>alg</code>) where <code>alg</code> is the AEAD algorithm that the operation performs.</li>
-</ul>
-<p>When this function returns, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active AEAD operation. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">ciphertext</td><td>Buffer where the last part of the ciphertext is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">ciphertext_size</td><td>Size of the <code>ciphertext</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">ciphertext_length</td><td>On success, the number of bytes of returned ciphertext. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">tag</td><td>Buffer where the authentication tag is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">tag_size</td><td>Size of the <code>tag</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">tag_length</td><td>On success, the number of bytes that make up the returned tag.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, nonce not set, decryption, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>output</code> buffer is too small. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The total length of input to <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> so far is less than the additional data length that was previously specified with <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The total length of input to <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> so far is less than the plaintext length that was previously specified with <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga3eadcf2a29f662129ea4fb3454969ba2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_generate_nonce </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">unsigned char *&#160;</td>
-          <td class="paramname"><em>nonce</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>nonce_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>nonce_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Generate a random nonce for an authenticated encryption operation.</p>
-<p>This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.</p>
-<p>The application must call <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active AEAD operation. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">nonce</td><td>Buffer where the generated nonce is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">nonce_size</td><td>Size of the <code>nonce</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">nonce_length</td><td>On success, the number of bytes of the generated nonce.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or nonce already set). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>nonce</code> buffer is too small. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gad3431e28d05002c2a7b0760610176050"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_set_lengths </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>ad_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>plaintext_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Declare the lengths of the message and additional data for AEAD.</p>
-<p>The application must call this function before calling <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> or <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.</p>
-<p>You may call this function before or after setting the nonce with <a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce()</a> or <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce()</a>.</p>
-<ul>
-<li>For <a class="el" href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">PSA_ALG_CCM</a>, calling this function is required.</li>
-<li>For the other AEAD algorithms defined in this specification, calling this function is not required.</li>
-<li>For vendor-defined algorithm, refer to the vendor documentation.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active AEAD operation. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">ad_length</td><td>Size of the non-encrypted additional authenticated data in bytes. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">plaintext_length</td><td>Size of the plaintext to encrypt in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, already completed, or <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> or <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> already called). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>At least one of the lengths is not acceptable for the chosen algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga40641d0721ca7fe01bbcd9ef635fbc46"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_set_nonce </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const unsigned char *&#160;</td>
-          <td class="paramname"><em>nonce</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>nonce_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set the nonce for an authenticated encryption or decryption operation.</p>
-<p>This function sets the nonce for the authenticated encryption or decryption operation.</p>
-<p>The application must call <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="section note"><dt>Note</dt><dd>When encrypting, applications should use <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce()</a> instead of this function, unless implementing a protocol that requires a non-random IV.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active AEAD operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">nonce</td><td>Buffer containing the nonce to use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">nonce_length</td><td>Size of the nonce in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or nonce already set). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The size of <code>nonce</code> is not acceptable for the chosen algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga3b105de2088cef7c3d9e2fd8048c841c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_update </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">unsigned char *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Encrypt or decrypt a message fragment in an active AEAD operation.</p>
-<p>Before calling this function, you must:</p><ol type="1">
-<li>Call either <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a> or <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup()</a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
-<li>Set the nonce with <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce()</a> or <a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce()</a>.</li>
-<li>Call <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> to pass all the additional data.</li>
-</ol>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="section warning"><dt>Warning</dt><dd>When decrypting, until <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a> has returned <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>, there is no guarantee that the input is valid. Therefore, until you have called <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a> and it has returned <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>:<ul>
-<li>Do not use the output in any way other than storing it in a confidential location. If you take any action that depends on the tentative decrypted data, this action will need to be undone if the input turns out not to be valid. Furthermore, if an adversary can observe that this action took place (for example through timing), they may be able to use this fact as an oracle to decrypt any message encrypted with the same key.</li>
-<li>In particular, do not copy the output anywhere but to a memory or storage space that you have exclusive access to.</li>
-</ul>
-</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active AEAD operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message fragment to encrypt or decrypt. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the output is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the returned output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, nonce not set or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>output</code> buffer is too small. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The total length of input to <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> so far is less than the additional data length that was previously specified with <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The total input length overflows the plaintext length that was previously specified with <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga6d0eed03f832e5c9c91cb8adf2882569"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_update_ad </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Pass additional data to an active AEAD operation.</p>
-<p>Additional data is authenticated, but not encrypted.</p>
-<p>You may call this function multiple times to pass successive fragments of the additional data. You may not call this function after passing data to encrypt or decrypt with <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a>.</p>
-<p>Before calling this function, you must:</p><ol type="1">
-<li>Call either <a class="el" href="group__aead.html#ga47265dc4852f1476f852752218fd12b2">psa_aead_encrypt_setup()</a> or <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup()</a>.</li>
-<li>Set the nonce with <a class="el" href="group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2">psa_aead_generate_nonce()</a> or <a class="el" href="group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46">psa_aead_set_nonce()</a>.</li>
-</ol>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="section warning"><dt>Warning</dt><dd>When decrypting, until <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a> has returned <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>, there is no guarantee that the input is valid. Therefore, until you have called <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a> and it has returned <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>, treat the input as untrusted and prepare to undo any action that depends on the input if <a class="el" href="group__aead.html#gaaed211fc61977c859d6ff07f39f59219">psa_aead_verify()</a> returns an error status.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active AEAD operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the fragment of additional data. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, nonce not set, <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> already called, or operation already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The total input length overflows the additional data length that was previously specified with <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaaed211fc61977c859d6ff07f39f59219"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_aead_verify </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed">psa_aead_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>tag</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>tag_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Finish authenticating and decrypting a message in an AEAD operation.</p>
-<p>The operation must have been set up with <a class="el" href="group__aead.html#ga439896519d4a367ec86b47f201884152">psa_aead_decrypt_setup()</a>.</p>
-<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> with the ciphertext formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active AEAD operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">tag</td><td>Buffer containing the authentication tag. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">tag_length</td><td>Size of the <code>tag</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, nonce not set, encryption, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>output</code> buffer is too small. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The total length of input to <a class="el" href="group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569">psa_aead_update_ad()</a> so far is less than the additional data length that was previously specified with <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The total length of input to <a class="el" href="group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c">psa_aead_update()</a> so far is less than the plaintext length that was previously specified with <a class="el" href="group__aead.html#gad3431e28d05002c2a7b0760610176050">psa_aead_set_lengths()</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__asymmetric.html b/docs/html/group__asymmetric.html
deleted file mode 100644
index be442fb..0000000
--- a/docs/html/group__asymmetric.html
+++ /dev/null
@@ -1,490 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Asymmetric cryptography</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Asymmetric cryptography</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga1b0db9d345b5048cdd39357ac2d56c07"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07">psa_asymmetric_sign</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)</td></tr>
-<tr class="memdesc:ga1b0db9d345b5048cdd39357ac2d56c07"><td class="mdescLeft">&#160;</td><td class="mdescRight">Sign a hash or short message with a private key.  <a href="#ga1b0db9d345b5048cdd39357ac2d56c07">More...</a><br /></td></tr>
-<tr class="separator:ga1b0db9d345b5048cdd39357ac2d56c07"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1b8e964c8d927e3d632325d762959eb7"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7">psa_asymmetric_verify</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)</td></tr>
-<tr class="memdesc:ga1b8e964c8d927e3d632325d762959eb7"><td class="mdescLeft">&#160;</td><td class="mdescRight">Verify the signature a hash or short message using a public key.  <a href="#ga1b8e964c8d927e3d632325d762959eb7">More...</a><br /></td></tr>
-<tr class="separator:ga1b8e964c8d927e3d632325d762959eb7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad429293b7b0bf2a830b9540a02552004"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004">psa_asymmetric_encrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="memdesc:gad429293b7b0bf2a830b9540a02552004"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encrypt a short message with a public key.  <a href="#gad429293b7b0bf2a830b9540a02552004">More...</a><br /></td></tr>
-<tr class="separator:gad429293b7b0bf2a830b9540a02552004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga34b55fbaee23dba1a677186fc66a556e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e">psa_asymmetric_decrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="memdesc:ga34b55fbaee23dba1a677186fc66a556e"><td class="mdescLeft">&#160;</td><td class="mdescRight">Decrypt a short message with a private key.  <a href="#ga34b55fbaee23dba1a677186fc66a556e">More...</a><br /></td></tr>
-<tr class="separator:ga34b55fbaee23dba1a677186fc66a556e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="ga34b55fbaee23dba1a677186fc66a556e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_asymmetric_decrypt </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>salt</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>salt_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Decrypt a short message with a private key. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must be an asymmetric key pair. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>An asymmetric encryption algorithm that is compatible with the type of <code>key</code>. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>The message to decrypt. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">salt</td><td>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code>NULL</code>. If the algorithm supports an optional salt and you do not want to pass a salt, pass <code>NULL</code>.</td></tr>
-  </table>
-  </dd>
-</dl>
-<ul>
-<li>For <a class="el" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9">PSA_ALG_RSA_PKCS1V15_CRYPT</a>, no salt is supported. <dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">salt_length</td><td>Size of the <code>salt</code> buffer in bytes. If <code>salt</code> is <code>NULL</code>, pass 0. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the decrypted message is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the returned output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>output</code> buffer is too small. You can determine a sufficient buffer size by calling <a class="el" href="crypto__sizes_8h.html#a61a246f3eac41989821d982e56fea6c1">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</a>(<code>key_type</code>, <code>key_bits</code>, <code>alg</code>) where <code>key_type</code> and <code>key_bits</code> are the type and bit-size respectively of <code>key</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">PSA_ERROR_INVALID_PADDING</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-</li>
-</ul>
-
-</div>
-</div>
-<a class="anchor" id="gad429293b7b0bf2a830b9540a02552004"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_asymmetric_encrypt </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>salt</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>salt_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Encrypt a short message with a public key. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must be a public key or an asymmetric key pair. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>An asymmetric encryption algorithm that is compatible with the type of <code>key</code>. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>The message to encrypt. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">salt</td><td>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code>NULL</code>. If the algorithm supports an optional salt and you do not want to pass a salt, pass <code>NULL</code>.</td></tr>
-  </table>
-  </dd>
-</dl>
-<ul>
-<li>For <a class="el" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9">PSA_ALG_RSA_PKCS1V15_CRYPT</a>, no salt is supported. <dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">salt_length</td><td>Size of the <code>salt</code> buffer in bytes. If <code>salt</code> is <code>NULL</code>, pass 0. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the encrypted message is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the returned output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>output</code> buffer is too small. You can determine a sufficient buffer size by calling <a class="el" href="crypto__sizes_8h.html#a66ba3bd93e5ec52870ccc3848778bad8">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</a>(<code>key_type</code>, <code>key_bits</code>, <code>alg</code>) where <code>key_type</code> and <code>key_bits</code> are the type and bit-size respectively of <code>key</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-</li>
-</ul>
-
-</div>
-</div>
-<a class="anchor" id="ga1b0db9d345b5048cdd39357ac2d56c07"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_asymmetric_sign </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>hash</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>hash_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>signature</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>signature_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>signature_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Sign a hash or short message with a private key. </p>
-<p>Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a>, <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update()</a> and <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish()</a>. Then pass the resulting hash as the <code>hash</code> parameter to this function. You can use <a class="el" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">PSA_ALG_SIGN_GET_HASH</a>(<code>alg</code>) to determine the hash algorithm to use.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must be an asymmetric key pair. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>A signature algorithm that is compatible with the type of <code>key</code>. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">hash</td><td>The hash or message to sign. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">hash_length</td><td>Size of the <code>hash</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">signature</td><td>Buffer where the signature is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">signature_size</td><td>Size of the <code>signature</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">signature_length</td><td>On success, the number of bytes that make up the returned signature value.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>signature</code> buffer is too small. You can determine a sufficient buffer size by calling <a class="el" href="crypto__sizes_8h.html#a77565b9b4fe6d8730fd2120f4c8378ab">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</a>(<code>key_type</code>, <code>key_bits</code>, <code>alg</code>) where <code>key_type</code> and <code>key_bits</code> are the type and bit-size respectively of <code>key</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1b8e964c8d927e3d632325d762959eb7"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_asymmetric_verify </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>hash</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>hash_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>signature</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>signature_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Verify the signature a hash or short message using a public key. </p>
-<p>Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a>, <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update()</a> and <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish()</a>. Then pass the resulting hash as the <code>hash</code> parameter to this function. You can use <a class="el" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">PSA_ALG_SIGN_GET_HASH</a>(<code>alg</code>) to determine the hash algorithm to use.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must be a public key or an asymmetric key pair. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>A signature algorithm that is compatible with the type of <code>key</code>. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">hash</td><td>The hash or message whose signature is to be verified. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">hash_length</td><td>Size of the <code>hash</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">signature</td><td>Buffer containing the signature to verify. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">signature_length</td><td>Size of the <code>signature</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>The signature is valid. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a></td><td>The calculation was perfomed successfully, but the passed signature is not a valid signature. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__cipher.html b/docs/html/group__cipher.html
deleted file mode 100644
index 67bb06a..0000000
--- a/docs/html/group__cipher.html
+++ /dev/null
@@ -1,778 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Symmetric ciphers</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Symmetric ciphers</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga2da0541aabf9a4995cf2004e36311919"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga2da0541aabf9a4995cf2004e36311919">PSA_CIPHER_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga2da0541aabf9a4995cf2004e36311919"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga1399de29db657e3737bb09927aae51fa"><td class="memItemLeft" align="right" valign="top">typedef struct psa_cipher_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a></td></tr>
-<tr class="separator:ga1399de29db657e3737bb09927aae51fa"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:gac76dda492d9a1ba6b327bff610ec17b2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2">psa_cipher_encrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:gac76dda492d9a1ba6b327bff610ec17b2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga43d5991711ec45c98af0c1d99f6e0216"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216">psa_cipher_decrypt</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:ga43d5991711ec45c98af0c1d99f6e0216"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2a7fc79a9d150d42dba99f40ee3a185e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga2a7fc79a9d150d42dba99f40ee3a185e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaddf8504e5367cd0efb4415bdec004f44"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:gaddf8504e5367cd0efb4415bdec004f44"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga44857cf5e0c3d134a3c560f8ff5b50aa"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, unsigned char *iv, size_t iv_size, size_t *iv_length)</td></tr>
-<tr class="separator:ga44857cf5e0c3d134a3c560f8ff5b50aa"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1359b2101f31637496ce7cc36c6e3d42"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">psa_cipher_set_iv</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, const unsigned char *iv, size_t iv_length)</td></tr>
-<tr class="separator:ga1359b2101f31637496ce7cc36c6e3d42"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd0caea99cf1052527e4089d37f5ab91"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:gafd0caea99cf1052527e4089d37f5ab91"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1dcb58b8befe23f8a4d7a1d49c99249b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:ga1dcb58b8befe23f8a4d7a1d49c99249b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaad482cdca2098bca0620596aaa02eaa4"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort</a> (<a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *operation)</td></tr>
-<tr class="separator:gaad482cdca2098bca0620596aaa02eaa4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga2da0541aabf9a4995cf2004e36311919"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_CIPHER_OPERATION_INIT&#160;&#160;&#160;{0}</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>This macro returns a suitable initializer for a cipher operation object of type <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a>. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="ga1399de29db657e3737bb09927aae51fa"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef struct psa_cipher_operation_s <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The type of the state data structure for multipart cipher operations.</p>
-<p>Before calling any function on a cipher operation object, the application must initialize it by any of the following means:</p><ul>
-<li>Set the structure to all-bits-zero, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_cipher_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;memset(&amp;operation, 0, sizeof(operation));</div></div><!-- fragment --></li>
-<li>Initialize the structure to logical zero values, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_cipher_operation_t operation = {0};</div></div><!-- fragment --></li>
-<li>Initialize the structure to the initializer <a class="el" href="group__cipher.html#ga2da0541aabf9a4995cf2004e36311919">PSA_CIPHER_OPERATION_INIT</a>, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;</div></div><!-- fragment --></li>
-<li>Assign the result of the function psa_cipher_operation_init() to the structure, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_cipher_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;operation = psa_cipher_operation_init();</div></div><!-- fragment --></li>
-</ul>
-<p>This is an implementation-defined <code>struct</code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="gaad482cdca2098bca0620596aaa02eaa4"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_abort </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Abort a cipher operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code>operation</code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a> or <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup()</a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p><ul>
-<li>A call to <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a> or <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup()</a>, whether it succeeds or not.</li>
-<li>Initializing the <code>struct</code> to all-bits-zero.</li>
-<li>Initializing the <code>struct</code> to logical zeros, e.g. <code>psa_cipher_operation_t operation = {0}</code>.</li>
-</ul>
-<p>In particular, calling <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort()</a> after the operation has been terminated by a call to <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort()</a> or <a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish()</a> is safe and has no effect.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Initialized cipher operation.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td><code>operation</code> is not an active cipher operation. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga43d5991711ec45c98af0c1d99f6e0216"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_decrypt </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Decrypt a message using a symmetric cipher.</p>
-<p>This function decrypts a message encrypted with a symmetric cipher.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The cipher algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">PSA_ALG_IS_CIPHER</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the plaintext is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a cipher algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaddf8504e5367cd0efb4415bdec004f44"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_decrypt_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set the key for a multipart symmetric decryption operation.</p>
-<p>The sequence of operations to decrypt a message with a symmetric cipher is as follows:</p><ol type="1">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a>, e.g. PSA_CIPHER_OPERATION_INIT.</li>
-<li>Call <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup()</a> to specify the algorithm and key.</li>
-<li>Call <a class="el" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">psa_cipher_set_iv()</a> with the IV (initialization vector) for the decryption. If the IV is prepended to the ciphertext, you can call <a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update()</a> on a buffer containing the IV followed by the beginning of the message.</li>
-<li>Call <a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update()</a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>Call <a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish()</a>.</li>
-</ol>
-<p>The application may call <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort()</a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup()</a>, the application must eventually terminate the operation. The following events terminate an operation:</p><ul>
-<li>A failed call to any of the <code>psa_cipher_xxx</code> functions.</li>
-<li>A call to <a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish()</a> or <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>The operation object to set up. It must have been initialized as per the documentation for <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> and not yet in use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The cipher algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">PSA_ALG_IS_CIPHER</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a cipher algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gac76dda492d9a1ba6b327bff610ec17b2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_encrypt </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Encrypt a message using a symmetric cipher.</p>
-<p>This function encrypts a message with a random IV (initialization vector).</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The cipher algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">PSA_ALG_IS_CIPHER</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message to encrypt. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a cipher algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga2a7fc79a9d150d42dba99f40ee3a185e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_encrypt_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set the key for a multipart symmetric encryption operation.</p>
-<p>The sequence of operations to encrypt a message with a symmetric cipher is as follows:</p><ol type="1">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a>, e.g. PSA_CIPHER_OPERATION_INIT.</li>
-<li>Call <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a> to specify the algorithm and key.</li>
-<li>Call either <a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv()</a> or <a class="el" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">psa_cipher_set_iv()</a> to generate or set the IV (initialization vector). You should use <a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv()</a> unless the protocol you are implementing requires a specific IV value.</li>
-<li>Call <a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update()</a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>Call <a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish()</a>.</li>
-</ol>
-<p>The application may call <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort()</a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a>, the application must eventually terminate the operation. The following events terminate an operation:</p><ul>
-<li>A failed call to any of the <code>psa_cipher_xxx</code> functions.</li>
-<li>A call to <a class="el" href="group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b">psa_cipher_finish()</a> or <a class="el" href="group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4">psa_cipher_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>The operation object to set up. It must have been initialized as per the documentation for <a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> and not yet in use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to use for the operation. It must remain valid until the operation terminates. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The cipher algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">PSA_ALG_IS_CIPHER</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>key</code> is not compatible with <code>alg</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a cipher algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1dcb58b8befe23f8a4d7a1d49c99249b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_finish </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Finish encrypting or decrypting a message in a cipher operation.</p>
-<p>The application must call <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a> or <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup()</a> before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.</p>
-<p>This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update()</a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active cipher operation. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the output is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the returned output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, IV required but not set, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>output</code> buffer is too small. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga44857cf5e0c3d134a3c560f8ff5b50aa"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_generate_iv </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">unsigned char *&#160;</td>
-          <td class="paramname"><em>iv</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>iv_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>iv_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Generate an IV for a symmetric encryption operation.</p>
-<p>This function generates a random IV (initialization vector), nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.</p>
-<p>The application must call <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active cipher operation. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">iv</td><td>Buffer where the generated IV is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">iv_size</td><td>Size of the <code>iv</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">iv_length</td><td>On success, the number of bytes of the generated IV.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or IV already set). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>iv</code> buffer is too small. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1359b2101f31637496ce7cc36c6e3d42"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_set_iv </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const unsigned char *&#160;</td>
-          <td class="paramname"><em>iv</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>iv_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set the IV for a symmetric encryption or decryption operation.</p>
-<p>This function sets the IV (initialization vector), nonce or initial counter value for the encryption or decryption operation.</p>
-<p>The application must call <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="section note"><dt>Note</dt><dd>When encrypting, applications should use <a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv()</a> instead of this function, unless implementing a protocol that requires a non-random IV.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active cipher operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">iv</td><td>Buffer containing the IV to use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">iv_length</td><td>Size of the IV in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or IV already set). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The size of <code>iv</code> is not acceptable for the chosen algorithm, or the chosen algorithm does not use an IV. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gafd0caea99cf1052527e4089d37f5ab91"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_cipher_update </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__cipher.html#ga1399de29db657e3737bb09927aae51fa">psa_cipher_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">unsigned char *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Encrypt or decrypt a message fragment in an active cipher operation.</p>
-<p>Before calling this function, you must:</p><ol type="1">
-<li>Call either <a class="el" href="group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e">psa_cipher_encrypt_setup()</a> or <a class="el" href="group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44">psa_cipher_decrypt_setup()</a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
-<li>If the algorithm requires an IV, call <a class="el" href="group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa">psa_cipher_generate_iv()</a> (recommended when encrypting) or <a class="el" href="group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42">psa_cipher_set_iv()</a>.</li>
-</ol>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active cipher operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message fragment to encrypt or decrypt. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the output is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the returned output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, IV required but not set, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>output</code> buffer is too small. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__crypto__types.html b/docs/html/group__crypto__types.html
deleted file mode 100644
index b4ff343..0000000
--- a/docs/html/group__crypto__types.html
+++ /dev/null
@@ -1,2566 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Key and algorithm types</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a>  </div>
-  <div class="headertitle">
-<div class="title">Key and algorithm types</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:gafce7ab2b54ce97ea5bff73f13a9f3e5b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b">PSA_KEY_TYPE_NONE</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x00000000)</td></tr>
-<tr class="separator:gafce7ab2b54ce97ea5bff73f13a9f3e5b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8dbaed2fdb1ebae8aa127ad3988516f7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x80000000)</td></tr>
-<tr class="separator:ga8dbaed2fdb1ebae8aa127ad3988516f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6eeda1b2a1550050cf68dbcac35ad8ac"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga6eeda1b2a1550050cf68dbcac35ad8ac"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70000000)</td></tr>
-<tr class="separator:ga6eeda1b2a1550050cf68dbcac35ad8ac"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8f214beb04334be08f927f227f097ef1"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga8f214beb04334be08f927f227f097ef1"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_SYMMETRIC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000000)</td></tr>
-<tr class="separator:ga8f214beb04334be08f927f227f097ef1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab8af75718c5e7b8987720a3fe8abb18f"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gab8af75718c5e7b8987720a3fe8abb18f"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_RAW</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x50000000)</td></tr>
-<tr class="separator:gab8af75718c5e7b8987720a3fe8abb18f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58b975beeee1f937cecb71c8051c6357"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga58b975beeee1f937cecb71c8051c6357"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60000000)</td></tr>
-<tr class="separator:ga58b975beeee1f937cecb71c8051c6357"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga708196a91ec0384de98e092b9a16f5e8"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga708196a91ec0384de98e092b9a16f5e8"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_KEY_PAIR</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70000000)</td></tr>
-<tr class="separator:ga708196a91ec0384de98e092b9a16f5e8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5a77cb4db2d02ffce77631339e3240f4"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga5a77cb4db2d02ffce77631339e3240f4"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x10000000)</td></tr>
-<tr class="separator:ga5a77cb4db2d02ffce77631339e3240f4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadbe4c086a6562aefe344bc79e51bdfd3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3">PSA_KEY_TYPE_IS_VENDOR_DEFINED</a>(type)&#160;&#160;&#160;(((type) &amp; <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a>) != 0)</td></tr>
-<tr class="separator:gadbe4c086a6562aefe344bc79e51bdfd3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaef86ce4e810e1c2c76068ac874bfef54"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type)</td></tr>
-<tr class="separator:gaef86ce4e810e1c2c76068ac874bfef54"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab138ae2ebf2905dfbaf4154db2620939"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type)</td></tr>
-<tr class="separator:gab138ae2ebf2905dfbaf4154db2620939"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac674a0f059bc0cb72b47f0c517b4f45b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">PSA_KEY_TYPE_IS_PUBLIC_KEY</a>(type)&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</td></tr>
-<tr class="separator:gac674a0f059bc0cb72b47f0c517b4f45b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac14c6d6e1b2b7f4a92a7b757465cff29"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29">PSA_KEY_TYPE_IS_KEYPAIR</a>(type)&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</td></tr>
-<tr class="separator:gac14c6d6e1b2b7f4a92a7b757465cff29"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf09f1ca1de6a7e7cff0fe516f3f6c91d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d">PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY</a>(type)&#160;&#160;&#160;((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td></tr>
-<tr class="separator:gaf09f1ca1de6a7e7cff0fe516f3f6c91d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gace08e46dd7cbf642d50d982a25d02bec"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type)&#160;&#160;&#160;((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td></tr>
-<tr class="separator:gace08e46dd7cbf642d50d982a25d02bec"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa97f92025533102616b32d571c940d80"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa97f92025533102616b32d571c940d80">PSA_KEY_TYPE_RAW_DATA</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x50000001)</td></tr>
-<tr class="separator:gaa97f92025533102616b32d571c940d80"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga92d989f4ca64abd00f463defd773a6f8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8">PSA_KEY_TYPE_HMAC</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x51000000)</td></tr>
-<tr class="separator:ga92d989f4ca64abd00f463defd773a6f8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae871b2357b8593f33bfd51abbf93ebb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">PSA_KEY_TYPE_DERIVE</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x52000000)</td></tr>
-<tr class="separator:gae871b2357b8593f33bfd51abbf93ebb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6ee54579dcf278c677eda4bb1a29575e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">PSA_KEY_TYPE_AES</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000001)</td></tr>
-<tr class="separator:ga6ee54579dcf278c677eda4bb1a29575e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga577562bfbbc691c820d55ec308333138"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">PSA_KEY_TYPE_DES</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000002)</td></tr>
-<tr class="separator:ga577562bfbbc691c820d55ec308333138"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8e5da742343fd5519f9d8a630c2ed81"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">PSA_KEY_TYPE_CAMELLIA</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000003)</td></tr>
-<tr class="separator:gad8e5da742343fd5519f9d8a630c2ed81"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae4d46e83f910dcaa126000a8ed03cde9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">PSA_KEY_TYPE_ARC4</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000004)</td></tr>
-<tr class="separator:gae4d46e83f910dcaa126000a8ed03cde9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9ba0878f56c8bcd1995ac017a74f513b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60010000)</td></tr>
-<tr class="separator:ga9ba0878f56c8bcd1995ac017a74f513b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga581f50687f5d650456925278948f2799"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">PSA_KEY_TYPE_RSA_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70010000)</td></tr>
-<tr class="separator:ga581f50687f5d650456925278948f2799"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0e1d8f241228e49c9cadadfb4579ef1a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a">PSA_KEY_TYPE_IS_RSA</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga0e1d8f241228e49c9cadadfb4579ef1a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5e7439c2905136366c3a876e62e5ddfc"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60020000)</td></tr>
-<tr class="separator:ga5e7439c2905136366c3a876e62e5ddfc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga011010ee28c20388f3d89fb27088ed62"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">PSA_KEY_TYPE_DSA_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70020000)</td></tr>
-<tr class="separator:ga011010ee28c20388f3d89fb27088ed62"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga273fdfcf23eb0624f8b63d2321cf95c1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1">PSA_KEY_TYPE_IS_DSA</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga273fdfcf23eb0624f8b63d2321cf95c1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8d37a32a305dda9fb4af1707aace47c"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gad8d37a32a305dda9fb4af1707aace47c"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60030000)</td></tr>
-<tr class="separator:gad8d37a32a305dda9fb4af1707aace47c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6754658749714c6ac674bdf6d2d40767"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga6754658749714c6ac674bdf6d2d40767"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_KEYPAIR_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70030000)</td></tr>
-<tr class="separator:ga6754658749714c6ac674bdf6d2d40767"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadc2a3c0041ac1d0a2b6f421d8e089b25"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gadc2a3c0041ac1d0a2b6f421d8e089b25"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_KEY_TYPE_ECC_CURVE_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x0000ffff)</td></tr>
-<tr class="separator:gadc2a3c0041ac1d0a2b6f421d8e089b25"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadf3ad65d157bf5282849c954bf3f51af"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af">PSA_KEY_TYPE_ECC_KEYPAIR</a>(curve)&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))</td></tr>
-<tr class="separator:gadf3ad65d157bf5282849c954bf3f51af"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad54c03d3b47020e571a72cd01d978cf2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve)&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</td></tr>
-<tr class="separator:gad54c03d3b47020e571a72cd01d978cf2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga88e01fa06b585654689a99bcc06bbe66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a>(type)</td></tr>
-<tr class="separator:ga88e01fa06b585654689a99bcc06bbe66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7bf101b671e8cf26f4cb08fcb679db4b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">PSA_KEY_TYPE_IS_ECC_KEYPAIR</a>(type)</td></tr>
-<tr class="separator:ga7bf101b671e8cf26f4cb08fcb679db4b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5af146a173b0c84d7e737e2fb6a3c0a7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(type)</td></tr>
-<tr class="separator:ga5af146a173b0c84d7e737e2fb6a3c0a7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0c567210e6f80aa8f2aa87efa7a3a3f9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9">PSA_KEY_TYPE_GET_CURVE</a>(type)</td></tr>
-<tr class="separator:ga0c567210e6f80aa8f2aa87efa7a3a3f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4201013d5947c375fae7311b0f98bac7"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga4201013d5947c375fae7311b0f98bac7"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0001)</td></tr>
-<tr class="separator:ga4201013d5947c375fae7311b0f98bac7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaca8816b785f492a8795b5276977d1369"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaca8816b785f492a8795b5276977d1369"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0002)</td></tr>
-<tr class="separator:gaca8816b785f492a8795b5276977d1369"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4ab7a853ceb3ad0a525ecb571633a1ca"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga4ab7a853ceb3ad0a525ecb571633a1ca"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT163R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0003)</td></tr>
-<tr class="separator:ga4ab7a853ceb3ad0a525ecb571633a1ca"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac9fd11da90ca67649a5f51a158afe5f3"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gac9fd11da90ca67649a5f51a158afe5f3"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT193R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0004)</td></tr>
-<tr class="separator:gac9fd11da90ca67649a5f51a158afe5f3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7a77f5e385f6439dae5857a7f35756eb"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga7a77f5e385f6439dae5857a7f35756eb"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT193R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0005)</td></tr>
-<tr class="separator:ga7a77f5e385f6439dae5857a7f35756eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga36e409c36983e41db5db202b1d2095b5"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga36e409c36983e41db5db202b1d2095b5"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT233K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0006)</td></tr>
-<tr class="separator:ga36e409c36983e41db5db202b1d2095b5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga54997a9f8ef752c6d717171e01c31019"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga54997a9f8ef752c6d717171e01c31019"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT233R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0007)</td></tr>
-<tr class="separator:ga54997a9f8ef752c6d717171e01c31019"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaabccf2759188c3e98d82faa5d8dfcd8c"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaabccf2759188c3e98d82faa5d8dfcd8c"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT239K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0008)</td></tr>
-<tr class="separator:gaabccf2759188c3e98d82faa5d8dfcd8c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga28c765d75773b5fe083219e7c0b054f9"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga28c765d75773b5fe083219e7c0b054f9"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT283K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0009)</td></tr>
-<tr class="separator:ga28c765d75773b5fe083219e7c0b054f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd8ecacea0d9e7e1a0247c047baf3372"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gafd8ecacea0d9e7e1a0247c047baf3372"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT283R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000a)</td></tr>
-<tr class="separator:gafd8ecacea0d9e7e1a0247c047baf3372"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2bf301617cc84a6f2b36a86cc29eaf4d"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga2bf301617cc84a6f2b36a86cc29eaf4d"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT409K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000b)</td></tr>
-<tr class="separator:ga2bf301617cc84a6f2b36a86cc29eaf4d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae41caa1cc16d3c35769b6edcb62c8957"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gae41caa1cc16d3c35769b6edcb62c8957"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT409R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000c)</td></tr>
-<tr class="separator:gae41caa1cc16d3c35769b6edcb62c8957"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2043aa519549a6194d132d81816879bc"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga2043aa519549a6194d132d81816879bc"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT571K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000d)</td></tr>
-<tr class="separator:ga2043aa519549a6194d132d81816879bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1607d2cb9591b56dbe1295bedc33e19e"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga1607d2cb9591b56dbe1295bedc33e19e"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECT571R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000e)</td></tr>
-<tr class="separator:ga1607d2cb9591b56dbe1295bedc33e19e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2ad14935d244d93ee0e4cfe9b1f218a4"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga2ad14935d244d93ee0e4cfe9b1f218a4"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x000f)</td></tr>
-<tr class="separator:ga2ad14935d244d93ee0e4cfe9b1f218a4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga35ed41203039e94eb4855cc70f28f7f0"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga35ed41203039e94eb4855cc70f28f7f0"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0010)</td></tr>
-<tr class="separator:ga35ed41203039e94eb4855cc70f28f7f0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac465f57c34914a01aea8c220a613dfe6"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gac465f57c34914a01aea8c220a613dfe6"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP160R2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0011)</td></tr>
-<tr class="separator:gac465f57c34914a01aea8c220a613dfe6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58c806d45ab350287ddc49da833bd558"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga58c806d45ab350287ddc49da833bd558"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP192K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0012)</td></tr>
-<tr class="separator:ga58c806d45ab350287ddc49da833bd558"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5aa3ceff4603fa3fafd8f2286c5d3e4a"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga5aa3ceff4603fa3fafd8f2286c5d3e4a"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP192R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0013)</td></tr>
-<tr class="separator:ga5aa3ceff4603fa3fafd8f2286c5d3e4a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabfaaab2eaab0ac360e41c1aff6133cdf"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gabfaaab2eaab0ac360e41c1aff6133cdf"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP224K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0014)</td></tr>
-<tr class="separator:gabfaaab2eaab0ac360e41c1aff6133cdf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8d1d21b6b87ba4158235b876ae79031d"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga8d1d21b6b87ba4158235b876ae79031d"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP224R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0015)</td></tr>
-<tr class="separator:ga8d1d21b6b87ba4158235b876ae79031d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaa61941f815aff976a1debd910b1704c"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaaa61941f815aff976a1debd910b1704c"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP256K1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0016)</td></tr>
-<tr class="separator:gaaa61941f815aff976a1debd910b1704c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11224270225c2b2dbfa2ab01073a4e93"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga11224270225c2b2dbfa2ab01073a4e93"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP256R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0017)</td></tr>
-<tr class="separator:ga11224270225c2b2dbfa2ab01073a4e93"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3e870a36493143507a01a28c70790fa3"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga3e870a36493143507a01a28c70790fa3"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP384R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0018)</td></tr>
-<tr class="separator:ga3e870a36493143507a01a28c70790fa3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4482ff6155006ff509071c32ce263fdf"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga4482ff6155006ff509071c32ce263fdf"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_SECP521R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x0019)</td></tr>
-<tr class="separator:ga4482ff6155006ff509071c32ce263fdf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa999b69c56af0cc1cebf4596f8578191"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaa999b69c56af0cc1cebf4596f8578191"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P256R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001a)</td></tr>
-<tr class="separator:gaa999b69c56af0cc1cebf4596f8578191"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga79f95ed8050f2dc7750cbac212c6e687"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga79f95ed8050f2dc7750cbac212c6e687"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P384R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001b)</td></tr>
-<tr class="separator:ga79f95ed8050f2dc7750cbac212c6e687"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa03a2dc6096f336be3d68a1f7405e86c"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaa03a2dc6096f336be3d68a1f7405e86c"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_BRAINPOOL_P512R1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001c)</td></tr>
-<tr class="separator:gaa03a2dc6096f336be3d68a1f7405e86c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac94faf3b8d9884221541f51f26b11c7a"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gac94faf3b8d9884221541f51f26b11c7a"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_CURVE25519</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001d)</td></tr>
-<tr class="separator:gac94faf3b8d9884221541f51f26b11c7a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga902b0e91eff920873b3b59c740854305"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga902b0e91eff920873b3b59c740854305"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ECC_CURVE_CURVE448</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) 0x001e)</td></tr>
-<tr class="separator:ga902b0e91eff920873b3b59c740854305"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga325a340d7c72d99d3a678eb210bf6e0a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60040000)</td></tr>
-<tr class="separator:ga325a340d7c72d99d3a678eb210bf6e0a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga39b63c6b97a62a316c0660bf72b2fdd5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5">PSA_KEY_TYPE_DH_KEYPAIR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70040000)</td></tr>
-<tr class="separator:ga39b63c6b97a62a316c0660bf72b2fdd5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga248ae35c0e2becaebbf479fc1c3a3b0e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga248ae35c0e2becaebbf479fc1c3a3b0e">PSA_KEY_TYPE_IS_DH</a>(type)&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>)</td></tr>
-<tr class="separator:ga248ae35c0e2becaebbf479fc1c3a3b0e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacaa366bdeb0413e63e87a667c5457b2e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e">PSA_BLOCK_CIPHER_BLOCK_SIZE</a>(type)</td></tr>
-<tr class="separator:gacaa366bdeb0413e63e87a667c5457b2e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf5d76750b6cfe3e7f0c8e9eee1162318"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaf5d76750b6cfe3e7f0c8e9eee1162318"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_VENDOR_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x80000000)</td></tr>
-<tr class="separator:gaf5d76750b6cfe3e7f0c8e9eee1162318"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga25e918c465b4421dbfaedad6b693d110"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga25e918c465b4421dbfaedad6b693d110"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x7f000000)</td></tr>
-<tr class="separator:ga25e918c465b4421dbfaedad6b693d110"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd048e1835b80e6daaff7fddce699757"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gafd048e1835b80e6daaff7fddce699757"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_HASH</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000000)</td></tr>
-<tr class="separator:gafd048e1835b80e6daaff7fddce699757"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5e6e0039d0b0d18afb3e13e5b9602b3a"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga5e6e0039d0b0d18afb3e13e5b9602b3a"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_MAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02000000)</td></tr>
-<tr class="separator:ga5e6e0039d0b0d18afb3e13e5b9602b3a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga68228a619db59eba93fd13e9129dbfe2"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga68228a619db59eba93fd13e9129dbfe2"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_CIPHER</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04000000)</td></tr>
-<tr class="separator:ga68228a619db59eba93fd13e9129dbfe2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga37fdd9cac2552f1568f38e091a826549"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga37fdd9cac2552f1568f38e091a826549"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_AEAD</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06000000)</td></tr>
-<tr class="separator:ga37fdd9cac2552f1568f38e091a826549"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga68a0af1dd89b33fb1e53139f654988f6"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga68a0af1dd89b33fb1e53139f654988f6"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_SIGN</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10000000)</td></tr>
-<tr class="separator:ga68a0af1dd89b33fb1e53139f654988f6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga72f46c8256b760b174e6db61a61cd608"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga72f46c8256b760b174e6db61a61cd608"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12000000)</td></tr>
-<tr class="separator:ga72f46c8256b760b174e6db61a61cd608"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac185b2274dd4e5f0b97c43334c2e478f"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gac185b2274dd4e5f0b97c43334c2e478f"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_KEY_DERIVATION</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000000)</td></tr>
-<tr class="separator:gac185b2274dd4e5f0b97c43334c2e478f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga808e397a4891c612df4a5b20eebc2fac"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga808e397a4891c612df4a5b20eebc2fac"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CATEGORY_KEY_AGREEMENT</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30000000)</td></tr>
-<tr class="separator:ga808e397a4891c612df4a5b20eebc2fac"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2396d8ba67096b3ebc69bc351a74c78b"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga2396d8ba67096b3ebc69bc351a74c78b"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_VENDOR_DEFINED</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_VENDOR_FLAG) != 0)</td></tr>
-<tr class="separator:ga2396d8ba67096b3ebc69bc351a74c78b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac9280662bb482590b4b33d1dcd32930f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</td></tr>
-<tr class="separator:gac9280662bb482590b4b33d1dcd32930f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaca7aee4c9dde316b3b1a150a26eab776"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</td></tr>
-<tr class="separator:gaca7aee4c9dde316b3b1a150a26eab776"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d1a5a402ad89a2e68f12bfb535490eb"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb">PSA_ALG_IS_CIPHER</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</td></tr>
-<tr class="separator:ga1d1a5a402ad89a2e68f12bfb535490eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d44829d60065eaa4ac9a703e7d6abc8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</td></tr>
-<tr class="separator:ga1d44829d60065eaa4ac9a703e7d6abc8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d490d0904e0698f6c1268a89d72ff31"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">PSA_ALG_IS_SIGN</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</td></tr>
-<tr class="separator:ga6d490d0904e0698f6c1268a89d72ff31"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga41d2ee937d54efd76bd54a97b2ebc08a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</td></tr>
-<tr class="separator:ga41d2ee937d54efd76bd54a97b2ebc08a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga59753742cb06553bd22751bbef472b6f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)</td></tr>
-<tr class="separator:ga59753742cb06553bd22751bbef472b6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf8b90c648aa53dbd06c236695e300cd0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</td></tr>
-<tr class="separator:gaf8b90c648aa53dbd06c236695e300cd0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac41a7077aef55bb20c629c8949d43c57"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gac41a7077aef55bb20c629c8949d43c57"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HASH_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x000000ff)</td></tr>
-<tr class="separator:gac41a7077aef55bb20c629c8949d43c57"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab076ca67238cb4ebd81556db8f3dbac1"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gab076ca67238cb4ebd81556db8f3dbac1"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD2</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000001)</td></tr>
-<tr class="separator:gab076ca67238cb4ebd81556db8f3dbac1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaac7ab8c28c117ef4ddf01affc8d3ceb2"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaac7ab8c28c117ef4ddf01affc8d3ceb2"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD4</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000002)</td></tr>
-<tr class="separator:gaac7ab8c28c117ef4ddf01affc8d3ceb2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gade591d9286d23382eb5cec099c84180d"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gade591d9286d23382eb5cec099c84180d"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MD5</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000003)</td></tr>
-<tr class="separator:gade591d9286d23382eb5cec099c84180d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6c5d3a32cda59086f07b85ef007033dd"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga6c5d3a32cda59086f07b85ef007033dd"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RIPEMD160</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000004)</td></tr>
-<tr class="separator:ga6c5d3a32cda59086f07b85ef007033dd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3fca4e9f9ad4a1158817d1850dee82e5"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga3fca4e9f9ad4a1158817d1850dee82e5"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_SHA_1</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000005)</td></tr>
-<tr class="separator:ga3fca4e9f9ad4a1158817d1850dee82e5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga25d6a3244d10a7148fe6b026d1979f7b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b">PSA_ALG_SHA_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000008)</td></tr>
-<tr class="separator:ga25d6a3244d10a7148fe6b026d1979f7b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga619471f978e13cdd0a1e37145e4bf341"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">PSA_ALG_SHA_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000009)</td></tr>
-<tr class="separator:ga619471f978e13cdd0a1e37145e4bf341"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga58af64dd9a86a287e8da9ed7739eead4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4">PSA_ALG_SHA_384</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000a)</td></tr>
-<tr class="separator:ga58af64dd9a86a287e8da9ed7739eead4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafba3ae409f46d3dd7f37a0910660c3e9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9">PSA_ALG_SHA_512</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000b)</td></tr>
-<tr class="separator:gafba3ae409f46d3dd7f37a0910660c3e9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3fe2d7c3c80e3186ca78d16a35d5d931"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931">PSA_ALG_SHA_512_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000c)</td></tr>
-<tr class="separator:ga3fe2d7c3c80e3186ca78d16a35d5d931"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5910b3964c14e9613e8643a45b09c2d4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4">PSA_ALG_SHA_512_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000d)</td></tr>
-<tr class="separator:ga5910b3964c14e9613e8643a45b09c2d4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga16f5fe34ccce68c2fada1224c054a999"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999">PSA_ALG_SHA3_224</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000010)</td></tr>
-<tr class="separator:ga16f5fe34ccce68c2fada1224c054a999"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaace70d9515489bbe3c5e7ac1b7d9155b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b">PSA_ALG_SHA3_256</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000011)</td></tr>
-<tr class="separator:gaace70d9515489bbe3c5e7ac1b7d9155b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab0f079257ea75e2acfe2fc3b38c78cd8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8">PSA_ALG_SHA3_384</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000012)</td></tr>
-<tr class="separator:gab0f079257ea75e2acfe2fc3b38c78cd8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga37e5dbe936dddb155e76f2997de27188"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188">PSA_ALG_SHA3_512</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000013)</td></tr>
-<tr class="separator:ga37e5dbe936dddb155e76f2997de27188"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa1288ea8bd397a8a3f5e19e94110f2e4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x010000ff)</td></tr>
-<tr class="separator:gaa1288ea8bd397a8a3f5e19e94110f2e4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabba3fcfee55533b0e25350e78a942e07"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gabba3fcfee55533b0e25350e78a942e07"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MAC_SUBCATEGORY_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00c00000)</td></tr>
-<tr class="separator:gabba3fcfee55533b0e25350e78a942e07"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0675192b82720fb8c9037a95bdeb6c88"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga0675192b82720fb8c9037a95bdeb6c88"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HMAC_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02800000)</td></tr>
-<tr class="separator:ga0675192b82720fb8c9037a95bdeb6c88"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga70f397425684b3efcde1e0e34c28261f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">PSA_ALG_HMAC</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga70f397425684b3efcde1e0e34c28261f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaee84269106a947cb6ac353e15e6c4687"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaee84269106a947cb6ac353e15e6c4687"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HMAC_GET_HASH</b>(hmac_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hmac_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gaee84269106a947cb6ac353e15e6c4687"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4a050c3c3cbc6eb96418f18847601c8a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a">PSA_ALG_IS_HMAC</a>(alg)</td></tr>
-<tr class="separator:ga4a050c3c3cbc6eb96418f18847601c8a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8c48784065c65c623a21b9a3ccc56b1d"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga8c48784065c65c623a21b9a3ccc56b1d"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_MAC_TRUNCATION_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00003f00)</td></tr>
-<tr class="separator:ga8c48784065c65c623a21b9a3ccc56b1d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6db5ce573e6ad52068aba31c3afdce31"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga6db5ce573e6ad52068aba31c3afdce31"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_MAC_TRUNCATION_OFFSET</b>&#160;&#160;&#160;8</td></tr>
-<tr class="separator:ga6db5ce573e6ad52068aba31c3afdce31"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf36137110baf7bb13c5028fd62c64276"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276">PSA_ALG_TRUNCATED_MAC</a>(alg,  mac_length)</td></tr>
-<tr class="separator:gaf36137110baf7bb13c5028fd62c64276"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa05a8d99634f3350597ac9284fb70cb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1">PSA_ALG_FULL_LENGTH_MAC</a>(alg)&#160;&#160;&#160;((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</td></tr>
-<tr class="separator:gaa05a8d99634f3350597ac9284fb70cb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab03726c4476174e019a08e2a04018ce8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8">PSA_MAC_TRUNCATED_LENGTH</a>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</td></tr>
-<tr class="separator:gab03726c4476174e019a08e2a04018ce8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaee0c29980b08305f6d0e7b3fbb588ade"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaee0c29980b08305f6d0e7b3fbb588ade"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_MAC_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00000)</td></tr>
-<tr class="separator:gaee0c29980b08305f6d0e7b3fbb588ade"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga20bdc755de7b90f6621ccb1e6bb5d9e1"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga20bdc755de7b90f6621ccb1e6bb5d9e1"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CBC_MAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00001)</td></tr>
-<tr class="separator:ga20bdc755de7b90f6621ccb1e6bb5d9e1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga146328a1e0023a02464e232d6ecefdc2"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga146328a1e0023a02464e232d6ecefdc2"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CMAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00002)</td></tr>
-<tr class="separator:ga146328a1e0023a02464e232d6ecefdc2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga69a012ce150219a2d97c3ab5582f0004"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga69a012ce150219a2d97c3ab5582f0004"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_GMAC</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x02c00003)</td></tr>
-<tr class="separator:ga69a012ce150219a2d97c3ab5582f0004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae49d1eb601125d65a5c5b252aa45479e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg)</td></tr>
-<tr class="separator:gae49d1eb601125d65a5c5b252aa45479e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac79618293c4254143caa75f6c5c82fa1"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gac79618293c4254143caa75f6c5c82fa1"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_STREAM_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00800000)</td></tr>
-<tr class="separator:gac79618293c4254143caa75f6c5c82fa1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabc80d19d140032e3b138db4ed37d0bd7"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gabc80d19d140032e3b138db4ed37d0bd7"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CIPHER_FROM_BLOCK_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00400000)</td></tr>
-<tr class="separator:gabc80d19d140032e3b138db4ed37d0bd7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacfec68e0c6175e02e1b2ebc97df383c0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0">PSA_ALG_IS_STREAM_CIPHER</a>(alg)</td></tr>
-<tr class="separator:gacfec68e0c6175e02e1b2ebc97df383c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab6a5284decb0e5e1b5b8740a41ef3c5e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e">PSA_ALG_ARC4</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04800001)</td></tr>
-<tr class="separator:gab6a5284decb0e5e1b5b8740a41ef3c5e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad318309706a769cffdc64e4c7e06b2e9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">PSA_ALG_CTR</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00001)</td></tr>
-<tr class="separator:gad318309706a769cffdc64e4c7e06b2e9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0088c933e01d671f263a9a1f177cb5bc"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga0088c933e01d671f263a9a1f177cb5bc"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_CFB</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00002)</td></tr>
-<tr class="separator:ga0088c933e01d671f263a9a1f177cb5bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae96bb421fa634c6fa8f571f0112f1ddb"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gae96bb421fa634c6fa8f571f0112f1ddb"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_OFB</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00003)</td></tr>
-<tr class="separator:gae96bb421fa634c6fa8f571f0112f1ddb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa722c0e426a797fd6d99623f59748125"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125">PSA_ALG_XTS</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x044000ff)</td></tr>
-<tr class="separator:gaa722c0e426a797fd6d99623f59748125"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacb332d72716958880ee7f97d8365ae66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66">PSA_ALG_CBC_NO_PADDING</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600100)</td></tr>
-<tr class="separator:gacb332d72716958880ee7f97d8365ae66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaef50d2e9716eb6d476046608e4e0c78c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c">PSA_ALG_CBC_PKCS7</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600101)</td></tr>
-<tr class="separator:gaef50d2e9716eb6d476046608e4e0c78c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2c0e7d21f1b2df5e76bcb4a8f84273c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">PSA_ALG_CCM</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001001)</td></tr>
-<tr class="separator:gac2c0e7d21f1b2df5e76bcb4a8f84273c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0d7d02b15aaae490d38277d99f1c637c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c">PSA_ALG_GCM</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001002)</td></tr>
-<tr class="separator:ga0d7d02b15aaae490d38277d99f1c637c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga575d9082463a06a86c2a22dd63c2e772"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga575d9082463a06a86c2a22dd63c2e772"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_AEAD_TAG_LENGTH_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00003f00)</td></tr>
-<tr class="separator:ga575d9082463a06a86c2a22dd63c2e772"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga987d416146048906d40dd1d9572e3193"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga987d416146048906d40dd1d9572e3193"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_AEAD_TAG_LENGTH_OFFSET</b>&#160;&#160;&#160;8</td></tr>
-<tr class="separator:ga987d416146048906d40dd1d9572e3193"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa63c520b62ab001d54d28801742fc9db"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">PSA_ALG_AEAD_WITH_TAG_LENGTH</a>(alg,  tag_length)</td></tr>
-<tr class="separator:gaa63c520b62ab001d54d28801742fc9db"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaddea507e062250cda8a29407a9480d2b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</a>(alg)</td></tr>
-<tr class="separator:gaddea507e062250cda8a29407a9480d2b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6e52012ca3be6acb4c756c372f18c3eb"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</b>(alg,  ref)</td></tr>
-<tr class="separator:ga6e52012ca3be6acb4c756c372f18c3eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga819b23c9899e92e9f867c7b2ae8f264c"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga819b23c9899e92e9f867c7b2ae8f264c"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_PKCS1V15_SIGN_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10020000)</td></tr>
-<tr class="separator:ga819b23c9899e92e9f867c7b2ae8f264c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga702ff75385a6ae7d4247033f479439af"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga702ff75385a6ae7d4247033f479439af"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4215e2a78dcf834e9a625927faa2a817"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a>&#160;&#160;&#160;PSA_ALG_RSA_PKCS1V15_SIGN_BASE</td></tr>
-<tr class="separator:ga4215e2a78dcf834e9a625927faa2a817"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9d545279f23d43b1b2a744d0dd6826d0"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga9d545279f23d43b1b2a744d0dd6826d0"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_PKCS1V15_SIGN</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)</td></tr>
-<tr class="separator:ga9d545279f23d43b1b2a744d0dd6826d0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga49d39a343790971b7a74644f4faea0c0"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga49d39a343790971b7a74644f4faea0c0"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_PSS_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10030000)</td></tr>
-<tr class="separator:ga49d39a343790971b7a74644f4faea0c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga62152bf4cb4bf6aace5e1be8f143564d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">PSA_ALG_RSA_PSS</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga62152bf4cb4bf6aace5e1be8f143564d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafa04fae7393a76d5161558768cb82a78"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gafa04fae7393a76d5161558768cb82a78"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_PSS</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)</td></tr>
-<tr class="separator:gafa04fae7393a76d5161558768cb82a78"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga863284106894476e3a8524805410b55b"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga863284106894476e3a8524805410b55b"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10040000)</td></tr>
-<tr class="separator:ga863284106894476e3a8524805410b55b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9a68efdddff5ae95f104a1416b12742e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e">PSA_ALG_DSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga9a68efdddff5ae95f104a1416b12742e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad3800dafc62d6a17bcae4bce98402e68"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gad3800dafc62d6a17bcae4bce98402e68"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DETERMINISTIC_DSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10050000)</td></tr>
-<tr class="separator:gad3800dafc62d6a17bcae4bce98402e68"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1d2a96f788cce4f8fc156d13342e70de"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga1d2a96f788cce4f8fc156d13342e70de"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_DETERMINISTIC_FLAG</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x00010000)</td></tr>
-<tr class="separator:ga1d2a96f788cce4f8fc156d13342e70de"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab8eb98fb6d2e094e47f3b44dfe128f94"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab8eb98fb6d2e094e47f3b44dfe128f94">PSA_ALG_DETERMINISTIC_DSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gab8eb98fb6d2e094e47f3b44dfe128f94"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacfc3cd50ef0c4bf694cf936079bcbaee"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DSA</b>(alg)</td></tr>
-<tr class="separator:gacfc3cd50ef0c4bf694cf936079bcbaee"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae01ae792228c16eac05102f8e900efd1"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gae01ae792228c16eac05102f8e900efd1"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DSA_IS_DETERMINISTIC</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</td></tr>
-<tr class="separator:gae01ae792228c16eac05102f8e900efd1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11f7d6fe7a4441143ed398420b7d1980"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga11f7d6fe7a4441143ed398420b7d1980"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DETERMINISTIC_DSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_DSA(alg) &amp;&amp; PSA_ALG_DSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:ga11f7d6fe7a4441143ed398420b7d1980"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga474c0582c4726d0c0274e470f4199cf9"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga474c0582c4726d0c0274e470f4199cf9"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RANDOMIZED_DSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_DSA(alg) &amp;&amp; !PSA_ALG_DSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:ga474c0582c4726d0c0274e470f4199cf9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafd9800fdbe6ea881e0ac0ce03d145928"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gafd9800fdbe6ea881e0ac0ce03d145928"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_ECDSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10060000)</td></tr>
-<tr class="separator:gafd9800fdbe6ea881e0ac0ce03d145928"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7e3ce9f514a227d5ba5d8318870452e3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga7e3ce9f514a227d5ba5d8318870452e3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga51d6b6044a62e33cae0cf64bfc3b22a4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4">PSA_ALG_ECDSA_ANY</a>&#160;&#160;&#160;PSA_ALG_ECDSA_BASE</td></tr>
-<tr class="separator:ga51d6b6044a62e33cae0cf64bfc3b22a4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6c08b65200140aeb46ee9db9c8ed878c"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga6c08b65200140aeb46ee9db9c8ed878c"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_DETERMINISTIC_ECDSA_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10070000)</td></tr>
-<tr class="separator:ga6c08b65200140aeb46ee9db9c8ed878c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11da566bcd341661c8de921e2ca5ed03"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga11da566bcd341661c8de921e2ca5ed03"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gafb92dc138c9d2388033ff5fc1dab7b48"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_ECDSA</b>(alg)</td></tr>
-<tr class="separator:gafb92dc138c9d2388033ff5fc1dab7b48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaced29d8e3a1740aaec01e9ef8211df4f"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaced29d8e3a1740aaec01e9ef8211df4f"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_ECDSA_IS_DETERMINISTIC</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</td></tr>
-<tr class="separator:gaced29d8e3a1740aaec01e9ef8211df4f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacd8766fe0fb8c1e2d32644e0d092c43a"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gacd8766fe0fb8c1e2d32644e0d092c43a"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_DETERMINISTIC_ECDSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_ECDSA(alg) &amp;&amp; PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:gacd8766fe0fb8c1e2d32644e0d092c43a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae7b0fafebd139f6f815285b7cad622ea"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gae7b0fafebd139f6f815285b7cad622ea"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RANDOMIZED_ECDSA</b>(alg)&#160;&#160;&#160;(PSA_ALG_IS_ECDSA(alg) &amp;&amp; !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</td></tr>
-<tr class="separator:gae7b0fafebd139f6f815285b7cad622ea"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad8a8ea0536975363b66410cdeafe38b6"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">PSA_ALG_IS_HASH_AND_SIGN</a>(alg)</td></tr>
-<tr class="separator:gad8a8ea0536975363b66410cdeafe38b6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga24cf6d7bcd2b9aeeeff86f07b6c674e3"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">PSA_ALG_SIGN_GET_HASH</a>(alg)</td></tr>
-<tr class="separator:ga24cf6d7bcd2b9aeeeff86f07b6c674e3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4c540d3abe43fb9abcb94f2bc51acef9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9">PSA_ALG_RSA_PKCS1V15_CRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12020000)</td></tr>
-<tr class="separator:ga4c540d3abe43fb9abcb94f2bc51acef9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga67ba62fbd154f5d3098866ae68ba66eb"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga67ba62fbd154f5d3098866ae68ba66eb"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_OAEP_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12030000)</td></tr>
-<tr class="separator:ga67ba62fbd154f5d3098866ae68ba66eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa1235dc3fdd9839c6c1b1a9857344c76"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76">PSA_ALG_RSA_OAEP</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:gaa1235dc3fdd9839c6c1b1a9857344c76"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9a85c05fd5c39ca63bbc47fb0755da39"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga9a85c05fd5c39ca63bbc47fb0755da39"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_RSA_OAEP</b>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)</td></tr>
-<tr class="separator:ga9a85c05fd5c39ca63bbc47fb0755da39"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae6b0b87aabe82a1b3113824f022c52e8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_RSA_OAEP_GET_HASH</b>(alg)</td></tr>
-<tr class="separator:gae6b0b87aabe82a1b3113824f022c52e8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga85fe668f95a1e65b573dc5acb798be6f"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga85fe668f95a1e65b573dc5acb798be6f"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HKDF_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000100)</td></tr>
-<tr class="separator:ga85fe668f95a1e65b573dc5acb798be6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga32a888fb360e6e25cab8a343772c4a82"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82">PSA_ALG_HKDF</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga32a888fb360e6e25cab8a343772c4a82"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1979d0a76fcee6164cf2e65960f38db2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2">PSA_ALG_IS_HKDF</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</td></tr>
-<tr class="separator:ga1979d0a76fcee6164cf2e65960f38db2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga643df48b529b176995927b697ff07a4c"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga643df48b529b176995927b697ff07a4c"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_HKDF_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga643df48b529b176995927b697ff07a4c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadb328698047e32da8e16551b28b50a35"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gadb328698047e32da8e16551b28b50a35"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PRF_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000200)</td></tr>
-<tr class="separator:gadb328698047e32da8e16551b28b50a35"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga6d5623c2ccda1d4a84e34351af8382d5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5">PSA_ALG_TLS12_PRF</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga6d5623c2ccda1d4a84e34351af8382d5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa3c18890c50222e5219f40ade8927e66"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66">PSA_ALG_IS_TLS12_PRF</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</td></tr>
-<tr class="separator:gaa3c18890c50222e5219f40ade8927e66"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga403b2695655c7e03d6c07c061c606ab7"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga403b2695655c7e03d6c07c061c606ab7"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PRF_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga403b2695655c7e03d6c07c061c606ab7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaaca4b1953a3f31f1a285a48454aa4a6f"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaaca4b1953a3f31f1a285a48454aa4a6f"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PSK_TO_MS_BASE</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x20000300)</td></tr>
-<tr class="separator:gaaca4b1953a3f31f1a285a48454aa4a6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga039ec797f15d1635d9b2e09a611f8a68"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg)&#160;&#160;&#160;(PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga039ec797f15d1635d9b2e09a611f8a68"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab25ecc074a93fd11069bedfbba5a287b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg)&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</td></tr>
-<tr class="separator:gab25ecc074a93fd11069bedfbba5a287b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga49f873d8cf9fb0042118e626330eec9d"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga49f873d8cf9fb0042118e626330eec9d"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</b>(hkdf_alg)&#160;&#160;&#160;(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</td></tr>
-<tr class="separator:ga49f873d8cf9fb0042118e626330eec9d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga914b52f4be62633b3350c5e03bf32ecb"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga914b52f4be62633b3350c5e03bf32ecb"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_DERIVATION_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x080fffff)</td></tr>
-<tr class="separator:ga914b52f4be62633b3350c5e03bf32ecb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad39afc70a46a0ed399e3a1b931fd108b"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gad39afc70a46a0ed399e3a1b931fd108b"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_MASK</b>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x10f00000)</td></tr>
-<tr class="separator:gad39afc70a46a0ed399e3a1b931fd108b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga78bb81cffb87a635c247725eeb2a2682"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga78bb81cffb87a635c247725eeb2a2682">PSA_ALG_KEY_AGREEMENT</a>(ka_alg,  kdf_alg)&#160;&#160;&#160;((ka_alg) | (kdf_alg))</td></tr>
-<tr class="separator:ga78bb81cffb87a635c247725eeb2a2682"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga56c1189add62b59e8e6a28a809b57037"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga56c1189add62b59e8e6a28a809b57037"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_GET_KDF</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)</td></tr>
-<tr class="separator:ga56c1189add62b59e8e6a28a809b57037"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf837c55ba698b488b6e63300e3470abf"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaf837c55ba698b488b6e63300e3470abf"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_KEY_AGREEMENT_GET_BASE</b>(alg)&#160;&#160;&#160;(((alg) &amp; PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)</td></tr>
-<tr class="separator:gaf837c55ba698b488b6e63300e3470abf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa40ab362ce141ce541d69b2eb1f41438"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(alg)</td></tr>
-<tr class="separator:gaa40ab362ce141ce541d69b2eb1f41438"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga14529588c008091de0ad2716170dbd48"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga14529588c008091de0ad2716170dbd48"></a>
-#define&#160;</td><td class="memItemRight" valign="bottom"><b>PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</b>(alg)&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(alg) || <a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(alg)))</td></tr>
-<tr class="separator:ga14529588c008091de0ad2716170dbd48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0ebbb6f93a05b6511e6f108ffd2d1eb4"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4">PSA_ALG_FFDH</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30100000)</td></tr>
-<tr class="separator:ga0ebbb6f93a05b6511e6f108ffd2d1eb4"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa3cf76164cd9375af4fb8a291078a19e"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e">PSA_ALG_IS_FFDH</a>(alg)&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == <a class="el" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4">PSA_ALG_FFDH</a>)</td></tr>
-<tr class="separator:gaa3cf76164cd9375af4fb8a291078a19e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab2dbcf71b63785e7dd7b54a100edee43"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43">PSA_ALG_ECDH</a>&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30200000)</td></tr>
-<tr class="separator:gab2dbcf71b63785e7dd7b54a100edee43"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9d9b6533d2a6bea7bac7ae01facb820d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d">PSA_ALG_IS_ECDH</a>(alg)&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == <a class="el" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43">PSA_ALG_ECDH</a>)</td></tr>
-<tr class="separator:ga9d9b6533d2a6bea7bac7ae01facb820d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gacf83d7430e82b97cecb8b26ca6fa1426"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gacf83d7430e82b97cecb8b26ca6fa1426">PSA_ALG_IS_WILDCARD</a>(alg)</td></tr>
-<tr class="separator:gacf83d7430e82b97cecb8b26ca6fa1426"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga578159487dfc7096cb191b0d2befe628"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga578159487dfc7096cb191b0d2befe628"></a>
-typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a></td></tr>
-<tr class="memdesc:ga578159487dfc7096cb191b0d2befe628"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of a key type. <br /></td></tr>
-<tr class="separator:ga578159487dfc7096cb191b0d2befe628"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4e8977c145cce5077c4bce7fec890ad9"><td class="memItemLeft" align="right" valign="top">typedef uint16_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a></td></tr>
-<tr class="separator:ga4e8977c145cce5077c4bce7fec890ad9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2e4d47f1300d73c2f829a6d99252d69"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a></td></tr>
-<tr class="memdesc:gac2e4d47f1300d73c2f829a6d99252d69"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of a cryptographic algorithm.  <a href="#gac2e4d47f1300d73c2f829a6d99252d69">More...</a><br /></td></tr>
-<tr class="separator:gac2e4d47f1300d73c2f829a6d99252d69"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga6e52012ca3be6acb4c756c372f18c3eb"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">ref&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line"><a class="code" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">PSA_ALG_AEAD_WITH_TAG_LENGTH</a>(alg, 0) == <a class="code" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">\</a></div><div class="line"><a class="code" href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">    PSA_ALG_AEAD_WITH_TAG_LENGTH</a>(ref, 0) ?  \</div><div class="line">    ref :</div><div class="ttc" id="group__crypto__types_html_gaa63c520b62ab001d54d28801742fc9db"><div class="ttname"><a href="group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db">PSA_ALG_AEAD_WITH_TAG_LENGTH</a></div><div class="ttdeci">#define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:921</div></div>
-</div><!-- fragment -->
-</div>
-</div>
-<a class="anchor" id="gaddea507e062250cda8a29407a9480d2b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(                                                                   \</div><div class="line">        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, <a class="code" href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">PSA_ALG_CCM</a>)   \</div><div class="line">        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, <a class="code" href="group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c">PSA_ALG_GCM</a>)   \</div><div class="line">        0)</div><div class="ttc" id="group__crypto__types_html_ga0d7d02b15aaae490d38277d99f1c637c"><div class="ttname"><a href="group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c">PSA_ALG_GCM</a></div><div class="ttdeci">#define PSA_ALG_GCM</div><div class="ttdef"><b>Definition:</b> crypto_values.h:894</div></div>
-<div class="ttc" id="group__crypto__types_html_gac2c0e7d21f1b2df5e76bcb4a8f84273c"><div class="ttname"><a href="group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c">PSA_ALG_CCM</a></div><div class="ttdeci">#define PSA_ALG_CCM</div><div class="ttdef"><b>Definition:</b> crypto_values.h:890</div></div>
-</div><!-- fragment --><p>Calculate the corresponding AEAD algorithm with the default tag length.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An AEAD algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding AEAD algorithm with the default tag length for that algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa63c520b62ab001d54d28801742fc9db"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_AEAD_WITH_TAG_LENGTH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">tag_length&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((alg) &amp; ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                          \</div><div class="line">     ((tag_length) &lt;&lt; PSA_AEAD_TAG_LENGTH_OFFSET &amp;                      \</div><div class="line">      PSA_ALG_AEAD_TAG_LENGTH_MASK))</div></div><!-- fragment --><p>Macro to build a shortened AEAD algorithm.</p>
-<p>A shortened AEAD algorithm is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length may affect the calculation of the ciphertext.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>A AEAD algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a> such that <a class="el" href="group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8">PSA_ALG_IS_AEAD</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramname">tag_length</td><td>Desired length of the authentication tag in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding AEAD algorithm with the specified length. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported AEAD algorithm or if <code>tag_length</code> is not valid for the specified AEAD algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa1288ea8bd397a8a3f5e19e94110f2e4"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_ANY_HASH&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x010000ff)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Allow any hash algorithm.</p>
-<p>This value may only be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. That is, suppose that <code>PSA_xxx_SIGNATURE</code> is one of the following macros:</p><ul>
-<li><a class="el" href="group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af">PSA_ALG_RSA_PKCS1V15_SIGN</a>, <a class="el" href="group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d">PSA_ALG_RSA_PSS</a>,</li>
-<li><a class="el" href="group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e">PSA_ALG_DSA</a>, <a class="el" href="group__crypto__types.html#gab8eb98fb6d2e094e47f3b44dfe128f94">PSA_ALG_DETERMINISTIC_DSA</a>,</li>
-<li><a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA</a>, <a class="el" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03">PSA_ALG_DETERMINISTIC_ECDSA</a>. Then you may create a key as follows:</li>
-<li>Set the key usage field using <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a>, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_key_policy_set_usage(&amp;policy,</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;                         PSA_KEY_USAGE_SIGN, //or PSA_KEY_USAGE_VERIFY</div><div class="line"><a name="l00003"></a><span class="lineno">    3</span>&#160;                         PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));</div><div class="line"><a name="l00004"></a><span class="lineno">    4</span>&#160;psa_set_key_policy(handle, &amp;policy);</div></div><!-- fragment --></li>
-<li>Import or generate key material.</li>
-<li>Call <a class="el" href="group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07" title="Sign a hash or short message with a private key. ">psa_asymmetric_sign()</a> or <a class="el" href="group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7" title="Verify the signature a hash or short message using a public key. ">psa_asymmetric_verify()</a>, passing an algorithm built from <code>PSA_xxx_SIGNATURE</code> and a specific hash. Each call to sign or verify a message may use a different hash. <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...);</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...);</div><div class="line"><a name="l00003"></a><span class="lineno">    3</span>&#160;psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...);</div></div><!-- fragment --></li>
-</ul>
-<p>This value may not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm <code>\p alg</code>, <a class="el" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">PSA_ALG_IS_HASH_AND_SIGN</a>(<code>alg</code>) is true.</p>
-<p>This value may not be used to build an algorithm specification to perform an operation. It is only valid to build policies. </p>
-
-</div>
-</div>
-<a class="anchor" id="gab6a5284decb0e5e1b5b8740a41ef3c5e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_ARC4&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04800001)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The ARC4 stream cipher algorithm. </p>
-
-</div>
-</div>
-<a class="anchor" id="gacb332d72716958880ee7f97d8365ae66"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_CBC_NO_PADDING&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600100)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The CBC block cipher chaining mode, with no padding.</p>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher. </p>
-
-</div>
-</div>
-<a class="anchor" id="gaef50d2e9716eb6d476046608e4e0c78c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_CBC_PKCS7&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04600101)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The CBC block cipher chaining mode with PKCS#7 padding.</p>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>This is the padding method defined by PKCS#7 (RFC 2315) &sect;10.3. </p>
-
-</div>
-</div>
-<a class="anchor" id="gac2c0e7d21f1b2df5e76bcb4a8f84273c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_CCM&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001001)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The CCM authenticated encryption algorithm. </p>
-
-</div>
-</div>
-<a class="anchor" id="gad318309706a769cffdc64e4c7e06b2e9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_CTR&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x04c00001)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The CTR stream cipher mode.</p>
-<p>CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type <a class="el" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">PSA_KEY_TYPE_AES</a> and a length of 128 bits (16 bytes). </p>
-
-</div>
-</div>
-<a class="anchor" id="gab8eb98fb6d2e094e47f3b44dfe128f94"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_DETERMINISTIC_DSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Deterministic DSA signature with hashing.</p>
-<p>This is the deterministic variant defined by RFC 6979 of the signature scheme defined by FIPS 186-4.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true). This includes <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a> when specifying the algorithm in a usage policy.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding DSA signature algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga11da566bcd341661c8de921e2ca5ed03"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_DETERMINISTIC_ECDSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Deterministic ECDSA signature with hashing.</p>
-<p>This is the deterministic ECDSA signature scheme defined by RFC 6979.</p>
-<p>The representation of a signature is the same as with <a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA()</a>.</p>
-<p>Note that when this algorithm is used for verification, signatures made with randomized ECDSA (<a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA</a>(<code>hash_alg</code>)) with the same private key are accepted. In other words, <a class="el" href="group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03">PSA_ALG_DETERMINISTIC_ECDSA</a>(<code>hash_alg</code>) differs from <a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA</a>(<code>hash_alg</code>) only for signature, not for verification.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true). This includes <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a> when specifying the algorithm in a usage policy.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding deterministic ECDSA signature algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga9a68efdddff5ae95f104a1416b12742e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_DSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_DSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>DSA signature with hashing.</p>
-<p>This is the signature scheme defined by FIPS 186-4, with a random per-message secret number (<em>k</em>).</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true). This includes <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a> when specifying the algorithm in a usage policy.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding DSA signature algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gab2dbcf71b63785e7dd7b54a100edee43"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_ECDH&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30200000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.</p>
-<p>The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always <code>ceiling(m / 8)</code> bytes long where <code>m</code> is the bit size associated with the curve, i.e. the bit size of the order of the curve's coordinate field. When <code>m</code> is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.</p>
-<ul>
-<li>For Montgomery curves (curve types <code>PSA_ECC_CURVE_CURVEXXX</code>), the shared secret is the x-coordinate of <code>d_A Q_B = d_B Q_A</code> in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519.</li>
-<li>For Weierstrass curves over prime fields (curve types <code>PSA_ECC_CURVE_SECPXXX</code> and <code>PSA_ECC_CURVE_BRAINPOOL_PXXX</code>), the shared secret is the x-coordinate of <code>d_A Q_B = d_B Q_A</code> in big-endian byte order. The bit size is <code>m = ceiling(log_2(p))</code> for the field <code>F_p</code>.</li>
-<li>For Weierstrass curves over binary fields (curve types <code>PSA_ECC_CURVE_SECTXXX</code>), the shared secret is the x-coordinate of <code>d_A Q_B = d_B Q_A</code> in big-endian byte order. The bit size is <code>m</code> for the field <code>F_{2^m}</code>. </li>
-</ul>
-
-</div>
-</div>
-<a class="anchor" id="ga7e3ce9f514a227d5ba5d8318870452e3"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_ECDSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>ECDSA signature with hashing.</p>
-<p>This is the ECDSA signature scheme defined by ANSI X9.62, with a random per-message secret number (<em>k</em>).</p>
-<p>The representation of the signature as a byte string consists of the concatentation of the signature values <em>r</em> and <em>s</em>. Each of <em>r</em> and <em>s</em> is encoded as an <em>N</em>-octet string, where <em>N</em> is the length of the base point of the curve in octets. Each value is represented in big-endian order (most significant octet first).</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true). This includes <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a> when specifying the algorithm in a usage policy.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding ECDSA signature algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga51d6b6044a62e33cae0cf64bfc3b22a4"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_ECDSA_ANY&#160;&#160;&#160;PSA_ALG_ECDSA_BASE</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>ECDSA signature without hashing.</p>
-<p>This is the same signature scheme as <a class="el" href="group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3">PSA_ALG_ECDSA()</a>, but without specifying a hash algorithm. This algorithm may only be used to sign or verify a sequence of bytes that should be an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga0ebbb6f93a05b6511e6f108ffd2d1eb4"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_FFDH&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x30100000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The finite-field Diffie-Hellman (DH) key agreement algorithm.</p>
-<p>The shared secret produced by key agreement and passed as input to the derivation or selection algorithm <code>kdf_alg</code> is the shared secret <code>g^{ab}</code> in big-endian format. It is <code>ceiling(m / 8)</code> bytes long where <code>m</code> is the size of the prime <code>p</code> in bits. </p>
-
-</div>
-</div>
-<a class="anchor" id="gaa05a8d99634f3350597ac9284fb70cb1"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_FULL_LENGTH_MAC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Macro to build the base MAC algorithm corresponding to a truncated MAC algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>A MAC algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a> such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true). This may be a truncated or untruncated MAC algorithm.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding base MAC algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported MAC algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga0d7d02b15aaae490d38277d99f1c637c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_GCM&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x06001002)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The GCM authenticated encryption algorithm. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga32a888fb360e6e25cab8a343772c4a82"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_HKDF</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Macro to build an HKDF algorithm.</p>
-<p>For example, <code><a class="el" href="group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82">PSA_ALG_HKDF(PSA_ALG_SHA256)</a></code> is HKDF using HMAC-SHA-256.</p>
-<p>This key derivation algorithm uses the following inputs:</p><ul>
-<li><a class="el" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327">PSA_KDF_STEP_SALT</a> is the salt used in the "extract" step. It is optional; if omitted, the derivation uses an empty salt.</li>
-<li><a class="el" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168">PSA_KDF_STEP_SECRET</a> is the secret key used in the "extract" step.</li>
-<li><a class="el" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0">PSA_KDF_STEP_INFO</a> is the info string used in the "expand" step. You must pass <a class="el" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327">PSA_KDF_STEP_SALT</a> before <a class="el" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168">PSA_KDF_STEP_SECRET</a>. You may pass <a class="el" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0">PSA_KDF_STEP_INFO</a> at any time after steup and before starting to generate output.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding HKDF algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga70f397425684b3efcde1e0e34c28261f"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_HMAC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Macro to build an HMAC algorithm.</p>
-<p>For example, <a class="el" href="group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f">PSA_ALG_HMAC</a>(<a class="el" href="group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341">PSA_ALG_SHA_256</a>) is HMAC-SHA-256.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding HMAC algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1d44829d60065eaa4ac9a703e7d6abc8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_AEAD</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is an AEAD algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga41d2ee937d54efd76bd54a97b2ebc08a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a public-key encryption algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a public-key encryption algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gae49d1eb601125d65a5c5b252aa45479e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_BLOCK_CIPHER_MAC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \</div><div class="line">     PSA_ALG_CIPHER_MAC_BASE)</div></div><!-- fragment --><p>Whether the specified algorithm is a MAC algorithm based on a block cipher.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a MAC algorithm based on a block cipher, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1d1a5a402ad89a2e68f12bfb535490eb"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_CIPHER</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a symmetric cipher algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a symmetric cipher algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gacfc3cd50ef0c4bf694cf936079bcbaee"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_DSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \</div><div class="line">     PSA_ALG_DSA_BASE)</div></div><!-- fragment -->
-</div>
-</div>
-<a class="anchor" id="ga9d9b6533d2a6bea7bac7ae01facb820d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_ECDH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == <a class="el" href="group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43">PSA_ALG_ECDH</a>)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.</p>
-<p>This includes every supported key selection or key agreement algorithm for the output of the Diffie-Hellman calculation.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is an elliptic curve Diffie-Hellman algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported key agreement algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gafb92dc138c9d2388033ff5fc1dab7b48"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_ECDSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \</div><div class="line">     PSA_ALG_ECDSA_BASE)</div></div><!-- fragment -->
-</div>
-</div>
-<a class="anchor" id="gaa3cf76164cd9375af4fb8a291078a19e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_FFDH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == <a class="el" href="group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4">PSA_ALG_FFDH</a>)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a finite field Diffie-Hellman algorithm.</p>
-<p>This includes every supported key selection or key agreement algorithm for the output of the Diffie-Hellman calculation.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a finite field Diffie-Hellman algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported key agreement algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gac9280662bb482590b4b33d1dcd32930f"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_HASH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a hash algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a hash algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gad8a8ea0536975363b66410cdeafe38b6"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_HASH_AND_SIGN</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \</div><div class="line">     PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))</div></div><!-- fragment --><p>Whether the specified algorithm is a hash-and-sign algorithm.</p>
-<p>Hash-and-sign algorithms are public-key signature algorithms structured in two parts: first the calculation of a hash in a way that does not depend on the key, then the calculation of a signature from the hash value and the key.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a hash-and-sign algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1979d0a76fcee6164cf2e65960f38db2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_HKDF</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is an HKDF algorithm.</p>
-<p>HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is an HKDF algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported key derivation algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga4a050c3c3cbc6eb96418f18847601c8a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_HMAC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \</div><div class="line">     PSA_ALG_HMAC_BASE)</div></div><!-- fragment --><p>Whether the specified algorithm is an HMAC algorithm.</p>
-<p>HMAC is a family of MAC algorithms that are based on a hash function.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is an HMAC algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga59753742cb06553bd22751bbef472b6f"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_KEY_AGREEMENT</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a key agreement algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a key agreement algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaf8b90c648aa53dbd06c236695e300cd0"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_KEY_DERIVATION</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a key derivation algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a key derivation algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaca7aee4c9dde316b3b1a150a26eab776"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_MAC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a MAC algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a MAC algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa40ab362ce141ce541d69b2eb1f41438"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_RAW_KEY_AGREEMENT</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) &amp;&amp;                                   \</div><div class="line">     PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)</div><div class="ttc" id="group__crypto__types_html_ga59753742cb06553bd22751bbef472b6f"><div class="ttname"><a href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a></div><div class="ttdeci">#define PSA_ALG_IS_KEY_AGREEMENT(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:624</div></div>
-</div><!-- fragment --><p>Whether the specified algorithm is a raw key agreement algorithm.</p>
-<p>A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a <code>PSA_ALG_xxx</code> macro while non-raw key agreement algorithms are constructed with <a class="el" href="group__crypto__types.html#ga78bb81cffb87a635c247725eeb2a2682">PSA_ALG_KEY_AGREEMENT()</a>.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a raw key agreement algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga6d490d0904e0698f6c1268a89d72ff31"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_SIGN</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a public-key signature algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a public-key signature algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gacfec68e0c6175e02e1b2ebc97df383c0"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_STREAM_CIPHER</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \</div><div class="line">        (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))</div></div><!-- fragment --><p>Whether the specified algorithm is a stream cipher.</p>
-<p>A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a stream cipher algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier or if it is not a symmetric cipher algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa3c18890c50222e5219f40ade8927e66"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_TLS12_PRF</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a TLS-1.2 PRF algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a TLS-1.2 PRF algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported key derivation algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gab25ecc074a93fd11069bedfbba5a287b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_TLS12_PSK_TO_MS</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a TLS-1.2 PSK to MS algorithm, 0 otherwise. This macro may return either 0 or 1 if <code>alg</code> is not a supported key derivation algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gacf83d7430e82b97cecb8b26ca6fa1426"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_IS_WILDCARD</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) ?                    <a class="code" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">\</a></div><div class="line"><a class="code" href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">     PSA_ALG_SIGN_GET_HASH</a>(alg) == <a class="code" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a> :   \</div><div class="line">     (alg) == <a class="code" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a>)</div><div class="ttc" id="group__crypto__types_html_gaa1288ea8bd397a8a3f5e19e94110f2e4"><div class="ttname"><a href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a></div><div class="ttdeci">#define PSA_ALG_ANY_HASH</div><div class="ttdef"><b>Definition:</b> crypto_values.h:699</div></div>
-<div class="ttc" id="group__crypto__types_html_ga24cf6d7bcd2b9aeeeff86f07b6c674e3"><div class="ttname"><a href="group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3">PSA_ALG_SIGN_GET_HASH</a></div><div class="ttdeci">#define PSA_ALG_SIGN_GET_HASH(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:1144</div></div>
-<div class="ttc" id="group__crypto__types_html_gad8a8ea0536975363b66410cdeafe38b6"><div class="ttname"><a href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">PSA_ALG_IS_HASH_AND_SIGN</a></div><div class="ttdeci">#define PSA_ALG_IS_HASH_AND_SIGN(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:1122</div></div>
-</div><!-- fragment --><p>Whether the specified algorithm encoding is a wildcard.</p>
-<p>Wildcard values may only be used to set the usage algorithm field in a policy, not to perform an operation.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>An algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>1 if <code>alg</code> is a wildcard algorithm encoding. </dd>
-<dd>
-0 if <code>alg</code> is a non-wildcard algorithm encoding (suitable for an operation). </dd>
-<dd>
-This macro may return either 0 or 1 if <code>alg</code> is not a supported algorithm identifier. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga78bb81cffb87a635c247725eeb2a2682"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_KEY_AGREEMENT</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">ka_alg, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">kdf_alg&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td>&#160;&#160;&#160;((ka_alg) | (kdf_alg))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Macro to build a combined algorithm that chains a key agreement with a key derivation.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">ka_alg</td><td>A key agreement algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(<code>ka_alg</code>) is true). </td></tr>
-    <tr><td class="paramname">kdf_alg</td><td>A key derivation algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(<code>kdf_alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding key agreement and derivation algorithm. </dd>
-<dd>
-Unspecified if <code>ka_alg</code> is not a supported key agreement algorithm or <code>kdf_alg</code> is not a supported key derivation algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa1235dc3fdd9839c6c1b1a9857344c76"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_RSA_OAEP</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>RSA OAEP encryption.</p>
-<p>This is the encryption scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>The hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true) to use for MGF1.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding RSA OAEP signature algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gae6b0b87aabe82a1b3113824f022c52e8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_RSA_OAEP_GET_HASH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(PSA_ALG_IS_RSA_OAEP(alg) ?                                 \</div><div class="line">     ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :      \</div><div class="line">     0)</div></div><!-- fragment -->
-</div>
-</div>
-<a class="anchor" id="ga4c540d3abe43fb9abcb94f2bc51acef9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_RSA_PKCS1V15_CRYPT&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x12020000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>RSA PKCS#1 v1.5 encryption. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga702ff75385a6ae7d4247033f479439af"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_RSA_PKCS1V15_SIGN</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>RSA PKCS#1 v1.5 signature with hashing.</p>
-<p>This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true). This includes <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a> when specifying the algorithm in a usage policy.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding RSA PKCS#1 v1.5 signature algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga4215e2a78dcf834e9a625927faa2a817"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW&#160;&#160;&#160;PSA_ALG_RSA_PKCS1V15_SIGN_BASE</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Raw PKCS#1 v1.5 signature.</p>
-<p>The input to this algorithm is the DigestInfo structure used by RFC 8017 (PKCS#1: RSA Cryptography Specifications), &sect;9.2 steps 3&ndash;6. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga62152bf4cb4bf6aace5e1be8f143564d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_RSA_PSS</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>RSA PSS signature with hashing.</p>
-<p>This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true). This includes <a class="el" href="group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4">PSA_ALG_ANY_HASH</a> when specifying the algorithm in a usage policy.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding RSA PSS signature algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga16f5fe34ccce68c2fada1224c054a999"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA3_224&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000010)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA3-224 </p>
-
-</div>
-</div>
-<a class="anchor" id="gaace70d9515489bbe3c5e7ac1b7d9155b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA3_256&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000011)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA3-256 </p>
-
-</div>
-</div>
-<a class="anchor" id="gab0f079257ea75e2acfe2fc3b38c78cd8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA3_384&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000012)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA3-384 </p>
-
-</div>
-</div>
-<a class="anchor" id="ga37e5dbe936dddb155e76f2997de27188"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA3_512&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000013)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA3-512 </p>
-
-</div>
-</div>
-<a class="anchor" id="ga25d6a3244d10a7148fe6b026d1979f7b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA_224&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000008)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA2-224 </p>
-
-</div>
-</div>
-<a class="anchor" id="ga619471f978e13cdd0a1e37145e4bf341"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA_256&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x01000009)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA2-256 </p>
-
-</div>
-</div>
-<a class="anchor" id="ga58af64dd9a86a287e8da9ed7739eead4"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA_384&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000a)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA2-384 </p>
-
-</div>
-</div>
-<a class="anchor" id="gafba3ae409f46d3dd7f37a0910660c3e9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA_512&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000b)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA2-512 </p>
-
-</div>
-</div>
-<a class="anchor" id="ga3fe2d7c3c80e3186ca78d16a35d5d931"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA_512_224&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000c)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA2-512/224 </p>
-
-</div>
-</div>
-<a class="anchor" id="ga5910b3964c14e9613e8643a45b09c2d4"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SHA_512_256&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x0100000d)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>SHA2-512/256 </p>
-
-</div>
-</div>
-<a class="anchor" id="ga24cf6d7bcd2b9aeeeff86f07b6c674e3"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_SIGN_GET_HASH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(<a class="code" href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) ?                                   \</div><div class="line">     ((alg) &amp; PSA_ALG_HASH_MASK) == 0 ? <span class="comment">/*&quot;raw&quot; algorithm*/</span> 0 :        \</div><div class="line">     ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :             \</div><div class="line">     0)</div><div class="ttc" id="group__crypto__types_html_gad8a8ea0536975363b66410cdeafe38b6"><div class="ttname"><a href="group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6">PSA_ALG_IS_HASH_AND_SIGN</a></div><div class="ttdeci">#define PSA_ALG_IS_HASH_AND_SIGN(alg)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:1122</div></div>
-</div><!-- fragment --><p>Get the hash used by a hash-and-sign signature algorithm.</p>
-<p>A hash-and-sign algorithm is a signature algorithm which is composed of two phases: first a hashing phase which does not use the key and produces a hash of the input message, then a signing phase which only uses the hash and the key and not the message itself.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>A signature algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31">PSA_ALG_IS_SIGN</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The underlying hash algorithm if <code>alg</code> is a hash-and-sign algorithm. </dd>
-<dd>
-0 if <code>alg</code> is a signature algorithm that does not follow the hash-and-sign structure. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a signature algorithm or if it is not supported by the implementation. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga6d5623c2ccda1d4a84e34351af8382d5"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_TLS12_PRF</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Macro to build a TLS-1.2 PRF algorithm.</p>
-<p>TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in Section 5 of RFC 5246. It is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
-<p>For the application to TLS-1.2, the salt and label arguments passed to psa_key_derivation() are what's called 'seed' and 'label' in RFC 5246, respectively. For example, for TLS key expansion, the salt is the concatenation of ServerHello.Random + ClientHello.Random, while the label is "key expansion".</p>
-<p>For example, <code><a class="el" href="group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5">PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)</a></code> represents the TLS 1.2 PRF using HMAC-SHA-256.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding TLS-1.2 PRF algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga039ec797f15d1635d9b2e09a611f8a68"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_TLS12_PSK_TO_MS</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">hash_alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.</p>
-<p>In a pure-PSK handshake in TLS 1.2, the master secret is derived from the PreSharedKey (PSK) through the application of padding (RFC 4279, Section 2) and the TLS-1.2 PRF (RFC 5246, Section 5). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
-<p>For the application to TLS-1.2, the salt passed to psa_key_derivation() (and forwarded to the TLS-1.2 PRF) is the concatenation of the ClientHello.Random + ServerHello.Random, while the label is "master secret" or "extended master secret".</p>
-<p>For example, <code><a class="el" href="group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68">PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)</a></code> represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">hash_alg</td><td>A hash algorithm (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>hash_alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding TLS-1.2 PSK to MS algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported hash algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaf36137110baf7bb13c5028fd62c64276"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_TRUNCATED_MAC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">mac_length&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK) |                           \</div><div class="line">     ((mac_length) &lt;&lt; PSA_MAC_TRUNCATION_OFFSET &amp; PSA_ALG_MAC_TRUNCATION_MASK))</div></div><!-- fragment --><p>Macro to build a truncated MAC algorithm.</p>
-<p>A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first <code>mac_length</code> bytes of the MAC value for the untruncated algorithm.</p>
-<dl class="section note"><dt>Note</dt><dd>This macro may allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.</dd>
-<dd>
-It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>A MAC algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a> such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true). This may be a truncated or untruncated MAC algorithm. </td></tr>
-    <tr><td class="paramname">mac_length</td><td>Desired length of the truncated MAC in bytes. This must be at most the full length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum shall not be zero.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding MAC algorithm with the specified length. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported MAC algorithm or if <code>mac_length</code> is too small or too large for the specified MAC algorithm. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa722c0e426a797fd6d99623f59748125"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ALG_XTS&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>)0x044000ff)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The XTS cipher mode.</p>
-<p>XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks. </p>
-
-</div>
-</div>
-<a class="anchor" id="gacaa366bdeb0413e63e87a667c5457b2e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_BLOCK_CIPHER_BLOCK_SIZE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(                                                \</div><div class="line">        (type) == <a class="code" href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">PSA_KEY_TYPE_AES</a> ? 16 :            \</div><div class="line">        (type) == <a class="code" href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">PSA_KEY_TYPE_DES</a> ? 8 :             \</div><div class="line">        (type) == <a class="code" href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">PSA_KEY_TYPE_CAMELLIA</a> ? 16 :       \</div><div class="line">        (type) == <a class="code" href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">PSA_KEY_TYPE_ARC4</a> ? 1 :            \</div><div class="line">        0)</div><div class="ttc" id="group__crypto__types_html_ga577562bfbbc691c820d55ec308333138"><div class="ttname"><a href="group__crypto__types.html#ga577562bfbbc691c820d55ec308333138">PSA_KEY_TYPE_DES</a></div><div class="ttdeci">#define PSA_KEY_TYPE_DES</div><div class="ttdef"><b>Definition:</b> crypto_values.h:407</div></div>
-<div class="ttc" id="group__crypto__types_html_gad8e5da742343fd5519f9d8a630c2ed81"><div class="ttname"><a href="group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81">PSA_KEY_TYPE_CAMELLIA</a></div><div class="ttdeci">#define PSA_KEY_TYPE_CAMELLIA</div><div class="ttdef"><b>Definition:</b> crypto_values.h:411</div></div>
-<div class="ttc" id="group__crypto__types_html_ga6ee54579dcf278c677eda4bb1a29575e"><div class="ttname"><a href="group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e">PSA_KEY_TYPE_AES</a></div><div class="ttdeci">#define PSA_KEY_TYPE_AES</div><div class="ttdef"><b>Definition:</b> crypto_values.h:396</div></div>
-<div class="ttc" id="group__crypto__types_html_gae4d46e83f910dcaa126000a8ed03cde9"><div class="ttname"><a href="group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9">PSA_KEY_TYPE_ARC4</a></div><div class="ttdeci">#define PSA_KEY_TYPE_ARC4</div><div class="ttdef"><b>Definition:</b> crypto_values.h:417</div></div>
-</div><!-- fragment --><p>The block size of a block cipher.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">type</td><td>A cipher key type (value of type <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628" title="Encoding of a key type. ">psa_key_type_t</a>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The block size for a block cipher, or 1 for a stream cipher. The return value is undefined if <code>type</code> is not a supported cipher key type.</dd></dl>
-<dl class="section note"><dt>Note</dt><dd>It is possible to build stream cipher algorithms on top of a block cipher, for example CTR mode (<a class="el" href="group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9">PSA_ALG_CTR</a>). This macro only takes the key type into account, so it cannot be used to determine the size of the data that <a class="el" href="group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91">psa_cipher_update()</a> might buffer for future processing in general.</dd>
-<dd>
-This macro returns a compile-time constant if its argument is one.</dd></dl>
-<dl class="section warning"><dt>Warning</dt><dd>This macro may evaluate its argument multiple times. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga6ee54579dcf278c677eda4bb1a29575e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_AES&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000001)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Key for an cipher, AEAD or MAC algorithm based on the AES block cipher.</p>
-<p>The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256). </p>
-
-</div>
-</div>
-<a class="anchor" id="gae4d46e83f910dcaa126000a8ed03cde9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_ARC4&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000004)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Key for the RC4 stream cipher.</p>
-<p>Note that RC4 is weak and deprecated and should only be used in legacy protocols. </p>
-
-</div>
-</div>
-<a class="anchor" id="gad8e5da742343fd5519f9d8a630c2ed81"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_CAMELLIA&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000003)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Key for an cipher, AEAD or MAC algorithm based on the Camellia block cipher. </p>
-
-</div>
-</div>
-<a class="anchor" id="gae871b2357b8593f33bfd51abbf93ebb1"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_DERIVE&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x52000000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A secret for key derivation.</p>
-<p>The key policy determines which key derivation algorithm the key can be used for. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga577562bfbbc691c820d55ec308333138"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_DES&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x40000002)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).</p>
-<p>The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or 24 bytes (3-key 3DES).</p>
-<p>Note that single DES and 2-key 3DES are weak and strongly deprecated and should only be used to decrypt legacy data. 3-key 3DES is weak and deprecated and should only be used in legacy protocols. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga39b63c6b97a62a316c0660bf72b2fdd5"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_DH_KEYPAIR&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70040000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Diffie-Hellman key exchange key pair (private and public key). </p>
-
-</div>
-</div>
-<a class="anchor" id="ga325a340d7c72d99d3a678eb210bf6e0a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_DH_PUBLIC_KEY&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60040000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Diffie-Hellman key exchange public key. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga011010ee28c20388f3d89fb27088ed62"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_DSA_KEYPAIR&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70020000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>DSA key pair (private and public key). </p>
-
-</div>
-</div>
-<a class="anchor" id="ga5e7439c2905136366c3a876e62e5ddfc"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_DSA_PUBLIC_KEY&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60020000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>DSA public key. </p>
-
-</div>
-</div>
-<a class="anchor" id="gadf3ad65d157bf5282849c954bf3f51af"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_ECC_KEYPAIR</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">curve</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Elliptic curve key pair. </p>
-
-</div>
-</div>
-<a class="anchor" id="gad54c03d3b47020e571a72cd01d978cf2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">curve</td><td>)</td>
-          <td>&#160;&#160;&#160;(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Elliptic curve public key. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga0c567210e6f80aa8f2aa87efa7a3a3f9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_GET_CURVE</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">((<a class="code" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a>) (<a class="code" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a>(type) ?              \</div><div class="line">                        ((type) &amp; PSA_KEY_TYPE_ECC_CURVE_MASK) : \</div><div class="line">                        0))</div><div class="ttc" id="group__crypto__types_html_ga4e8977c145cce5077c4bce7fec890ad9"><div class="ttname"><a href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a></div><div class="ttdeci">uint16_t psa_ecc_curve_t</div><div class="ttdef"><b>Definition:</b> crypto_types.h:64</div></div>
-<div class="ttc" id="group__crypto__types_html_ga88e01fa06b585654689a99bcc06bbe66"><div class="ttname"><a href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a></div><div class="ttdeci">#define PSA_KEY_TYPE_IS_ECC(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:446</div></div>
-</div><!-- fragment --><p>Extract the curve from an elliptic curve key type. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga92d989f4ca64abd00f463defd773a6f8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_HMAC&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x51000000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>HMAC key.</p>
-<p>The key policy determines which underlying hash algorithm the key can be used for.</p>
-<p>HMAC keys should generally have the same size as the underlying hash. This size can be calculated with <a class="el" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">PSA_HASH_SIZE</a>(<code>alg</code>) where <code>alg</code> is the HMAC algorithm or the underlying hash algorithm. </p>
-
-</div>
-</div>
-<a class="anchor" id="gab138ae2ebf2905dfbaf4154db2620939"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_ASYMMETRIC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK                               \</div><div class="line">      &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) ==                            \</div><div class="line">     PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</div></div><!-- fragment --><p>Whether a key type is asymmetric: either a key pair or a public key. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga248ae35c0e2becaebbf479fc1c3a3b0e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_DH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether a key type is a Diffie-Hellman key exchange key (pair or public-only). </p>
-
-</div>
-</div>
-<a class="anchor" id="ga273fdfcf23eb0624f8b63d2321cf95c1"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_DSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether a key type is an DSA key (pair or public-only). </p>
-
-</div>
-</div>
-<a class="anchor" id="ga88e01fa06b585654689a99bcc06bbe66"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_ECC</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">((<a class="code" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) &amp;                        \</div><div class="line">      ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</div><div class="ttc" id="group__crypto__types_html_gace08e46dd7cbf642d50d982a25d02bec"><div class="ttname"><a href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a></div><div class="ttdeci">#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type)</div><div class="ttdef"><b>Definition:</b> crypto_values.h:365</div></div>
-</div><!-- fragment --><p>Whether a key type is an elliptic curve key (pair or public-only). </p>
-
-</div>
-</div>
-<a class="anchor" id="ga7bf101b671e8cf26f4cb08fcb679db4b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_ECC_KEYPAIR</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \</div><div class="line">     PSA_KEY_TYPE_ECC_KEYPAIR_BASE)</div></div><!-- fragment --><p>Whether a key type is an elliptic curve key pair. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga5af146a173b0c84d7e737e2fb6a3c0a7"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \</div><div class="line">     PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</div></div><!-- fragment --><p>Whether a key type is an elliptic curve public key. </p>
-
-</div>
-</div>
-<a class="anchor" id="gac14c6d6e1b2b7f4a92a7b757465cff29"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_KEYPAIR</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether a key type is a key pair containing a private part and a public part. </p>
-
-</div>
-</div>
-<a class="anchor" id="gac674a0f059bc0cb72b47f0c517b4f45b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_PUBLIC_KEY</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether a key type is the public part of a key pair. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga0e1d8f241228e49c9cadadfb4579ef1a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_RSA</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(type) == <a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether a key type is an RSA key (pair or public-only). </p>
-
-</div>
-</div>
-<a class="anchor" id="gaef86ce4e810e1c2c76068ac874bfef54"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_UNSTRUCTURED</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<b>Value:</b><div class="fragment"><div class="line">(((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK &amp; ~(<a class="code" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x10000000) == \</div><div class="line">     PSA_KEY_TYPE_CATEGORY_SYMMETRIC)</div><div class="ttc" id="group__crypto__types_html_ga578159487dfc7096cb191b0d2befe628"><div class="ttname"><a href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a></div><div class="ttdeci">uint32_t psa_key_type_t</div><div class="ttdoc">Encoding of a key type. </div><div class="ttdef"><b>Definition:</b> crypto_types.h:61</div></div>
-</div><!-- fragment --><p>Whether a key type is an unstructured array of bytes.</p>
-<p>This encompasses both symmetric keys and non-key data. </p>
-
-</div>
-</div>
-<a class="anchor" id="gadbe4c086a6562aefe344bc79e51bdfd3"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_IS_VENDOR_DEFINED</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;(((type) &amp; <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a>) != 0)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether a key type is vendor-defined. </p>
-
-</div>
-</div>
-<a class="anchor" id="gaf09f1ca1de6a7e7cff0fe516f3f6c91d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The key pair type corresponding to a public key type.</p>
-<p>You may also pass a key pair type as <code>type</code>, it will be left unchanged.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">type</td><td>A public key type or key pair type.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding key pair type. If <code>type</code> is not a public key or a key pair, the return value is undefined. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gafce7ab2b54ce97ea5bff73f13a9f3e5b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_NONE&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x00000000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>An invalid key type value.</p>
-<p>Zero is not the encoding of any key type. </p>
-
-</div>
-</div>
-<a class="anchor" id="gace08e46dd7cbf642d50d982a25d02bec"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">type</td><td>)</td>
-          <td>&#160;&#160;&#160;((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The public key type corresponding to a key pair type.</p>
-<p>You may also pass a key pair type as <code>type</code>, it will be left unchanged.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">type</td><td>A public key type or key pair type.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The corresponding public key type. If <code>type</code> is not a public key or a key pair, the return value is undefined. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa97f92025533102616b32d571c940d80"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_RAW_DATA&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x50000001)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Raw data.</p>
-<p>A "key" of this type cannot be used for any cryptographic operation. Applications may use this type to store arbitrary data in the keystore. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga581f50687f5d650456925278948f2799"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_RSA_KEYPAIR&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x70010000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>RSA key pair (private and public key). </p>
-
-</div>
-</div>
-<a class="anchor" id="ga9ba0878f56c8bcd1995ac017a74f513b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_RSA_PUBLIC_KEY&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x60010000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>RSA public key. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga8dbaed2fdb1ebae8aa127ad3988516f7"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_TYPE_VENDOR_FLAG&#160;&#160;&#160;((<a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>)0x80000000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Vendor-defined flag</p>
-<p>Key types defined by this standard will never have the <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a> bit set. Vendors who define additional key types must use an encoding with the <a class="el" href="group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7">PSA_KEY_TYPE_VENDOR_FLAG</a> bit set and should respect the bitwise structure used by standard encodings whenever practical. </p>
-
-</div>
-</div>
-<a class="anchor" id="gab03726c4476174e019a08e2a04018ce8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_MAC_TRUNCATED_LENGTH</td>
-          <td>(</td>
-          <td class="paramtype">&#160;</td>
-          <td class="paramname">alg</td><td>)</td>
-          <td>&#160;&#160;&#160;(((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Length to which a MAC algorithm is truncated.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">alg</td><td>A MAC algorithm identifier (value of type <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a> such that <a class="el" href="group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776">PSA_ALG_IS_MAC</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>Length of the truncated MAC in bytes. </dd>
-<dd>
-0 if <code>alg</code> is a non-truncated MAC algorithm. </dd>
-<dd>
-Unspecified if <code>alg</code> is not a supported MAC algorithm. </dd></dl>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="gac2e4d47f1300d73c2f829a6d99252d69"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef uint32_t <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Encoding of a cryptographic algorithm. </p>
-<p>For algorithms that can be applied to multiple key types, this type does not encode the key type. For example, for symmetric ciphers based on a block cipher, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69" title="Encoding of a cryptographic algorithm. ">psa_algorithm_t</a> encodes the block cipher mode and the padding mode while the block cipher itself is encoded via <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628" title="Encoding of a key type. ">psa_key_type_t</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga4e8977c145cce5077c4bce7fec890ad9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef uint16_t <a class="el" href="group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9">psa_ecc_curve_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The type of PSA elliptic curve identifiers. </p>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__derivation.html b/docs/html/group__derivation.html
deleted file mode 100644
index 0c17519..0000000
--- a/docs/html/group__derivation.html
+++ /dev/null
@@ -1,524 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Key derivation</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Key derivation</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga90a1995a41e26ed5ca30d2d4641d1168"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168">PSA_KDF_STEP_SECRET</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0101)</td></tr>
-<tr class="separator:ga90a1995a41e26ed5ca30d2d4641d1168"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9f4da10191bcb690b88756ed8470b03c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga9f4da10191bcb690b88756ed8470b03c">PSA_KDF_STEP_LABEL</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0201)</td></tr>
-<tr class="separator:ga9f4da10191bcb690b88756ed8470b03c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga384777dac55791d8f3a1af72c847b327"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327">PSA_KDF_STEP_SALT</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0202)</td></tr>
-<tr class="separator:ga384777dac55791d8f3a1af72c847b327"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga836afe760bbda3dafc6c29631560b1a0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0">PSA_KDF_STEP_INFO</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0203)</td></tr>
-<tr class="separator:ga836afe760bbda3dafc6c29631560b1a0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:gaac4eeacd36596c548b3a48fc06c5048b"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaac4eeacd36596c548b3a48fc06c5048b"></a>
-typedef uint16_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a></td></tr>
-<tr class="memdesc:gaac4eeacd36596c548b3a48fc06c5048b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of the step of a key derivation. <br /></td></tr>
-<tr class="separator:gaac4eeacd36596c548b3a48fc06c5048b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga1825696be813dfac2b8d3d02717e71c5"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga1825696be813dfac2b8d3d02717e71c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1b30e888db65c71f5337900848e1b03f"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, const uint8_t *data, size_t data_length)</td></tr>
-<tr class="separator:ga1b30e888db65c71f5337900848e1b03f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga9e5f549aa1f6f3863a07008d3d98f91a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle)</td></tr>
-<tr class="separator:ga9e5f549aa1f6f3863a07008d3d98f91a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2c7fe304cacc141ffb91553548abc5d2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">psa_key_agreement</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key, const uint8_t *peer_key, size_t peer_key_length)</td></tr>
-<tr class="separator:ga2c7fe304cacc141ffb91553548abc5d2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf1b12eff66a1a0020b5bdc8d0e910006"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006">psa_key_agreement_raw_shared_secret</a> (<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
-<tr class="separator:gaf1b12eff66a1a0020b5bdc8d0e910006"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga836afe760bbda3dafc6c29631560b1a0"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KDF_STEP_INFO&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0203)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>An information string for key derivation.</p>
-<p>This must be a direct input. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga9f4da10191bcb690b88756ed8470b03c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KDF_STEP_LABEL&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0201)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A label for key derivation.</p>
-<p>This must be a direct input. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga384777dac55791d8f3a1af72c847b327"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KDF_STEP_SALT&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0202)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A salt for key derivation.</p>
-<p>This must be a direct input. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga90a1995a41e26ed5ca30d2d4641d1168"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KDF_STEP_SECRET&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0101)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A secret input for key derivation.</p>
-<p>This must be a key of type <a class="el" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">PSA_KEY_TYPE_DERIVE</a>. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="ga2c7fe304cacc141ffb91553548abc5d2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_agreement </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>&#160;</td>
-          <td class="paramname"><em>step</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>private_key</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>peer_key</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>peer_key_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
-<p>A key agreement algorithm takes two inputs: a private key <code>private_key</code> a public key <code>peer_key</code>. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting generator to produce keys and other cryptographic material.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to use. It must have been set up with <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> with a key agreement and derivation algorithm <code>alg</code> (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(<code>alg</code>) is true and <a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(<code>alg</code>) is false). The generator must be ready for an input of the type given by <code>step</code>. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">step</td><td>Which step the input data is for. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">private_key</td><td>Handle to the private key to use. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">peer_key</td><td>Public key of the peer. The peer key must be in the same format that <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key()</a> accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key</a>(<code>internal_public_key_handle</code>, <a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(<code>private_key_type</code>), <code>peer_key</code>, <code>peer_key_length</code>) where <code>private_key_type</code> is the type of <code>private_key</code>. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a>. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">peer_key_length</td><td>Size of <code>peer_key</code> in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>private_key</code> is not compatible with <code>alg</code>, or <code>peer_key</code> is not valid for <code>alg</code> or not compatible with <code>private_key</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a key derivation algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaf1b12eff66a1a0020b5bdc8d0e910006"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_agreement_raw_shared_secret </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>private_key</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>peer_key</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>peer_key_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
-<p>A key agreement algorithm takes two inputs: a private key <code>private_key</code> a public key <code>peer_key</code>.</p>
-<dl class="section warning"><dt>Warning</dt><dd>The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should not be used directly as key material. It should instead be passed as input to a key derivation algorithm. To chain a key agreement with a key derivation, use <a class="el" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">psa_key_agreement()</a> and other functions from the key derivation and generator interface.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The key agreement algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">private_key</td><td>Handle to the private key to use. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">peer_key</td><td>Public key of the peer. It must be in the same format that <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key()</a> accepts. The standard formats for public keys are documented in the documentation of <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a>. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">peer_key_length</td><td>Size of <code>peer_key</code> in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the decrypted message is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the returned output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>alg</code> is not a key agreement algorithm </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>private_key</code> is not compatible with <code>alg</code>, or <code>peer_key</code> is not valid for <code>alg</code> or not compatible with <code>private_key</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not a supported key agreement algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1b30e888db65c71f5337900848e1b03f"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_derivation_input_bytes </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>&#160;</td>
-          <td class="paramname"><em>step</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>data_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Provide an input for key derivation or key agreement.</p>
-<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
-<p>This function passes direct inputs. Some inputs must be passed as keys using <a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key()</a> instead of this function. Refer to the documentation of individual step types for information.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to use. It must have been set up with <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> and must not have produced any output yet. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">step</td><td>Which step the input data is for. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">data</td><td>Input data to use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">data_length</td><td>Size of the <code>data</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> is not compatible with the generator's algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> does not allow direct inputs. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The value of <code>step</code> is not valid given the state of <code>generator</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga9e5f549aa1f6f3863a07008d3d98f91a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_derivation_input_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>&#160;</td>
-          <td class="paramname"><em>step</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Provide an input for key derivation in the form of a key.</p>
-<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
-<p>This function passes key inputs. Some inputs must be passed as keys of the appropriate type using this function, while others must be passed as direct inputs using <a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes()</a>. Refer to the documentation of individual step types for information.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to use. It must have been set up with <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> and must not have produced any output yet. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">step</td><td>Which step the input data is for. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key. It must have an appropriate type for <code>step</code> and must allow the usage <a class="el" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2">PSA_KEY_USAGE_DERIVE</a>.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> is not compatible with the generator's algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> does not allow key inputs. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The value of <code>step</code> is not valid given the state of <code>generator</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1825696be813dfac2b8d3d02717e71c5"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_derivation_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set up a key derivation operation.</p>
-<p>A key derivation algorithm takes some inputs and uses them to create a byte generator which can be used to produce keys and other cryptographic material.</p>
-<p>To use a generator for key derivation:</p><ul>
-<li>Start with an initialized object of type <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a>.</li>
-<li>Call <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> to select the algorithm.</li>
-<li>Provide the inputs for the key derivation by calling <a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes()</a> or <a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key()</a> as appropriate. Which inputs are needed, in what order, and whether they may be keys and if so of what type depends on the algorithm.</li>
-<li>Optionally set the generator's maximum capacity with <a class="el" href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">psa_set_generator_capacity()</a>. You may do this before, in the middle of or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.</li>
-<li>Generate output with <a class="el" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">psa_generator_read()</a> or <a class="el" href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">psa_generator_import_key()</a>. Successive calls to these functions use successive output bytes from the generator.</li>
-<li>Clean up the generator object with <a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to set up. It must have been initialized but not set up yet. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The key derivation algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>alg</code> is not a key derivation algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a key derivation algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__error.html b/docs/html/group__error.html
deleted file mode 100644
index 394e039..0000000
--- a/docs/html/group__error.html
+++ /dev/null
@@ -1,455 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Error codes</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a>  </div>
-  <div class="headertitle">
-<div class="title">Error codes</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga4cc859e2c66ca381c7418db3527a65e1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)0)</td></tr>
-<tr class="separator:ga4cc859e2c66ca381c7418db3527a65e1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga24d5fdcdd759f846f79d9e581c63a83f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f">PSA_ERROR_UNKNOWN_ERROR</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)1)</td></tr>
-<tr class="separator:ga24d5fdcdd759f846f79d9e581c63a83f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1dcc6d130633ed5db8942257581b55dd"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)2)</td></tr>
-<tr class="separator:ga1dcc6d130633ed5db8942257581b55dd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4d1b8dd8526177a15a210b7afc1accb1"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)3)</td></tr>
-<tr class="separator:ga4d1b8dd8526177a15a210b7afc1accb1"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga695025f4ec11249aee7ea3d0f65e01c8"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)4)</td></tr>
-<tr class="separator:ga695025f4ec11249aee7ea3d0f65e01c8"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac2fee3a51249fbea45360aaa911f3e58"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)5)</td></tr>
-<tr class="separator:gac2fee3a51249fbea45360aaa911f3e58"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaba00e3e6ceb2b12965a81e5ac02ae040"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)6)</td></tr>
-<tr class="separator:gaba00e3e6ceb2b12965a81e5ac02ae040"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga933d40fa2a591004f2e93aa91e11db84"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)7)</td></tr>
-<tr class="separator:ga933d40fa2a591004f2e93aa91e11db84"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga798df25a505ebf931f7bec1f80f1f85f"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)8)</td></tr>
-<tr class="separator:ga798df25a505ebf931f7bec1f80f1f85f"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga91b2ad8a867517a2651f1b076c5216e5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)9)</td></tr>
-<tr class="separator:ga91b2ad8a867517a2651f1b076c5216e5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga897a45eb206a6f6b7be7ffbe36f0d766"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)10)</td></tr>
-<tr class="separator:ga897a45eb206a6f6b7be7ffbe36f0d766"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5cdb6948371d49e916106249020ea3f7"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)11)</td></tr>
-<tr class="separator:ga5cdb6948371d49e916106249020ea3f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadd169a1af2707862b95fb9df91dfc37d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">PSA_ERROR_STORAGE_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)12)</td></tr>
-<tr class="separator:gadd169a1af2707862b95fb9df91dfc37d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga08b10e70fa5ff0b05c631d9f8f6b2c6b"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)13)</td></tr>
-<tr class="separator:ga08b10e70fa5ff0b05c631d9f8f6b2c6b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga2c5dda1485cb54f2385cb9c1279a7004"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)14)</td></tr>
-<tr class="separator:ga2c5dda1485cb54f2385cb9c1279a7004"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4deb59fec02297ec5d8b42178323f675"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)15)</td></tr>
-<tr class="separator:ga4deb59fec02297ec5d8b42178323f675"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga35927f755d232c4766de600f2c49e9f2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)16)</td></tr>
-<tr class="separator:ga35927f755d232c4766de600f2c49e9f2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gabe29594edbfb152cf153975b0597ac48"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gabe29594edbfb152cf153975b0597ac48">PSA_ERROR_INVALID_PADDING</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)17)</td></tr>
-<tr class="separator:gabe29594edbfb152cf153975b0597ac48"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf1fa61f72e9e5b4a848c991bea495767"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">PSA_ERROR_INSUFFICIENT_CAPACITY</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)18)</td></tr>
-<tr class="separator:gaf1fa61f72e9e5b4a848c991bea495767"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gadf22718935657c2c3168c228204085f9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a>&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)19)</td></tr>
-<tr class="separator:gadf22718935657c2c3168c228204085f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="memItemLeft" align="right" valign="top">typedef int32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a></td></tr>
-<tr class="memdesc:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="mdescLeft">&#160;</td><td class="mdescRight">Function return status.  <a href="#ga05676e70ba5c6a7565aff3c36677c1f9">More...</a><br /></td></tr>
-<tr class="separator:ga05676e70ba5c6a7565aff3c36677c1f9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga933d40fa2a591004f2e93aa91e11db84"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_BAD_STATE&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)7)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The requested action cannot be performed in the current state.</p>
-<p>Multipart operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.</p>
-<p>Implementations shall not return this error code to indicate that a key slot is occupied when it needs to be free or vice versa, but shall return <a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a> or <a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a> as applicable. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga695025f4ec11249aee7ea3d0f65e01c8"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_BUFFER_TOO_SMALL&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)4)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>An output buffer is too small.</p>
-<p>Applications can call the <code>PSA_xxx_SIZE</code> macro listed in the function description to determine a sufficient buffer size.</p>
-<p>Implementations should preferably return this error code only in cases when performing the operation with a larger output buffer would succeed. However implementations may return this error if a function has invalid or unsupported parameters in addition to the parameters that determine the necessary output buffer size. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga5cdb6948371d49e916106249020ea3f7"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_COMMUNICATION_FAILURE&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)11)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>There was a communication failure inside the implementation.</p>
-<p>This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure may be transient or permanent depending on the cause.</p>
-<dl class="section warning"><dt>Warning</dt><dd>If a function returns this error, it is undetermined whether the requested action has completed or not. Implementations should return <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a> on successful completion whenver possible, however functions may return <a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a> if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gaba00e3e6ceb2b12965a81e5ac02ae040"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_EMPTY_SLOT&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)6)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A slot is empty, but must be occupied to carry out the requested action.</p>
-<p>If a handle is invalid, it does not designate an empty slot. The error for an invalid handle is <a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga08b10e70fa5ff0b05c631d9f8f6b2c6b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_HARDWARE_FAILURE&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)13)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A hardware failure was detected.</p>
-<p>A hardware failure may be transient or permanent depending on the cause. </p>
-
-</div>
-</div>
-<a class="anchor" id="gaf1fa61f72e9e5b4a848c991bea495767"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INSUFFICIENT_CAPACITY&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)18)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The generator has insufficient capacity left.</p>
-<p>Once a function returns this error, attempts to read from the generator will always return this error. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga4deb59fec02297ec5d8b42178323f675"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INSUFFICIENT_ENTROPY&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)15)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>There is not enough entropy to generate random data needed for the requested action.</p>
-<p>This error indicates a failure of a hardware random generator. Application writers should note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.</p>
-<p>Implementations should avoid returning this error after <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a> has succeeded. Implementations should generate sufficient entropy during initialization and subsequently use a cryptographically secure pseudorandom generator (PRNG). However implementations may return this error at any time if a policy requires the PRNG to be reseeded during normal operation. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga91b2ad8a867517a2651f1b076c5216e5"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INSUFFICIENT_MEMORY&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)9)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>There is not enough runtime memory.</p>
-<p>If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga897a45eb206a6f6b7be7ffbe36f0d766"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INSUFFICIENT_STORAGE&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)10)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>There is not enough persistent storage.</p>
-<p>Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage may return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga798df25a505ebf931f7bec1f80f1f85f"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INVALID_ARGUMENT&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)8)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The parameters passed to the function are invalid.</p>
-<p>Implementations may return this error any time a parameter or combination of parameters are recognized as invalid.</p>
-<p>Implementations shall not return this error code to indicate that a key slot is occupied when it needs to be free or vice versa, but shall return <a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a> or <a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a> as applicable.</p>
-<p>Implementation shall not return this error code to indicate that a key handle is invalid, but shall return <a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a> instead. </p>
-
-</div>
-</div>
-<a class="anchor" id="gadf22718935657c2c3168c228204085f9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INVALID_HANDLE&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)19)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The key handle is not valid. </p>
-
-</div>
-</div>
-<a class="anchor" id="gabe29594edbfb152cf153975b0597ac48"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INVALID_PADDING&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)17)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The decrypted padding is incorrect.</p>
-<dl class="section warning"><dt>Warning</dt><dd>In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Applications should prefer protocols that use authenticated encryption rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer should take care not to reveal whether the padding is invalid.</dd></dl>
-<p>Implementations should strive to make valid and invalid padding as close as possible to indistinguishable to an external observer. In particular, the timing of a decryption operation should not depend on the validity of the padding. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga35927f755d232c4766de600f2c49e9f2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_INVALID_SIGNATURE&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)16)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The signature, MAC or hash is incorrect.</p>
-<p>Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.</p>
-<p>If the value to verify has an invalid size, implementations may return either <a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a> or <a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga4d1b8dd8526177a15a210b7afc1accb1"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_NOT_PERMITTED&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)3)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The requested action is denied by a policy.</p>
-<p>Implementations should return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.</p>
-<p>If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns <a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a>, <a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a> or <a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga1dcc6d130633ed5db8942257581b55dd"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_NOT_SUPPORTED&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)2)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The requested operation or a parameter is not supported by this implementation.</p>
-<p>Implementations should return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return <a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a> instead. </p>
-
-</div>
-</div>
-<a class="anchor" id="gac2fee3a51249fbea45360aaa911f3e58"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_OCCUPIED_SLOT&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)5)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A slot is occupied, but must be empty to carry out the requested action.</p>
-<p>If a handle is invalid, it does not designate an occupied slot. The error for an invalid handle is <a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="gadd169a1af2707862b95fb9df91dfc37d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_STORAGE_FAILURE&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)12)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>There was a storage failure that may have led to data loss.</p>
-<p>This error indicates that some persistent storage is corrupted. It should not be used for a corruption of volatile memory (use <a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a>), for a communication error between the cryptoprocessor and its external storage (use <a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a>), or when the storage is in a valid state but is full (use <a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a>).</p>
-<p>Note that a storage failure does not indicate that any data that was previously read is invalid. However this previously read data may no longer be readable from storage.</p>
-<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data may or may not fail even if the data is still readable but its integrity cannot be guaranteed.</p>
-<p>Implementations should only use this error code to report a permanent storage corruption. However application writers should keep in mind that transient errors while reading the storage may be reported using this error code. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga2c5dda1485cb54f2385cb9c1279a7004"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_TAMPERING_DETECTED&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)14)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A tampering attempt was detected.</p>
-<p>If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. Applications should not perform any security function and should enter a safe failure state.</p>
-<p>Implementations may return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation's security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation may forcibly terminate the application.</p>
-<p>This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations shall only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations shall not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation (use <a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a>, <a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">PSA_ERROR_STORAGE_FAILURE</a>, <a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a>, <a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a> or other applicable error code instead).</p>
-<p>This error indicates an attack against the application. Implementations shall not return this error code as a consequence of the behavior of the application itself. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga24d5fdcdd759f846f79d9e581c63a83f"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_ERROR_UNKNOWN_ERROR&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)1)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>An error occurred that does not correspond to any defined failure cause.</p>
-<p>Implementations may use this error code if none of the other standard error codes are applicable. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga4cc859e2c66ca381c7418db3527a65e1"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_SUCCESS&#160;&#160;&#160;((<a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>)0)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The action was completed successfully. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="ga05676e70ba5c6a7565aff3c36677c1f9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef int32_t <a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Function return status. </p>
-<p>This is either <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a> (which is zero), indicating success, or a nonzero value indicating that an error occurred. Errors are encoded as one of the <code>PSA_ERROR_xxx</code> values defined here. </p>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__generators.html b/docs/html/group__generators.html
deleted file mode 100644
index e092ad9..0000000
--- a/docs/html/group__generators.html
+++ /dev/null
@@ -1,415 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Generators</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Generators</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga4788b471385fc667876fbd8a0d3fe062"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga4788b471385fc667876fbd8a0d3fe062">PSA_CRYPTO_GENERATOR_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga4788b471385fc667876fbd8a0d3fe062"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac3222df9b9ecca4d33ae56a7b8fbb1c9"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#gac3222df9b9ecca4d33ae56a7b8fbb1c9">PSA_GENERATOR_UNBRIDLED_CAPACITY</a>&#160;&#160;&#160;((size_t)(-1))</td></tr>
-<tr class="separator:gac3222df9b9ecca4d33ae56a7b8fbb1c9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga1f894c4fba202ef8e307d72caf489e3b"><td class="memItemLeft" align="right" valign="top">typedef struct psa_crypto_generator_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a></td></tr>
-<tr class="separator:ga1f894c4fba202ef8e307d72caf489e3b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga7453491e3b440193be2c5dccc2040fd2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga7453491e3b440193be2c5dccc2040fd2">psa_get_generator_capacity</a> (const <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, size_t *capacity)</td></tr>
-<tr class="separator:ga7453491e3b440193be2c5dccc2040fd2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga45676ec3c719622f95caaf926f44bb6e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">psa_set_generator_capacity</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, size_t capacity)</td></tr>
-<tr class="separator:ga45676ec3c719622f95caaf926f44bb6e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab5712ad29b78c2b170e64cc5bcfc1bce"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">psa_generator_read</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, uint8_t *output, size_t output_length)</td></tr>
-<tr class="separator:gab5712ad29b78c2b170e64cc5bcfc1bce"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7fcdf07cd37279ca167db484053da894"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">psa_generator_import_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, size_t bits, <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator)</td></tr>
-<tr class="separator:ga7fcdf07cd37279ca167db484053da894"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga563ca64537d90368899286b36d8cf7f3"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator)</td></tr>
-<tr class="separator:ga563ca64537d90368899286b36d8cf7f3"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga4788b471385fc667876fbd8a0d3fe062"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_CRYPTO_GENERATOR_INIT&#160;&#160;&#160;{0}</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>This macro returns a suitable initializer for a generator object of type <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="gac3222df9b9ecca4d33ae56a7b8fbb1c9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_GENERATOR_UNBRIDLED_CAPACITY&#160;&#160;&#160;((size_t)(-1))</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Use the maximum possible capacity for a generator.</p>
-<p>Use this value as the capacity argument when setting up a generator to indicate that the generator should have the maximum possible capacity. The value of the maximum possible capacity depends on the generator algorithm. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="ga1f894c4fba202ef8e307d72caf489e3b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef struct psa_crypto_generator_s <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The type of the state data structure for generators.</p>
-<p>Before calling any function on a generator, the application must initialize it by any of the following means:</p><ul>
-<li>Set the structure to all-bits-zero, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_crypto_generator_t generator;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;memset(&amp;generator, 0, sizeof(generator));</div></div><!-- fragment --></li>
-<li>Initialize the structure to logical zero values, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_crypto_generator_t generator = {0};</div></div><!-- fragment --></li>
-<li>Initialize the structure to the initializer <a class="el" href="group__generators.html#ga4788b471385fc667876fbd8a0d3fe062">PSA_CRYPTO_GENERATOR_INIT</a>, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;</div></div><!-- fragment --></li>
-<li>Assign the result of the function psa_crypto_generator_init() to the structure, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_crypto_generator_t generator;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;generator = psa_crypto_generator_init();</div></div><!-- fragment --></li>
-</ul>
-<p>This is an implementation-defined <code>struct</code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="ga563ca64537d90368899286b36d8cf7f3"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_generator_abort </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Abort a generator.</p>
-<p>Once a generator has been aborted, its capacity is zero. Aborting a generator frees all associated resources except for the <code>generator</code> structure itself.</p>
-<p>This function may be called at any time as long as the generator object has been initialized to <a class="el" href="group__generators.html#ga4788b471385fc667876fbd8a0d3fe062">PSA_CRYPTO_GENERATOR_INIT</a>, to psa_crypto_generator_init() or a zero value. In particular, it is valid to call <a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort()</a> twice, or to call <a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort()</a> on a generator that has not been set up.</p>
-<p>Once aborted, the generator object may be called.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator to abort.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga7fcdf07cd37279ca167db484053da894"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_generator_import_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>&#160;</td>
-          <td class="paramname"><em>type</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>bits</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Create a symmetric key from data read from a generator.</p>
-<p>This function reads a sequence of bytes from a generator and imports these bytes as a key. The data that is read is discarded from the generator. The generator's capacity is decreased by the number of bytes read.</p>
-<p>This function is equivalent to calling <a class="el" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">psa_generator_read</a> and passing the resulting output to <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key</a>, but if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the slot where the key will be stored. It must have been obtained by calling <a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key()</a> or <a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key()</a> and must not contain key material yet. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">type</td><td>Key type (a <code>PSA_KEY_TYPE_XXX</code> value). This must be a symmetric key type. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">bits</td><td>Key size in bits. </td></tr>
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to read from.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">PSA_ERROR_INSUFFICIENT_CAPACITY</a></td><td>There were fewer than <code>output_length</code> bytes in the generator. Note that in this case, no output is written to the output buffer. The generator's capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td>The key type or key size is not supported, either by the implementation in general or in this particular slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a></td><td>There is already a key in the specified slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gab5712ad29b78c2b170e64cc5bcfc1bce"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_generator_read </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Read some data from a generator.</p>
-<p>This function reads and returns a sequence of bytes from a generator. The data that is read is discarded from the generator. The generator's capacity is decreased by the number of bytes read.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to read from. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the generator output will be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_length</td><td>Number of bytes to output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaf1fa61f72e9e5b4a848c991bea495767">PSA_ERROR_INSUFFICIENT_CAPACITY</a></td><td>There were fewer than <code>output_length</code> bytes in the generator. Note that in this case, no output is written to the output buffer. The generator's capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga7453491e3b440193be2c5dccc2040fd2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_get_generator_capacity </td>
-          <td>(</td>
-          <td class="paramtype">const <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>capacity</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Retrieve the current capacity of a generator.</p>
-<p>The capacity of a generator is the maximum number of bytes that it can return. Reading <em>N</em> bytes from a generator reduces its capacity by <em>N</em>.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in]</td><td class="paramname">generator</td><td>The generator to query. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">capacity</td><td>On success, the capacity of the generator.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga45676ec3c719622f95caaf926f44bb6e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_set_generator_capacity </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
-          <td class="paramname"><em>generator</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>capacity</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set the maximum capacity of a generator.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to modify. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">capacity</td><td>The new capacity of the generator. It must be less or equal to the generator's current capacity.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>capacity</code> is larger than the generator's current capacity. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__hash.html b/docs/html/group__hash.html
deleted file mode 100644
index ef7f322..0000000
--- a/docs/html/group__hash.html
+++ /dev/null
@@ -1,619 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Message digests</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Message digests</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga6ab7fe8d3500bc2f21be840b4f4f8d1d"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga6ab7fe8d3500bc2f21be840b4f4f8d1d">PSA_HASH_OPERATION_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga6ab7fe8d3500bc2f21be840b4f4f8d1d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga3c4205d2ce66c4095fc5c78c25273fab"><td class="memItemLeft" align="right" valign="top">typedef struct psa_hash_operation_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a></td></tr>
-<tr class="separator:ga3c4205d2ce66c4095fc5c78c25273fab"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:gac69f7f19d96a56c28cf3799d11b12156"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#gac69f7f19d96a56c28cf3799d11b12156">psa_hash_compute</a> (<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)</td></tr>
-<tr class="separator:gac69f7f19d96a56c28cf3799d11b12156"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga0bb6dbd3c310648c3cf7d202413ff0bc"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc">psa_hash_compare</a> (<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, const uint8_t *input, size_t input_length, const uint8_t *hash, const size_t hash_length)</td></tr>
-<tr class="separator:ga0bb6dbd3c310648c3cf7d202413ff0bc"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga8d72896cf70fc4d514c5c6b978912515"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="separator:ga8d72896cf70fc4d514c5c6b978912515"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga65b16ef97d7f650899b7db4b7d1112ff"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, const uint8_t *input, size_t input_length)</td></tr>
-<tr class="separator:ga65b16ef97d7f650899b7db4b7d1112ff"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4795fd06a0067b0adcd92e9627b8c97e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)</td></tr>
-<tr class="separator:ga4795fd06a0067b0adcd92e9627b8c97e"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7be923c5700c9c70ef77ee9b76d1a5c0"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation, const uint8_t *hash, size_t hash_length)</td></tr>
-<tr class="separator:ga7be923c5700c9c70ef77ee9b76d1a5c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gab0b4d5f9912a615559497a467b532928"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort</a> (<a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *operation)</td></tr>
-<tr class="separator:gab0b4d5f9912a615559497a467b532928"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga39673348f3302b4646bd780034a5aeda"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__hash.html#ga39673348f3302b4646bd780034a5aeda">psa_hash_clone</a> (const <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *source_operation, <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *target_operation)</td></tr>
-<tr class="separator:ga39673348f3302b4646bd780034a5aeda"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga6ab7fe8d3500bc2f21be840b4f4f8d1d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_HASH_OPERATION_INIT&#160;&#160;&#160;{0}</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>This macro returns a suitable initializer for a hash operation object of type <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a>. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="ga3c4205d2ce66c4095fc5c78c25273fab"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef struct psa_hash_operation_s <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The type of the state data structure for multipart hash operations.</p>
-<p>Before calling any function on a hash operation object, the application must initialize it by any of the following means:</p><ul>
-<li>Set the structure to all-bits-zero, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_hash_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;memset(&amp;operation, 0, sizeof(operation));</div></div><!-- fragment --></li>
-<li>Initialize the structure to logical zero values, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_hash_operation_t operation = {0};</div></div><!-- fragment --></li>
-<li>Initialize the structure to the initializer <a class="el" href="group__hash.html#ga6ab7fe8d3500bc2f21be840b4f4f8d1d">PSA_HASH_OPERATION_INIT</a>, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;</div></div><!-- fragment --></li>
-<li>Assign the result of the function psa_hash_operation_init() to the structure, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_hash_operation_t operation;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;operation = psa_hash_operation_init();</div></div><!-- fragment --></li>
-</ul>
-<p>This is an implementation-defined <code>struct</code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="gab0b4d5f9912a615559497a467b532928"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_abort </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Abort a hash operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code>operation</code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p><ul>
-<li>A call to <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a>, whether it succeeds or not.</li>
-<li>Initializing the <code>struct</code> to all-bits-zero.</li>
-<li>Initializing the <code>struct</code> to logical zeros, e.g. <code>psa_hash_operation_t operation = {0}</code>.</li>
-</ul>
-<p>In particular, calling <a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort()</a> after the operation has been terminated by a call to <a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort()</a>, <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish()</a> or <a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify()</a> is safe and has no effect.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Initialized hash operation.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td><code>operation</code> is not an active hash operation. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga39673348f3302b4646bd780034a5aeda"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_clone </td>
-          <td>(</td>
-          <td class="paramtype">const <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>source_operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>target_operation</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Clone a hash operation.</p>
-<p>This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a> on <code>target_operation</code> with the same algorithm that <code>source_operation</code> was set up for, then <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update()</a> on <code>target_operation</code> with the same input that that was passed to <code>source_operation</code>. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in]</td><td class="paramname">source_operation</td><td>The active hash operation to clone. </td></tr>
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">target_operation</td><td>The operation object to set up. It must be initialized but not active.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td><code>source_operation</code> is not an active hash operation. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td><code>target_operation</code> is active. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga0bb6dbd3c310648c3cf7d202413ff0bc"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_compare </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>hash</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const size_t&#160;</td>
-          <td class="paramname"><em>hash_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Calculate the hash (digest) of a message and compare it with a reference value.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The hash algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message to hash. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">hash</td><td>Buffer containing the expected hash value. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">hash_length</td><td>Size of the <code>hash</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>The expected hash is identical to the actual hash of the input. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a></td><td>The hash of the message was calculated successfully, but it differs from the expected hash. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a hash algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gac69f7f19d96a56c28cf3799d11b12156"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_compute </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>hash</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>hash_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>hash_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Calculate the hash (digest) of a message.</p>
-<dl class="section note"><dt>Note</dt><dd>To verify the hash of a message against an expected value, use <a class="el" href="group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc">psa_hash_compare()</a> instead.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The hash algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>alg</code>) is true). </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message to hash. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">hash</td><td>Buffer where the hash is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">hash_size</td><td>Size of the <code>hash</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">hash_length</td><td>On success, the number of bytes that make up the hash value. This is always <a class="el" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">PSA_HASH_SIZE</a>(<code>alg</code>).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a hash algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga4795fd06a0067b0adcd92e9627b8c97e"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_finish </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>hash</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>hash_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>hash_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Finish the calculation of the hash of a message.</p>
-<p>The application must call <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update()</a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<dl class="section warning"><dt>Warning</dt><dd>Applications should not call this function if they expect a specific value for the hash. Call <a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify()</a> instead. Beware that comparing integrity or authenticity data such as hash values with a function such as <code>memcmp</code> is risky because the time taken by the comparison may leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active hash operation. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">hash</td><td>Buffer where the hash is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">hash_size</td><td>Size of the <code>hash</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">hash_length</td><td>On success, the number of bytes that make up the hash value. This is always <a class="el" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">PSA_HASH_SIZE</a>(<code>alg</code>) where <code>alg</code> is the hash algorithm that is calculated.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>hash</code> buffer is too small. You can determine a sufficient buffer size by calling <a class="el" href="crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99">PSA_HASH_SIZE</a>(<code>alg</code>) where <code>alg</code> is the hash algorithm that is calculated. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga8d72896cf70fc4d514c5c6b978912515"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_setup </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Set up a multipart hash operation.</p>
-<p>The sequence of operations to calculate a hash (message digest) is as follows:</p><ol type="1">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a>, e.g. PSA_HASH_OPERATION_INIT.</li>
-<li>Call <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a> to specify the algorithm.</li>
-<li>Call <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update()</a> zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order.</li>
-<li>To calculate the hash, call <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish()</a>. To compare the hash with an expected value, call <a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify()</a>.</li>
-</ol>
-<p>The application may call <a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort()</a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a>, the application must eventually terminate the operation. The following events terminate an operation:</p><ul>
-<li>A failed call to <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update()</a>.</li>
-<li>A call to <a class="el" href="group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e">psa_hash_finish()</a>, <a class="el" href="group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0">psa_hash_verify()</a> or <a class="el" href="group__hash.html#gab0b4d5f9912a615559497a467b532928">psa_hash_abort()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>The operation object to set up. It must have been initialized as per the documentation for <a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> and not yet in use. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The hash algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f">PSA_ALG_IS_HASH</a>(<code>alg</code>) is true).</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a hash algorithm. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga65b16ef97d7f650899b7db4b7d1112ff"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_update </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>input</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>input_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Add a message fragment to a multipart hash operation.</p>
-<p>The application must call <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active hash operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">input</td><td>Buffer containing the message fragment to hash. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">input_length</td><td>Size of the <code>input</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga7be923c5700c9c70ef77ee9b76d1a5c0"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_hash_verify </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab">psa_hash_operation_t</a> *&#160;</td>
-          <td class="paramname"><em>operation</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>hash</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>hash_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Finish the calculation of the hash of a message and compare it with an expected value.</p>
-<p>The application must call <a class="el" href="group__hash.html#ga8d72896cf70fc4d514c5c6b978912515">psa_hash_setup()</a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="el" href="group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff">psa_hash_update()</a>. It then compares the calculated hash with the expected hash passed as a parameter to this function.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<dl class="section note"><dt>Note</dt><dd>Implementations shall make the best effort to ensure that the comparison between the actual hash and the expected hash is performed in constant time.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">operation</td><td>Active hash operation. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">hash</td><td>Buffer containing the expected hash value. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">hash_length</td><td>Size of the <code>hash</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>The expected hash is identical to the actual hash of the message. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga35927f755d232c4766de600f2c49e9f2">PSA_ERROR_INVALID_SIGNATURE</a></td><td>The hash of the message was calculated successfully, but it differs from the expected hash. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The operation state is not valid (not set up, or already completed). </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__import__export.html b/docs/html/group__import__export.html
deleted file mode 100644
index 7d05ce4..0000000
--- a/docs/html/group__import__export.html
+++ /dev/null
@@ -1,634 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Key import and export</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Key import and export</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:gac9f999cb4d098663d56095afe81a453a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a">psa_import_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, const uint8_t *data, size_t data_length)</td></tr>
-<tr class="memdesc:gac9f999cb4d098663d56095afe81a453a"><td class="mdescLeft">&#160;</td><td class="mdescRight">Import a key in binary format.  <a href="#gac9f999cb4d098663d56095afe81a453a">More...</a><br /></td></tr>
-<tr class="separator:gac9f999cb4d098663d56095afe81a453a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga165085fc1bc7a78b91792fdd94ae102c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c">psa_destroy_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle)</td></tr>
-<tr class="memdesc:ga165085fc1bc7a78b91792fdd94ae102c"><td class="mdescLeft">&#160;</td><td class="mdescRight">Destroy a key.  <a href="#ga165085fc1bc7a78b91792fdd94ae102c">More...</a><br /></td></tr>
-<tr class="separator:ga165085fc1bc7a78b91792fdd94ae102c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae8939902d6977ea8ad13eb7b4db9a042"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042">psa_get_key_information</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> *type, size_t *bits)</td></tr>
-<tr class="memdesc:gae8939902d6977ea8ad13eb7b4db9a042"><td class="mdescLeft">&#160;</td><td class="mdescRight">Get basic metadata about a key.  <a href="#gae8939902d6977ea8ad13eb7b4db9a042">More...</a><br /></td></tr>
-<tr class="separator:gae8939902d6977ea8ad13eb7b4db9a042"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga091da8d3d39137fd6ad59f2b10234300"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300">psa_set_key_domain_parameters</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, const uint8_t *data, size_t data_length)</td></tr>
-<tr class="memdesc:ga091da8d3d39137fd6ad59f2b10234300"><td class="mdescLeft">&#160;</td><td class="mdescRight">Set domain parameters for a key.  <a href="#ga091da8d3d39137fd6ad59f2b10234300">More...</a><br /></td></tr>
-<tr class="separator:ga091da8d3d39137fd6ad59f2b10234300"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gae260b92e32ac5d63f7dfc6ffdf6536f7"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7">psa_get_key_domain_parameters</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, uint8_t *data, size_t data_size, size_t *data_length)</td></tr>
-<tr class="memdesc:gae260b92e32ac5d63f7dfc6ffdf6536f7"><td class="mdescLeft">&#160;</td><td class="mdescRight">Get domain parameters for a key.  <a href="#gae260b92e32ac5d63f7dfc6ffdf6536f7">More...</a><br /></td></tr>
-<tr class="separator:gae260b92e32ac5d63f7dfc6ffdf6536f7"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga902b9a7a6cf34d6111668be777b05eaf"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf">psa_export_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, uint8_t *data, size_t data_size, size_t *data_length)</td></tr>
-<tr class="memdesc:ga902b9a7a6cf34d6111668be777b05eaf"><td class="mdescLeft">&#160;</td><td class="mdescRight">Export a key in binary format.  <a href="#ga902b9a7a6cf34d6111668be777b05eaf">More...</a><br /></td></tr>
-<tr class="separator:ga902b9a7a6cf34d6111668be777b05eaf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gad760d1f0d4e60972c78cbb4c8a528256"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256">psa_export_public_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, uint8_t *data, size_t data_size, size_t *data_length)</td></tr>
-<tr class="memdesc:gad760d1f0d4e60972c78cbb4c8a528256"><td class="mdescLeft">&#160;</td><td class="mdescRight">Export a public key or the public part of a key pair in binary format.  <a href="#gad760d1f0d4e60972c78cbb4c8a528256">More...</a><br /></td></tr>
-<tr class="separator:gad760d1f0d4e60972c78cbb4c8a528256"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga5c1c24176cfb1517a8806235b3162a9d"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d">psa_copy_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> source_handle, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> target_handle, const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *constraint)</td></tr>
-<tr class="separator:ga5c1c24176cfb1517a8806235b3162a9d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="ga5c1c24176cfb1517a8806235b3162a9d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_copy_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>source_handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>target_handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *&#160;</td>
-          <td class="paramname"><em>constraint</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Make a copy of a key.</p>
-<p>Copy key material from one location to another.</p>
-<p>This function is primarily useful to copy a key from one lifetime to another. The target key retains its lifetime and location.</p>
-<p>In an implementation where slots have different ownerships, this function may be used to share a key with a different party, subject to implementation-defined restrictions on key sharing. In this case <code>constraint</code> would typically prevent the recipient from exporting the key.</p>
-<p>The resulting key may only be used in a way that conforms to all three of: the policy of the source key, the policy previously set on the target, and the <code>constraint</code> parameter passed when calling this function.</p><ul>
-<li>The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy, the previously-set target policy and the policy constraint.</li>
-<li>If all three policies allow the same algorithm or wildcard-based algorithm policy, the resulting key has the same algorithm policy.</li>
-<li>If one of the policies allows an algorithm and all the other policies either allow the same algorithm or a wildcard-based algorithm policy that includes this algorithm, the resulting key allows the same algorithm.</li>
-</ul>
-<p>The effect of this function on implementation-defined metadata is implementation-defined.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">source_handle</td><td>The key to copy. It must be a handle to an occupied slot. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">target_handle</td><td>A handle to the target slot. It must not contain key material yet. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">constraint</td><td>An optional policy constraint. If this parameter is non-null then the resulting key will conform to this policy in addition to the source policy and the policy already present on the target slot. If this parameter is null then the function behaves in the same way as if it was the target policy, i.e. only the source and target policies apply.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a></td><td><code>target</code> already contains key material. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td><code>source</code> does not contain key material. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The policy constraints on the source, on the target and <code>constraints</code> are incompatible. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td>The source key is not exportable and its lifetime does not allow copying it to the target's lifetime. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga165085fc1bc7a78b91792fdd94ae102c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_destroy_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Destroy a key. </p>
-<p>This function destroys the content of the key slot from both volatile memory and, if applicable, non-volatile storage. Implementations shall make a best effort to ensure that any previous content of the slot is unrecoverable.</p>
-<p>This function also erases any metadata such as policies and frees all resources associated with the key.</p>
-<p>If the key is currently in use in a multipart operation, the multipart operation is aborted.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">handle</td><td>Handle to the key slot to erase.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>The slot's content, if any, has been erased. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td>The slot holds content and cannot be erased because it is read-only, either due to a policy or due to physical restrictions. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td>There was an failure in communication with the cryptoprocessor. The key material may still be present in the cryptoprocessor. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">PSA_ERROR_STORAGE_FAILURE</a></td><td>The storage is corrupted. Implementations shall make a best effort to erase key material even in this stage, however applications should be aware that it may be impossible to guarantee that the key material is not recoverable in such cases. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td>An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor may have been compromised. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga902b9a7a6cf34d6111668be777b05eaf"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_export_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>data_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>data_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Export a key in binary format. </p>
-<p>The output of this function can be passed to <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key()</a> to create an equivalent object.</p>
-<p>If the implementation of <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key()</a> supports other formats beyond the format specified here, the output from <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf" title="Export a key in binary format. ">psa_export_key()</a> must use the representation specified here, not the original representation.</p>
-<p>For standard key types, the output format is as follows:</p>
-<ul>
-<li>For symmetric keys (including MAC keys), the format is the raw bytes of the key.</li>
-<li>For DES, the key data consists of 8 bytes. The parity bits must be correct.</li>
-<li>For Triple-DES, the format is the concatenation of the two or three DES keys.</li>
-<li>For RSA key pairs (<a class="el" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">PSA_KEY_TYPE_RSA_KEYPAIR</a>), the format is the non-encrypted DER encoding of the representation defined by PKCS#1 (RFC 8017) as <code>RSAPrivateKey</code>, version 0. <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;RSAPrivateKey ::= SEQUENCE {</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;    version             INTEGER,  -- must be 0</div><div class="line"><a name="l00003"></a><span class="lineno">    3</span>&#160;    modulus             INTEGER,  -- n</div><div class="line"><a name="l00004"></a><span class="lineno">    4</span>&#160;    publicExponent      INTEGER,  -- e</div><div class="line"><a name="l00005"></a><span class="lineno">    5</span>&#160;    privateExponent     INTEGER,  -- d</div><div class="line"><a name="l00006"></a><span class="lineno">    6</span>&#160;    prime1              INTEGER,  -- p</div><div class="line"><a name="l00007"></a><span class="lineno">    7</span>&#160;    prime2              INTEGER,  -- q</div><div class="line"><a name="l00008"></a><span class="lineno">    8</span>&#160;    exponent1           INTEGER,  -- d mod (p-1)</div><div class="line"><a name="l00009"></a><span class="lineno">    9</span>&#160;    exponent2           INTEGER,  -- d mod (q-1)</div><div class="line"><a name="l00010"></a><span class="lineno">   10</span>&#160;    coefficient         INTEGER,  -- (inverse of q) mod p</div><div class="line"><a name="l00011"></a><span class="lineno">   11</span>&#160;}</div></div><!-- fragment --></li>
-<li>For DSA private keys (<a class="el" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">PSA_KEY_TYPE_DSA_KEYPAIR</a>), the format is the representation of the private key <code>x</code> as a big-endian byte string. The length of the byte string is the private key size in bytes (leading zeroes are not stripped).</li>
-<li>For elliptic curve key pairs (key types for which <a class="el" href="group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b">PSA_KEY_TYPE_IS_ECC_KEYPAIR</a> is true), the format is a representation of the private value as a <code>ceiling(m/8)</code>-byte string where <code>m</code> is the bit size associated with the curve, i.e. the bit size of the order of the curve's coordinate field. This byte string is in little-endian order for Montgomery curves (curve types <code>PSA_ECC_CURVE_CURVEXXX</code>), and in big-endian order for Weierstrass curves (curve types <code>PSA_ECC_CURVE_SECTXXX</code>, <code>PSA_ECC_CURVE_SECPXXX</code> and <code>PSA_ECC_CURVE_BRAINPOOL_PXXX</code>). This is the content of the <code>privateKey</code> field of the <code>ECPrivateKey</code> format defined by RFC 5915.</li>
-<li>For Diffie-Hellman key exchange key pairs (<a class="el" href="group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5">PSA_KEY_TYPE_DH_KEYPAIR</a>), the format is the representation of the private key <code>x</code> as a big-endian byte string. The length of the byte string is the private key size in bytes (leading zeroes are not stripped).</li>
-<li>For public keys (key types for which <a class="el" href="group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b">PSA_KEY_TYPE_IS_PUBLIC_KEY</a> is true), the format is the same as for <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a>.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to export. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">data</td><td>Buffer where the key data is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">data_size</td><td>Size of the <code>data</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">data_length</td><td>On success, the number of bytes that make up the key data.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>data</code> buffer is too small. You can determine a sufficient buffer size by calling <a class="el" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">PSA_KEY_EXPORT_MAX_SIZE</a>(<code>type</code>, <code>bits</code>) where <code>type</code> is the key type and <code>bits</code> is the key size in bits. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gad760d1f0d4e60972c78cbb4c8a528256"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_export_public_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>data_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>data_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Export a public key or the public part of a key pair in binary format. </p>
-<p>The output of this function can be passed to <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key()</a> to create an object that is equivalent to the public key.</p>
-<p>This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported. Implementations that support other formats should ensure that the formats are clearly unambiguous so as to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
-<p>For standard key types, the output format is as follows:</p><ul>
-<li>For RSA public keys (<a class="el" href="group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a>), the DER encoding of the representation defined by RFC 3279 &sect;2.3.1 as <code>RSAPublicKey</code>. <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;RSAPublicKey ::= SEQUENCE {</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;   modulus            INTEGER,    -- n</div><div class="line"><a name="l00003"></a><span class="lineno">    3</span>&#160;   publicExponent     INTEGER  }  -- e</div></div><!-- fragment --></li>
-<li>For elliptic curve public keys (key types for which <a class="el" href="group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a> is true), the format is the uncompressed representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint. Let <code>m</code> be the bit size associated with the curve, i.e. the bit size of <code>q</code> for a curve over <code>F_q</code>. The representation consists of:<ul>
-<li>The byte 0x04;</li>
-<li><code>x_P</code> as a <code>ceiling(m/8)</code>-byte string, big-endian;</li>
-<li><code>y_P</code> as a <code>ceiling(m/8)</code>-byte string, big-endian.</li>
-</ul>
-</li>
-<li>For DSA public keys (<a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>), the format is the representation of the public key <code>y = g^x mod p</code> as a big-endian byte string. The length of the byte string is the length of the base prime <code>p</code> in bytes.</li>
-<li>For Diffie-Hellman key exchange public keys (<a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>), the format is the representation of the public key <code>y = g^x mod p</code> as a big-endian byte string. The length of the byte string is the length of the base prime <code>p</code> in bytes.</li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to export. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">data</td><td>Buffer where the key data is to be written. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">data_size</td><td>Size of the <code>data</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">data_length</td><td>On success, the number of bytes that make up the key data.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The key is neither a public key nor a key pair. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8">PSA_ERROR_BUFFER_TOO_SMALL</a></td><td>The size of the <code>data</code> buffer is too small. You can determine a sufficient buffer size by calling <a class="el" href="crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3">PSA_KEY_EXPORT_MAX_SIZE</a>(<a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(<code>type</code>), <code>bits</code>) where <code>type</code> is the key type and <code>bits</code> is the key size in bits. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gae260b92e32ac5d63f7dfc6ffdf6536f7"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_get_key_domain_parameters </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>data_size</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>data_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Get domain parameters for a key. </p>
-<p>Get the domain parameters for a key with this function, if any. The format of the domain parameters written to <code>data</code> is specified in the documentation for <a class="el" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300" title="Set domain parameters for a key. ">psa_set_key_domain_parameters()</a>.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key to get domain parameters from. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">data</td><td>On success, the key domain parameters. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">data_size</td><td>Size of the <code>data</code> buffer in bytes. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">data_length</td><td>On success, the number of bytes that make up the key domain parameters data.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td>There is no key in the specified slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gae8939902d6977ea8ad13eb7b4db9a042"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_get_key_information </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> *&#160;</td>
-          <td class="paramname"><em>type</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t *&#160;</td>
-          <td class="paramname"><em>bits</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Get basic metadata about a key. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key slot to query. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">type</td><td>On success, the key type (a <code>PSA_KEY_TYPE_XXX</code> value). This may be a null pointer, in which case the key type is not written. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">bits</td><td>On success, the key size in bits. This may be a null pointer, in which case the key size is not written.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td>The handle is to a key slot which does not contain key material yet. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gac9f999cb4d098663d56095afe81a453a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_import_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>&#160;</td>
-          <td class="paramname"><em>type</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>data_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Import a key in binary format. </p>
-<p>This function supports any output from <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf" title="Export a key in binary format. ">psa_export_key()</a>. Refer to the documentation of <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a> for the format of public keys and to the documentation of <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf" title="Export a key in binary format. ">psa_export_key()</a> for the format for other key types.</p>
-<p>This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported. Implementations that support other formats should ensure that the formats are clearly unambiguous so as to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the slot where the key will be stored. It must have been obtained by calling <a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key()</a> or <a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key()</a> and must not contain key material yet. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">type</td><td>Key type (a <code>PSA_KEY_TYPE_XXX</code> value). On a successful import, the key slot will contain a key of this type. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">data</td><td>Buffer containing the key data. The content of this buffer is interpreted according to <code>type</code>. It must contain the format described in the documentation of <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf" title="Export a key in binary format. ">psa_export_key()</a> or <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a> for the chosen type. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">data_length</td><td>Size of the <code>data</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td>The key type or key size is not supported, either by the implementation in general or in this particular slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td>The key slot is invalid, or the key data is not correctly formatted. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a></td><td>There is already a key in the specified slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadd169a1af2707862b95fb9df91dfc37d">PSA_ERROR_STORAGE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga091da8d3d39137fd6ad59f2b10234300"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_set_key_domain_parameters </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>&#160;</td>
-          <td class="paramname"><em>type</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const uint8_t *&#160;</td>
-          <td class="paramname"><em>data</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>data_length</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Set domain parameters for a key. </p>
-<p>Some key types require additional domain parameters to be set before import or generation of the key. The domain parameters can be set with this function or, for key generation, through the <code>extra</code> parameter of <a class="el" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd" title="Generate a key or key pair. ">psa_generate_key()</a>.</p>
-<p>The format for the required domain parameters varies by the key type.</p><ul>
-<li>For DSA public keys (<a class="el" href="group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc">PSA_KEY_TYPE_DSA_PUBLIC_KEY</a>), the <code>Dss-Parms</code> format as defined by RFC 3279 &sect;2.3.2. <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;Dss-Parms ::= SEQUENCE  {</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;   p       INTEGER,</div><div class="line"><a name="l00003"></a><span class="lineno">    3</span>&#160;   q       INTEGER,</div><div class="line"><a name="l00004"></a><span class="lineno">    4</span>&#160;   g       INTEGER</div><div class="line"><a name="l00005"></a><span class="lineno">    5</span>&#160;}</div></div><!-- fragment --></li>
-<li>For Diffie-Hellman key exchange keys (<a class="el" href="group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>), the <code>DomainParameters</code> format as defined by RFC 3279 &sect;2.3.3. <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;DomainParameters ::= SEQUENCE {</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;   p               INTEGER,                    -- odd prime, p=jq +1</div><div class="line"><a name="l00003"></a><span class="lineno">    3</span>&#160;   g               INTEGER,                    -- generator, g</div><div class="line"><a name="l00004"></a><span class="lineno">    4</span>&#160;   q               INTEGER,                    -- factor of p-1</div><div class="line"><a name="l00005"></a><span class="lineno">    5</span>&#160;   j               INTEGER OPTIONAL,           -- subgroup factor</div><div class="line"><a name="l00006"></a><span class="lineno">    6</span>&#160;   validationParms ValidationParms OPTIONAL</div><div class="line"><a name="l00007"></a><span class="lineno">    7</span>&#160;}</div><div class="line"><a name="l00008"></a><span class="lineno">    8</span>&#160;ValidationParms ::= SEQUENCE {</div><div class="line"><a name="l00009"></a><span class="lineno">    9</span>&#160;   seed            BIT STRING,</div><div class="line"><a name="l00010"></a><span class="lineno">   10</span>&#160;   pgenCounter     INTEGER</div><div class="line"><a name="l00011"></a><span class="lineno">   11</span>&#160;}</div></div><!-- fragment --></li>
-</ul>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the slot where the key will be stored. This must be a valid slot for a key of the chosen type: it must have been obtained by calling <a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key()</a> or <a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key()</a> with the correct <code>type</code> and with a maximum size that is compatible with <code>data</code>. It must not contain key material yet. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">type</td><td>Key type (a <code>PSA_KEY_TYPE_XXX</code> value). When subsequently creating key material into <code>handle</code>, the type must be compatible. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">data</td><td>Buffer containing the key domain parameters. The content of this buffer is interpreted according to <code>type</code>. of <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf" title="Export a key in binary format. ">psa_export_key()</a> or <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a> for the chosen type. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">data_length</td><td>Size of the <code>data</code> buffer in bytes.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a></td><td>There is already a key in the specified slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__initialization.html b/docs/html/group__initialization.html
deleted file mode 100644
index 613eb46..0000000
--- a/docs/html/group__initialization.html
+++ /dev/null
@@ -1,134 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Library initialization</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Library initialization</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga2de150803fc2f7dc6101d5af7e921dd9"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9">psa_crypto_init</a> (void)</td></tr>
-<tr class="memdesc:ga2de150803fc2f7dc6101d5af7e921dd9"><td class="mdescLeft">&#160;</td><td class="mdescRight">Library initialization.  <a href="#ga2de150803fc2f7dc6101d5af7e921dd9">More...</a><br /></td></tr>
-<tr class="separator:ga2de150803fc2f7dc6101d5af7e921dd9"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="ga2de150803fc2f7dc6101d5af7e921dd9"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_crypto_init </td>
-          <td>(</td>
-          <td class="paramtype">void&#160;</td>
-          <td class="paramname"></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Library initialization. </p>
-<p>Applications must call this function before calling any other function in this module.</p>
-<p>Applications may call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed.</p>
-<p>If the application calls other functions before calling <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>, the behavior is undefined. Implementations are encouraged to either perform the operation as if the library had been initialized or to return <a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a> or some other applicable error. In particular, implementations should not return a success status if the lack of initialization may have security implications, for example due to improper seeding of the random number generator.</p>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__key__lifetimes.html b/docs/html/group__key__lifetimes.html
deleted file mode 100644
index 9ede76c..0000000
--- a/docs/html/group__key__lifetimes.html
+++ /dev/null
@@ -1,166 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Key lifetimes</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a>  </div>
-  <div class="headertitle">
-<div class="title">Key lifetimes</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga8b438870ba69489b685730d346455108"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">PSA_KEY_LIFETIME_VOLATILE</a>&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000000)</td></tr>
-<tr class="separator:ga8b438870ba69489b685730d346455108"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga3713a01c5fcd5f7eae46ff22ceaf6d02"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02">PSA_KEY_LIFETIME_PERSISTENT</a>&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000001)</td></tr>
-<tr class="separator:ga3713a01c5fcd5f7eae46ff22ceaf6d02"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:ga6821ff6dd39dc2bc370ded760ad8b0cf"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a></td></tr>
-<tr class="separator:ga6821ff6dd39dc2bc370ded760ad8b0cf"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga11e986351c65bd3dc3c0fe2cd9926e4b"><td class="memItemLeft" align="right" valign="top">typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a></td></tr>
-<tr class="separator:ga11e986351c65bd3dc3c0fe2cd9926e4b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga3713a01c5fcd5f7eae46ff22ceaf6d02"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_LIFETIME_PERSISTENT&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000001)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The default storage area for persistent keys.</p>
-<p>A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area, but implementations may provide their own mechanism (for example to perform a factory reset, to prepare for device refurbishment, or to uninstall an application).</p>
-<p>This lifetime value is the default storage area for the calling application. Implementations may offer other storage areas designated by other lifetime values as implementation-specific extensions. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga8b438870ba69489b685730d346455108"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_LIFETIME_VOLATILE&#160;&#160;&#160;((<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>)0x00000000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>A volatile key only exists as long as the handle to it is not closed. The key material is guaranteed to be erased on a power reset. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="ga11e986351c65bd3dc3c0fe2cd9926e4b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef uint32_t <a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Encoding of identifiers of persistent keys. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga6821ff6dd39dc2bc370ded760ad8b0cf"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef uint32_t <a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Encoding of key lifetimes. </p>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__key__management.html b/docs/html/group__key__management.html
deleted file mode 100644
index 7c02c99..0000000
--- a/docs/html/group__key__management.html
+++ /dev/null
@@ -1,330 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Key management</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Key management</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga1e4825ab59260aeb3bdbb3ff07210022"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022">psa_get_key_lifetime</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> *lifetime)</td></tr>
-<tr class="memdesc:ga1e4825ab59260aeb3bdbb3ff07210022"><td class="mdescLeft">&#160;</td><td class="mdescRight">Retrieve the lifetime of an open key.  <a href="#ga1e4825ab59260aeb3bdbb3ff07210022">More...</a><br /></td></tr>
-<tr class="separator:ga1e4825ab59260aeb3bdbb3ff07210022"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga40094b77b7a42b9c8e158395113f1a35"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle)</td></tr>
-<tr class="separator:ga40094b77b7a42b9c8e158395113f1a35"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa9f1c848cf78b80fe2a7b18bb7ccec50"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">psa_open_key</a> (<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> lifetime, <a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a> id, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle)</td></tr>
-<tr class="separator:gaa9f1c848cf78b80fe2a7b18bb7ccec50"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga4108f255d3eaa6d23a7a14b684af8d7c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key</a> (<a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> lifetime, <a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a> id, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *handle)</td></tr>
-<tr class="separator:ga4108f255d3eaa6d23a7a14b684af8d7c"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaa09b720d299dfe6b9f41c36e448078eb"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">psa_close_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle)</td></tr>
-<tr class="separator:gaa09b720d299dfe6b9f41c36e448078eb"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="ga40094b77b7a42b9c8e158395113f1a35"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_allocate_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *&#160;</td>
-          <td class="paramname"><em>handle</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Allocate a key slot for a transient key, i.e. a key which is only stored in volatile memory.</p>
-<p>The allocated key slot and its handle remain valid until the application calls <a class="el" href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">psa_close_key()</a> or <a class="el" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c" title="Destroy a key. ">psa_destroy_key()</a> or until the application terminates.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[out]</td><td class="paramname">handle</td><td>On success, a handle to a volatile key slot.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. The application can now use the value of <code>*handle</code> to access the newly allocated key slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td>There was not enough memory, or the maximum number of key slots has been reached. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa09b720d299dfe6b9f41c36e448078eb"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_close_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Close a key handle.</p>
-<p>If the handle designates a volatile key, destroy the key material and free all associated resources, just like <a class="el" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c" title="Destroy a key. ">psa_destroy_key()</a>.</p>
-<p>If the handle designates a persistent key, free all resources associated with the key in volatile memory. The key slot in persistent storage is not affected and can be opened again later with <a class="el" href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">psa_open_key()</a>.</p>
-<p>If the key is currently in use in a multipart operation, the multipart operation is aborted.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramname">handle</td><td>The key handle to close.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga4108f255d3eaa6d23a7a14b684af8d7c"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_create_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>&#160;</td>
-          <td class="paramname"><em>lifetime</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a>&#160;</td>
-          <td class="paramname"><em>id</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *&#160;</td>
-          <td class="paramname"><em>handle</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Create a new persistent key slot.</p>
-<p>Create a new persistent key slot and return a handle to it. The handle remains valid until the application calls <a class="el" href="group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb">psa_close_key()</a> or terminates. The application can open the key again with <a class="el" href="group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50">psa_open_key()</a> until it removes the key by calling <a class="el" href="group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c" title="Destroy a key. ">psa_destroy_key()</a>.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">lifetime</td><td>The lifetime of the key. This designates a storage area where the key material is stored. This must not be <a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">PSA_KEY_LIFETIME_VOLATILE</a>. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">id</td><td>The persistent identifier of the key. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">handle</td><td>On success, a handle to the newly created key slot. When key material is later created in this key slot, it will be saved to the specified persistent location.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. The application can now use the value of <code>*handle</code> to access the newly allocated key slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766">PSA_ERROR_INSUFFICIENT_STORAGE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a></td><td>There is already a key with the identifier <code>id</code> in the storage area designated by <code>lifetime</code>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>lifetime</code> is invalid, for example <a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">PSA_KEY_LIFETIME_VOLATILE</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>id</code> is invalid for the specified lifetime. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>lifetime</code> is not supported. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td><code>lifetime</code> is valid, but the application does not have the permission to create a key there. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1e4825ab59260aeb3bdbb3ff07210022"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_get_key_lifetime </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a> *&#160;</td>
-          <td class="paramname"><em>lifetime</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Retrieve the lifetime of an open key. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to query. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">lifetime</td><td>On success, the lifetime value.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaa9f1c848cf78b80fe2a7b18bb7ccec50"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_open_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf">psa_key_lifetime_t</a>&#160;</td>
-          <td class="paramname"><em>lifetime</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b">psa_key_id_t</a>&#160;</td>
-          <td class="paramname"><em>id</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> *&#160;</td>
-          <td class="paramname"><em>handle</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Open a handle to an existing persistent key.</p>
-<p>Open a handle to a key which was previously created with <a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key()</a>.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">lifetime</td><td>The lifetime of the key. This designates a storage area where the key material is stored. This must not be <a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">PSA_KEY_LIFETIME_VOLATILE</a>. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">id</td><td>The persistent identifier of the key. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">handle</td><td>On success, a handle to a key slot which contains the data and metadata loaded from the specified persistent location.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. The application can now use the value of <code>*handle</code> to access the newly allocated key slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>lifetime</code> is invalid, for example <a class="el" href="group__key__lifetimes.html#ga8b438870ba69489b685730d346455108">PSA_KEY_LIFETIME_VOLATILE</a>. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>id</code> is invalid for the specified lifetime. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>lifetime</code> is not supported. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td>The specified key exists, but the application does not have the permission to access it. Note that this specification does not define any way to create such a key, but it may be possible through implementation-specific means. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__platform.html b/docs/html/group__platform.html
deleted file mode 100644
index 4b616b1..0000000
--- a/docs/html/group__platform.html
+++ /dev/null
@@ -1,118 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Implementation-specific definitions</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#typedef-members">Typedefs</a>  </div>
-  <div class="headertitle">
-<div class="title">Implementation-specific definitions</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:gabf6d5fd4e2ea89ecd425c88f057e7f75"><td class="memItemLeft" align="right" valign="top">typedef _unsigned_integral_type_&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a></td></tr>
-<tr class="memdesc:gabf6d5fd4e2ea89ecd425c88f057e7f75"><td class="mdescLeft">&#160;</td><td class="mdescRight">Key handle.  <a href="#gabf6d5fd4e2ea89ecd425c88f057e7f75">More...</a><br /></td></tr>
-<tr class="separator:gabf6d5fd4e2ea89ecd425c88f057e7f75"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="gabf6d5fd4e2ea89ecd425c88f057e7f75"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef _unsigned_integral_type_ <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Key handle. </p>
-<p>This type represents open handles to keys. It must be an unsigned integral type. The choice of type is implementation-dependent.</p>
-<p>0 is not a valid key handle. How other handle values are assigned is implementation-dependent. </p>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__policy.html b/docs/html/group__policy.html
deleted file mode 100644
index 2036b3c..0000000
--- a/docs/html/group__policy.html
+++ /dev/null
@@ -1,455 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Key policies</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#define-members">Macros</a> &#124;
-<a href="#typedef-members">Typedefs</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Key policies</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
-Macros</h2></td></tr>
-<tr class="memitem:ga5e6bc5f550e88fdc7790f2a75e79f7c5"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga5e6bc5f550e88fdc7790f2a75e79f7c5">PSA_KEY_POLICY_INIT</a>&#160;&#160;&#160;{0}</td></tr>
-<tr class="separator:ga5e6bc5f550e88fdc7790f2a75e79f7c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7dddccdd1303176e87a4d20c87b589ed"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed">PSA_KEY_USAGE_EXPORT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000001)</td></tr>
-<tr class="separator:ga7dddccdd1303176e87a4d20c87b589ed"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga75153b296d045d529d97203a6a995dad"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga75153b296d045d529d97203a6a995dad">PSA_KEY_USAGE_ENCRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000100)</td></tr>
-<tr class="separator:ga75153b296d045d529d97203a6a995dad"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gac3f2d2e5983db1edde9f142ca9bf8e6a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a">PSA_KEY_USAGE_DECRYPT</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000200)</td></tr>
-<tr class="separator:gac3f2d2e5983db1edde9f142ca9bf8e6a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga99b9f456cf59efc4b5579465407aef5a"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga99b9f456cf59efc4b5579465407aef5a">PSA_KEY_USAGE_SIGN</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000400)</td></tr>
-<tr class="separator:ga99b9f456cf59efc4b5579465407aef5a"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga39b54ffd5958b69634607924fa53cea6"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga39b54ffd5958b69634607924fa53cea6">PSA_KEY_USAGE_VERIFY</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000800)</td></tr>
-<tr class="separator:ga39b54ffd5958b69634607924fa53cea6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaf19022acc5ef23cf12477f632b48a0b2"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2">PSA_KEY_USAGE_DERIVE</a>&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00001000)</td></tr>
-<tr class="separator:gaf19022acc5ef23cf12477f632b48a0b2"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
-Typedefs</h2></td></tr>
-<tr class="memitem:gaf553efd409845b6d09ff25ce2ba36607"><td class="memItemLeft" align="right" valign="top">typedef struct psa_key_policy_s&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a></td></tr>
-<tr class="separator:gaf553efd409845b6d09ff25ce2ba36607"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ga7bb9de71337e0e98de843aa7f9b55f25"></a>
-typedef uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a></td></tr>
-<tr class="memdesc:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of permitted usage on a key. <br /></td></tr>
-<tr class="separator:ga7bb9de71337e0e98de843aa7f9b55f25"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:gac16792fd6d375a5f76d372090df40607"><td class="memItemLeft" align="right" valign="top">void&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gac16792fd6d375a5f76d372090df40607">psa_key_policy_set_usage</a> (<a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy, <a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a> usage, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
-<tr class="memdesc:gac16792fd6d375a5f76d372090df40607"><td class="mdescLeft">&#160;</td><td class="mdescRight">Set the standard fields of a policy structure.  <a href="#gac16792fd6d375a5f76d372090df40607">More...</a><br /></td></tr>
-<tr class="separator:gac16792fd6d375a5f76d372090df40607"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga7746662b7503e484774d0ecb5d8ac2ab"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab">psa_key_policy_get_usage</a> (const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:ga7746662b7503e484774d0ecb5d8ac2ab"><td class="mdescLeft">&#160;</td><td class="mdescRight">Retrieve the usage field of a policy structure.  <a href="#ga7746662b7503e484774d0ecb5d8ac2ab">More...</a><br /></td></tr>
-<tr class="separator:ga7746662b7503e484774d0ecb5d8ac2ab"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaadf16b89ace53e1d2cb5bcb0aef24c86"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86">psa_key_policy_get_algorithm</a> (const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:gaadf16b89ace53e1d2cb5bcb0aef24c86"><td class="mdescLeft">&#160;</td><td class="mdescRight">Retrieve the algorithm field of a policy structure.  <a href="#gaadf16b89ace53e1d2cb5bcb0aef24c86">More...</a><br /></td></tr>
-<tr class="separator:gaadf16b89ace53e1d2cb5bcb0aef24c86"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga1e2a6e50b621864f95d438222a3c640b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b">psa_set_key_policy</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:ga1e2a6e50b621864f95d438222a3c640b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Set the usage policy on a key slot.  <a href="#ga1e2a6e50b621864f95d438222a3c640b">More...</a><br /></td></tr>
-<tr class="separator:ga1e2a6e50b621864f95d438222a3c640b"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:gaed087d1386b807edee66b2e445ba9111"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__policy.html#gaed087d1386b807edee66b2e445ba9111">psa_get_key_policy</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *policy)</td></tr>
-<tr class="memdesc:gaed087d1386b807edee66b2e445ba9111"><td class="mdescLeft">&#160;</td><td class="mdescRight">Get the usage policy for a key slot.  <a href="#gaed087d1386b807edee66b2e445ba9111">More...</a><br /></td></tr>
-<tr class="separator:gaed087d1386b807edee66b2e445ba9111"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Macro Definition Documentation</h2>
-<a class="anchor" id="ga5e6bc5f550e88fdc7790f2a75e79f7c5"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_POLICY_INIT&#160;&#160;&#160;{0}</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>This macro returns a suitable initializer for a key policy object of type <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a>. </p>
-
-</div>
-</div>
-<a class="anchor" id="gac3f2d2e5983db1edde9f142ca9bf8e6a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_USAGE_DECRYPT&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000200)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the key may be used to decrypt a message.</p>
-<p>This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key's type and policy.</p>
-<p>For a key pair, this concerns the private key. </p>
-
-</div>
-</div>
-<a class="anchor" id="gaf19022acc5ef23cf12477f632b48a0b2"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_USAGE_DERIVE&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00001000)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the key may be used to derive other keys. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga75153b296d045d529d97203a6a995dad"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_USAGE_ENCRYPT&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000100)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the key may be used to encrypt a message.</p>
-<p>This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key's type and policy.</p>
-<p>For a key pair, this concerns the public key. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga7dddccdd1303176e87a4d20c87b589ed"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_USAGE_EXPORT&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000001)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the key may be exported.</p>
-<p>A public key or the public part of a key pair may always be exported regardless of the value of this permission flag.</p>
-<p>If a key does not have export permission, implementations shall not allow the key to be exported in plain form from the cryptoprocessor, whether through <a class="el" href="group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf" title="Export a key in binary format. ">psa_export_key()</a> or through a proprietary interface. The key may however be exportable in a wrapped form, i.e. in a form where it is encrypted by another key. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga99b9f456cf59efc4b5579465407aef5a"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_USAGE_SIGN&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000400)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the key may be used to sign a message.</p>
-<p>This flag allows the key to be used for a MAC calculation operation or for an asymmetric signature operation, if otherwise permitted by the key's type and policy.</p>
-<p>For a key pair, this concerns the private key. </p>
-
-</div>
-</div>
-<a class="anchor" id="ga39b54ffd5958b69634607924fa53cea6"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">#define PSA_KEY_USAGE_VERIFY&#160;&#160;&#160;((<a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>)0x00000800)</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Whether the key may be used to verify a message signature.</p>
-<p>This flag allows the key to be used for a MAC verification operation or for an asymmetric signature verification operation, if otherwise permitted by by the key's type and policy.</p>
-<p>For a key pair, this concerns the public key. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Typedef Documentation</h2>
-<a class="anchor" id="gaf553efd409845b6d09ff25ce2ba36607"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">typedef struct psa_key_policy_s <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>The type of the key policy data structure.</p>
-<p>Before calling any function on a key policy, the application must initialize it by any of the following means:</p><ul>
-<li>Set the structure to all-bits-zero, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_key_policy_t policy;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;memset(&amp;policy, 0, sizeof(policy));</div></div><!-- fragment --></li>
-<li>Initialize the structure to logical zero values, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_key_policy_t policy = {0};</div></div><!-- fragment --></li>
-<li>Initialize the structure to the initializer <a class="el" href="group__policy.html#ga5e6bc5f550e88fdc7790f2a75e79f7c5">PSA_KEY_POLICY_INIT</a>, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_key_policy_t policy = PSA_KEY_POLICY_INIT;</div></div><!-- fragment --></li>
-<li>Assign the result of the function psa_key_policy_init() to the structure, for example: <div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno">    1</span>&#160;psa_key_policy_t policy;</div><div class="line"><a name="l00002"></a><span class="lineno">    2</span>&#160;policy = psa_key_policy_init();</div></div><!-- fragment --></li>
-</ul>
-<p>This is an implementation-defined <code>struct</code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation. </p>
-
-</div>
-</div>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="gaed087d1386b807edee66b2e445ba9111"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_get_key_policy </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *&#160;</td>
-          <td class="paramname"><em>policy</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Get the usage policy for a key slot. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key slot whose policy is being queried. </td></tr>
-    <tr><td class="paramdir">[out]</td><td class="paramname">policy</td><td>On success, the key's policy.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="gaadf16b89ace53e1d2cb5bcb0aef24c86"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> psa_key_policy_get_algorithm </td>
-          <td>(</td>
-          <td class="paramtype">const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *&#160;</td>
-          <td class="paramname"><em>policy</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Retrieve the algorithm field of a policy structure. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in]</td><td class="paramname">policy</td><td>The policy object to query.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The permitted algorithm for a key with this policy. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="ga7746662b7503e484774d0ecb5d8ac2ab"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a> psa_key_policy_get_usage </td>
-          <td>(</td>
-          <td class="paramtype">const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *&#160;</td>
-          <td class="paramname"><em>policy</em></td><td>)</td>
-          <td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Retrieve the usage field of a policy structure. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in]</td><td class="paramname">policy</td><td>The policy object to query.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="section return"><dt>Returns</dt><dd>The permitted uses for a key with this policy. </dd></dl>
-
-</div>
-</div>
-<a class="anchor" id="gac16792fd6d375a5f76d372090df40607"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">void psa_key_policy_set_usage </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *&#160;</td>
-          <td class="paramname"><em>policy</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25">psa_key_usage_t</a>&#160;</td>
-          <td class="paramname"><em>usage</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
-          <td class="paramname"><em>alg</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Set the standard fields of a policy structure. </p>
-<p>Note that this function does not make any consistency check of the parameters. The values are only checked when applying the policy to a key slot with <a class="el" href="group__policy.html#ga1e2a6e50b621864f95d438222a3c640b" title="Set the usage policy on a key slot. ">psa_set_key_policy()</a>.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[in,out]</td><td class="paramname">policy</td><td>The key policy to modify. It must have been initialized as per the documentation for <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a>. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">usage</td><td>The permitted uses for the key. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The algorithm that the key may be used for. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1e2a6e50b621864f95d438222a3c640b"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_set_key_policy </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const <a class="el" href="group__policy.html#gaf553efd409845b6d09ff25ce2ba36607">psa_key_policy_t</a> *&#160;</td>
-          <td class="paramname"><em>policy</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Set the usage policy on a key slot. </p>
-<p>This function must be called on an empty key slot, before importing, generating or creating a key in the slot. Changing the policy of an existing key is not permitted.</p>
-<p>Implementations may set restrictions on supported key policies depending on the key type and the key slot.</p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key whose policy is to be changed. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">policy</td><td>The policy object to query.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. If the key is persistent, it is implementation-defined whether the policy has been saved to persistent storage. Implementations may defer saving the policy until the key material is created. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/group__random.html b/docs/html/group__random.html
deleted file mode 100644
index 48173f2..0000000
--- a/docs/html/group__random.html
+++ /dev/null
@@ -1,239 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Random generation</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="summary">
-<a href="#nested-classes">Classes</a> &#124;
-<a href="#func-members">Functions</a>  </div>
-  <div class="headertitle">
-<div class="title">Random generation</div>  </div>
-</div><!--header-->
-<div class="contents">
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a>
-Classes</h2></td></tr>
-<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a></td></tr>
-<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table><table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
-Functions</h2></td></tr>
-<tr class="memitem:ga1985eae417dfbccedf50d5fff54ea8c5"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5">psa_generate_random</a> (uint8_t *output, size_t output_size)</td></tr>
-<tr class="memdesc:ga1985eae417dfbccedf50d5fff54ea8c5"><td class="mdescLeft">&#160;</td><td class="mdescRight">Generate random bytes.  <a href="#ga1985eae417dfbccedf50d5fff54ea8c5">More...</a><br /></td></tr>
-<tr class="separator:ga1985eae417dfbccedf50d5fff54ea8c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:ga72921520494b4f007a3afb904cd9ecdd"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd">psa_generate_key</a> (<a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle, <a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a> type, size_t bits, const void *extra, size_t extra_size)</td></tr>
-<tr class="memdesc:ga72921520494b4f007a3afb904cd9ecdd"><td class="mdescLeft">&#160;</td><td class="mdescRight">Generate a key or key pair.  <a href="#ga72921520494b4f007a3afb904cd9ecdd">More...</a><br /></td></tr>
-<tr class="separator:ga72921520494b4f007a3afb904cd9ecdd"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<h2 class="groupheader">Function Documentation</h2>
-<a class="anchor" id="ga72921520494b4f007a3afb904cd9ecdd"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_generate_key </td>
-          <td>(</td>
-          <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
-          <td class="paramname"><em>handle</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype"><a class="el" href="group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628">psa_key_type_t</a>&#160;</td>
-          <td class="paramname"><em>type</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>bits</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">const void *&#160;</td>
-          <td class="paramname"><em>extra</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>extra_size</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Generate a key or key pair. </p>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the slot where the key will be stored. It must have been obtained by calling <a class="el" href="group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35">psa_allocate_key()</a> or <a class="el" href="group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c">psa_create_key()</a> and must not contain key material yet. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">type</td><td>Key type (a <code>PSA_KEY_TYPE_XXX</code> value). </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">bits</td><td>Key size in bits. </td></tr>
-    <tr><td class="paramdir">[in]</td><td class="paramname">extra</td><td>Extra parameters for key generation. The interpretation of this parameter depends on <code>type</code>. All types support <code>NULL</code> to use default parameters. Implementation that support the generation of vendor-specific key types that allow extra parameters shall document the format of these extra parameters and the default values. For standard parameters, the meaning of <code>extra</code> is as follows:<ul>
-<li>For a symmetric key type (a type such that <a class="el" href="group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(<code>type</code>) is false), <code>extra</code> must be <code>NULL</code>.</li>
-<li>For an elliptic curve key type (a type such that <a class="el" href="group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66">PSA_KEY_TYPE_IS_ECC</a>(<code>type</code>) is false), <code>extra</code> must be <code>NULL</code>.</li>
-<li>For an RSA key (<code>type</code> is <a class="el" href="group__crypto__types.html#ga581f50687f5d650456925278948f2799">PSA_KEY_TYPE_RSA_KEYPAIR</a>), <code>extra</code> is an optional <a class="el" href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a> structure specifying the public exponent. The default public exponent used when <code>extra</code> is <code>NULL</code> is 65537.</li>
-<li>For an DSA key (<code>type</code> is <a class="el" href="group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62">PSA_KEY_TYPE_DSA_KEYPAIR</a>), <code>extra</code> is an optional structure specifying the key domain parameters. The key domain parameters can also be provided by <a class="el" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300" title="Set domain parameters for a key. ">psa_set_key_domain_parameters()</a>, which documents the format of the structure.</li>
-<li>For a DH key (<code>type</code> is <a class="el" href="group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5">PSA_KEY_TYPE_DH_KEYPAIR</a>), the <code>extra</code> is an optional structure specifying the key domain parameters. The key domain parameters can also be provided by <a class="el" href="group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300" title="Set domain parameters for a key. ">psa_set_key_domain_parameters()</a>, which documents the format of the structure. </li>
-</ul>
-</td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">extra_size</td><td>Size of the buffer that <code>extra</code> points to, in bytes. Note that if <code>extra</code> is <code>NULL</code> then <code>extra_size</code> must be zero.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#gac2fee3a51249fbea45360aaa911f3e58">PSA_ERROR_OCCUPIED_SLOT</a></td><td>There is already a key in the specified slot. </td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-<a class="anchor" id="ga1985eae417dfbccedf50d5fff54ea8c5"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_generate_random </td>
-          <td>(</td>
-          <td class="paramtype">uint8_t *&#160;</td>
-          <td class="paramname"><em>output</em>, </td>
-        </tr>
-        <tr>
-          <td class="paramkey"></td>
-          <td></td>
-          <td class="paramtype">size_t&#160;</td>
-          <td class="paramname"><em>output_size</em>&#160;</td>
-        </tr>
-        <tr>
-          <td></td>
-          <td>)</td>
-          <td></td><td></td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-
-<p>Generate random bytes. </p>
-<dl class="section warning"><dt>Warning</dt><dd>This function <b>can</b> fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not <a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a>.</dd></dl>
-<dl class="section note"><dt>Note</dt><dd>To generate a key, use <a class="el" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd" title="Generate a key or key pair. ">psa_generate_key()</a> instead.</dd></dl>
-<dl class="params"><dt>Parameters</dt><dd>
-  <table class="params">
-    <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Output buffer for the generated data. </td></tr>
-    <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Number of bytes to generate and output.</td></tr>
-  </table>
-  </dd>
-</dl>
-<dl class="retval"><dt>Return values</dt><dd>
-  <table class="retval">
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga4deb59fec02297ec5d8b42178323f675">PSA_ERROR_INSUFFICIENT_ENTROPY</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
-    <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
-  </table>
-  </dd>
-</dl>
-
-</div>
-</div>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/index.html b/docs/html/index.html
index 3fb1ac1..c212c05 100644
--- a/docs/html/index.html
+++ b/docs/html/index.html
@@ -1,91 +1,834 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
 <html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Main Page</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
+  <head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>PSA Cryptography API Specification &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript" src="_static/jquery.js"></script>
+    <script type="text/javascript" src="_static/underscore.js"></script>
+    <script type="text/javascript" src="_static/doctools.js"></script>
+    <script type="text/javascript" src="_static/language_data.js"></script>
+    <link rel="index" title="Index" href="genindex.html" />
+    <link rel="search" title="Search" href="search.html" />
+    <link rel="next" title="Introduction" href="general.html" />
+   
+  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
+  
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head><body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          
+
+          <div class="body" role="main">
+            
+  <div class="section" id="psa-cryptography-api-specification">
+<h1>PSA Cryptography API Specification</h1>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="general.html#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#a-keystore-interface">A keystore interface</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#optional-isolation">Optional isolation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#choice-of-algorithms">Choice of algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#ease-of-use">Ease of use</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#example-use-cases">Example use cases</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#network-security-tls">Network Security (TLS)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#secure-storage">Secure Storage</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#network-credentials">Network Credentials</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#device-pairing">Device Pairing</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#secure-boot">Secure Boot</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#attestation">Attestation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#factory-provisioning">Factory Provisioning</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="general.html#library-management">Library management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#key-management">Key management</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#volatile-keys">Volatile keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#persistent-keys">Persistent keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#usage-policies">Usage policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#symmetric-cryptography">Symmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#multipart-operations">Multipart operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#authenticated-encryption">Authenticated encryption</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#key-derivation">Key derivation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#key-derivation-operations">Key derivation operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#key-derivation-function">Key derivation function</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#asymmetric-cryptography">Asymmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#asymmetric-encryption">Asymmetric encryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#hash-and-sign">Hash-and-sign</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#key-agreement">Key agreement</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#randomness-and-key-generation">Randomness and key generation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#future-additions">Future additions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="general.html#single-partition-architecture">Single-partition architecture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="general.html#error-handling">Error handling</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#return-status">Return status</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#behavior-on-error">Behavior on error</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#parameter-conventions">Parameter conventions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#pointer-conventions">Pointer conventions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#input-buffer-sizes">Input buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#output-buffer-sizes">Output buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#overlap-between-parameters">Overlap between parameters</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#stability-of-parameters">Stability of parameters</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#key-types-and-algorithms">Key types and algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#concurrent-calls">Concurrent calls</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="general.html#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#implementation-profile">Implementation profile</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#implementation-specific-types">Implementation-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#implementation-specific-macros">Implementation-specific macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#porting-to-a-platform">Porting to a platform</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#platform-assumptions">Platform assumptions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#platform-specific-types">Platform-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#cryptographic-hardware-support">Cryptographic hardware support</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#error-detection">Error detection</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#memory-cleanup">Memory cleanup</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#safe-outputs-on-error">Safe outputs on error</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#attack-resistance">Attack resistance</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="general.html#other-implementation-considerations">Other implementation considerations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#philosophy-of-resource-management">Philosophy of resource management</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="general.html#security-recommendations">Security recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="general.html#always-check-for-errors">Always check for errors</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
+<li class="toctree-l3"><a class="reference internal" href="general.html#cleaning-up-after-use">Cleaning up after use</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_handle_t"><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> (type)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_crypto_init"><code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_attributes_t"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_attributes_init"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_id"><code class="docutils literal notranslate"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_id"><code class="docutils literal notranslate"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_type"><code class="docutils literal notranslate"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_type"><code class="docutils literal notranslate"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_reset_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_open_key"><code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_close_key"><code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_import_key"><code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_destroy_key"><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_export_key"><code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_export_public_key"><code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_copy_key"><code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HASH_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_compute"><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_compare"><code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_setup"><code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_update"><code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_finish"><code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_verify"><code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_abort"><code class="docutils literal notranslate"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_clone"><code class="docutils literal notranslate"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_compute"><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_verify"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_sign_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_verify_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_update"><code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_sign_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_verify_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_abort"><code class="docutils literal notranslate"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_generate_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_set_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_update"><code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_finish"><code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_abort"><code class="docutils literal notranslate"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_generate_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_set_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_set_lengths"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_update_ad"><code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_update"><code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_finish"><code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_verify"><code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_abort"><code class="docutils literal notranslate"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_sign"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_verify"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_setup"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_get_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_set_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_input_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_input_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_output_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_output_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_abort"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_raw_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_generate_random"><code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_generate_key"><code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_type_t"><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_ecc_curve_t"><code class="docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_dh_group_t"><code class="docutils literal notranslate"><span class="pre">psa_dh_group_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_algorithm_t"><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_NONE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_SYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_AES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_CURVE_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_GET_CURVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT163K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT163R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT163R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT193R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT193R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT233K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT233R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT239K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT283K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT283R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT409K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT409R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT571K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT571R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP160K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP160R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP160R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP192K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP192R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP224K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP224R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP256K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP521R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P512R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_CURVE25519"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_CURVE448"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_GROUP_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_DH"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_GET_GROUP"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE2048"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE3072"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE4096"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE6144"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE8192"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HASH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HASH_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MD2"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MD4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MD5"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RIPEMD160"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_1"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_512_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_512_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ANY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MAC_SUBCATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HMAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HMAC_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MAC_TRUNCATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_TRUNCATION_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_TRUNCATED_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CIPHER_MAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CBC_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_GMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GMAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CIPHER_STREAM_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CIPHER_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ARC4</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CTR"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_OFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_XTS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CBC_PKCS7"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_GCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_TAG_LENGTH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_TAG_LENGTH_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_WITH_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"><code class="docutils literal notranslate"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PSS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA_ANY"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA_IS_DETERMINISTIC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SIGN_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_OAEP_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_OAEP_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HKDF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HKDF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PRF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PRF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_DERIVATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_WILDCARD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_lifetime_t"><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_id_t"><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_USER_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_USER_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_usage_t"><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_EXPORT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_COPY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_VERIFY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_step_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_BITS_TO_BYTES"><code class="docutils literal notranslate"><span class="pre">PSA_BITS_TO_BYTES</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_BYTES_TO_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_BYTES_TO_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ROUND_UP_TO_MULTIPLE"><code class="docutils literal notranslate"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HASH_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HASH_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HMAC_MAX_HASH_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_VENDOR_RSA_MAX_KEY_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_VENDOR_ECC_MAX_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BITS</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_FINAL_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_RSA_MINIMUM_PADDING_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECDSA_SIGNATURE_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="document-history">
+<h2>Document history</h2>
+<table border="1" class="longtable docutils">
+<colgroup>
+<col width="11%" />
+<col width="89%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Date</th>
+<th class="head">Changes</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td>2019-01-21</td>
+<td><em>Release 1.0 beta 1</em></td>
+</tr>
+<tr class="row-odd"><td>2019-02-08</td>
+<td><ul class="first last simple">
+<li>Remove obsolete definition <code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_SELECTION</span></code>.</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_key_agreement</span></code>: document <code class="docutils literal notranslate"><span class="pre">alg</span></code> parameter.</li>
+<li><a class="reference internal" href="from_doxygen.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>: remove spurious parameter <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code>.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-even"><td>2019-02-08</td>
+<td>Document formatting improvements</td>
+</tr>
+<tr class="row-odd"><td>2019-02-22</td>
+<td><em>Release 1.0 beta 2</em></td>
+</tr>
+<tr class="row-even"><td>2019-03-12</td>
+<td>Specify <code class="docutils literal notranslate"><span class="pre">psa_generator_import_key</span></code> for most key types.</td>
+</tr>
+<tr class="row-odd"><td>2019-04-09</td>
+<td><p class="first">Change the value of error codes, and some names, to align
+with other PSA specifications. The name changes are:</p>
+<ul class="last simple">
+<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_UNKNOWN_ERROR</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_OCCUPIED_SLOT</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_EMPTY_SLOT</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></li>
+</ul>
+</td>
+</tr>
+<tr class="row-even"><td>2019-05-02</td>
+<td><p class="first">Change the way keys are created to avoid “half-filled” handles
+that contained key metadata, but no key material.
+Now, to create a key, first fill in a data structure containing
+its attributes, then pass this structure to a function that
+both allocates resources for the key and fills in the key
+material. This affects the following functions:</p>
+<ul class="last simple">
+<li><a class="reference internal" href="from_doxygen.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key</span></code></a>, <a class="reference internal" href="from_doxygen.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key</span></code></a>, <code class="docutils literal notranslate"><span class="pre">psa_generator_import_key</span></code>
+and <a class="reference internal" href="from_doxygen.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key</span></code></a> now take an attribute structure (specifically,
+a pointer to <a class="reference internal" href="from_doxygen.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a>) to specify key metadata.
+This replaces the previous method of passing arguments to
+<code class="docutils literal notranslate"><span class="pre">psa_create_key</span></code> or to the key material creation function
+or calling <code class="docutils literal notranslate"><span class="pre">psa_set_key_policy</span></code>.</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_key_policy_t</span></code> and functions operating on that type
+no longer exist. A key’s policy is now accessible as part of
+its attributes.</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_get_key_information</span></code> is also replaced by accessing the
+key’s attributes (retrieved with <a class="reference internal" href="from_doxygen.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code></a>).</li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_create_key</span></code> no longer exists. Instead, set the key id
+attribute and the lifetime attribute before creating the
+key material.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-odd"><td>2019-05-14</td>
+<td><ul class="first last simple">
+<li>Allow <a class="reference internal" href="from_doxygen.html#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update</span></code></a> to buffer data.</li>
+<li>New buffer size calculation macros.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-even"><td>2019-05-16</td>
+<td><ul class="first last simple">
+<li>Key identifiers are no longer specific to a given lifetime
+value. <a class="reference internal" href="from_doxygen.html#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key</span></code></a> no longer takes a <code class="docutils literal notranslate"><span class="pre">lifetime</span></code> parameter.</li>
+<li>Define a range of key identifiers for use by applications
+and a separate range for use by implementations.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-odd"><td>2019-05-16</td>
+<td><p class="first">Avoid the unusual terminology “generator”: call them
+“key derivation operations” instead. Rename a number of functions
+and other identifiers related to for clarity and consistency:</p>
+<ul class="last simple">
+<li><code class="docutils literal notranslate"><span class="pre">psa_crypto_generator_t</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_CRYPTO_GENERATOR_INIT</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_crypto_generator_init</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_GENERATOR_UNBRIDLED_CAPACITY</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_set_generator_capacity</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_get_generator_capacity</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_key_agreement</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_generator_read</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_generate_derived_key</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_generator_abort</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">psa_key_agreement_raw_shared_secret</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code></a></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_KDF_STEP_xxx</span></code> → <code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code></li>
+<li><code class="docutils literal notranslate"><span class="pre">PSA_xxx_KEYPAIR</span></code> → <code class="docutils literal notranslate"><span class="pre">PSA_xxx_KEY_PAIR</span></code></li>
+</ul>
+</td>
+</tr>
+<tr class="row-even"><td>2019-05-16</td>
+<td><ul class="first last simple">
+<li>Clarify the behavior in various corner cases.</li>
+<li>Document more error conditions.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-odd"><td>2019-05-21</td>
+<td>Convert TLS1.2 KDF descriptions to multistep key derivation.</td>
+</tr>
+<tr class="row-even"><td>2019-05-22</td>
+<td><em>Release 1.0 beta 3</em></td>
+</tr>
+</tbody>
 </table>
 </div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li class="current"><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
+<div class="section" id="planned-changes-for-version-1-0">
+<h2>Planned changes for version 1.0</h2>
+<p>Here is a summary of the changes we are currently planning to make to
+this specification for version 1.0.</p>
+<ul class="simple">
+<li>Add missing macros to calculate output buffer sizes, IV/nonce sizes,
+and maximum supported data sizes.</li>
+<li>Remove the definition of most macros, to give implementations free
+choice regarding how these macros are implemented, as long as the
+implementation meets the English-language specification.</li>
+<li>Remove certain auxiliary macros that are not directly useful to
+applications, but are currently used as building blocks to define
+other macros.</li>
+<li>Correct lists of documented error codes for several functions, and
+clarify error conditions for many functions.</li>
+<li>Constrain whether and when an application may have the same persistent key
+open multiple times.</li>
+<li>Constrain the permitted implementation behavior when calling a function on
+an operation object in a state where this function does not make sense,
+and when a key is destroyed while in use.</li>
+<li>Declare identifiers for additional cryptographic algorithms.</li>
+<li>Forbid zero-length keys.</li>
+<li>Use a standard import/export format for EC keys on Montgomery curves.</li>
+<li>Mandate certain checks when importing some types of asymmetric keys.</li>
+<li>Clarifications and improvements to the description of some API elements
+and to the structure of the document.</li>
+</ul>
+<h2 id="indices">Indices</h2>
+
+<ul>
+  <li><a class="reference internal" href="genindex.html">General index</a></li>
+  <li><a class="reference internal" href="psa_c-identifiers.html">Index of identifiers</a></li>
+  <li><a class="reference internal" href="search.html">Search</a></li>
+</ul></div>
+</div>
+
+
+          </div>
+          
         </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+<h1 class="logo"><a href="#">psa_crypto_api</a></h1>
 
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
 
-<div class="header">
-  <div class="headertitle">
-<div class="title">Platform Security Architecture — cryptography and keystore interface Documentation</div>  </div>
-</div><!--header-->
-<div class="contents">
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
+
+
+
+
+
+
+<h3>Navigation</h3>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
+</ul>
+
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="#">Documentation overview</a><ul>
+      <li>Next: <a href="general.html" title="next chapter">Introduction</a></li>
+  </ul></li>
+</ul>
+</div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <div class="searchformwrapper">
+    <form class="search" action="search.html" method="get">
+      <input type="text" name="q" />
+      <input type="submit" value="Go" />
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+    </div>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+
+
+
+
+
+
+
+
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy;2019, Arm.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      
+      |
+      <a href="_sources/index.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/jquery.js b/docs/html/jquery.js
deleted file mode 100644
index d52a1c7..0000000
--- a/docs/html/jquery.js
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * jQuery JavaScript Library v1.7.1
- * http://jquery.com/
- *
- * Copyright 2011, John Resig
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * Includes Sizzle.js
- * http://sizzlejs.com/
- * Copyright 2011, The Dojo Foundation
- * Released under the MIT, BSD, and GPL Licenses.
- *
- * Date: Mon Nov 21 21:11:03 2011 -0500
- */
-(function(bb,L){var av=bb.document,bu=bb.navigator,bl=bb.location;var b=(function(){var bF=function(b0,b1){return new bF.fn.init(b0,b1,bD)},bU=bb.jQuery,bH=bb.$,bD,bY=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,bM=/\S/,bI=/^\s+/,bE=/\s+$/,bA=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,bN=/^[\],:{}\s]*$/,bW=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,bP=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,bJ=/(?:^|:|,)(?:\s*\[)+/g,by=/(webkit)[ \/]([\w.]+)/,bR=/(opera)(?:.*version)?[ \/]([\w.]+)/,bQ=/(msie) ([\w.]+)/,bS=/(mozilla)(?:.*? rv:([\w.]+))?/,bB=/-([a-z]|[0-9])/ig,bZ=/^-ms-/,bT=function(b0,b1){return(b1+"").toUpperCase()},bX=bu.userAgent,bV,bC,e,bL=Object.prototype.toString,bG=Object.prototype.hasOwnProperty,bz=Array.prototype.push,bK=Array.prototype.slice,bO=String.prototype.trim,bv=Array.prototype.indexOf,bx={};bF.fn=bF.prototype={constructor:bF,init:function(b0,b4,b3){var b2,b5,b1,b6;if(!b0){return this}if(b0.nodeType){this.context=this[0]=b0;this.length=1;return this}if(b0==="body"&&!b4&&av.body){this.context=av;this[0]=av.body;this.selector=b0;this.length=1;return this}if(typeof b0==="string"){if(b0.charAt(0)==="<"&&b0.charAt(b0.length-1)===">"&&b0.length>=3){b2=[null,b0,null]}else{b2=bY.exec(b0)}if(b2&&(b2[1]||!b4)){if(b2[1]){b4=b4 instanceof bF?b4[0]:b4;b6=(b4?b4.ownerDocument||b4:av);b1=bA.exec(b0);if(b1){if(bF.isPlainObject(b4)){b0=[av.createElement(b1[1])];bF.fn.attr.call(b0,b4,true)}else{b0=[b6.createElement(b1[1])]}}else{b1=bF.buildFragment([b2[1]],[b6]);b0=(b1.cacheable?bF.clone(b1.fragment):b1.fragment).childNodes}return bF.merge(this,b0)}else{b5=av.getElementById(b2[2]);if(b5&&b5.parentNode){if(b5.id!==b2[2]){return b3.find(b0)}this.length=1;this[0]=b5}this.context=av;this.selector=b0;return this}}else{if(!b4||b4.jquery){return(b4||b3).find(b0)}else{return this.constructor(b4).find(b0)}}}else{if(bF.isFunction(b0)){return b3.ready(b0)}}if(b0.selector!==L){this.selector=b0.selector;this.context=b0.context}return bF.makeArray(b0,this)},selector:"",jquery:"1.7.1",length:0,size:function(){return this.length},toArray:function(){return bK.call(this,0)},get:function(b0){return b0==null?this.toArray():(b0<0?this[this.length+b0]:this[b0])},pushStack:function(b1,b3,b0){var b2=this.constructor();if(bF.isArray(b1)){bz.apply(b2,b1)}else{bF.merge(b2,b1)}b2.prevObject=this;b2.context=this.context;if(b3==="find"){b2.selector=this.selector+(this.selector?" ":"")+b0}else{if(b3){b2.selector=this.selector+"."+b3+"("+b0+")"}}return b2},each:function(b1,b0){return bF.each(this,b1,b0)},ready:function(b0){bF.bindReady();bC.add(b0);return this},eq:function(b0){b0=+b0;return b0===-1?this.slice(b0):this.slice(b0,b0+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(bK.apply(this,arguments),"slice",bK.call(arguments).join(","))},map:function(b0){return this.pushStack(bF.map(this,function(b2,b1){return b0.call(b2,b1,b2)}))},end:function(){return this.prevObject||this.constructor(null)},push:bz,sort:[].sort,splice:[].splice};bF.fn.init.prototype=bF.fn;bF.extend=bF.fn.extend=function(){var b9,b2,b0,b1,b6,b7,b5=arguments[0]||{},b4=1,b3=arguments.length,b8=false;if(typeof b5==="boolean"){b8=b5;b5=arguments[1]||{};b4=2}if(typeof b5!=="object"&&!bF.isFunction(b5)){b5={}}if(b3===b4){b5=this;--b4}for(;b4<b3;b4++){if((b9=arguments[b4])!=null){for(b2 in b9){b0=b5[b2];b1=b9[b2];if(b5===b1){continue}if(b8&&b1&&(bF.isPlainObject(b1)||(b6=bF.isArray(b1)))){if(b6){b6=false;b7=b0&&bF.isArray(b0)?b0:[]}else{b7=b0&&bF.isPlainObject(b0)?b0:{}}b5[b2]=bF.extend(b8,b7,b1)}else{if(b1!==L){b5[b2]=b1}}}}}return b5};bF.extend({noConflict:function(b0){if(bb.$===bF){bb.$=bH}if(b0&&bb.jQuery===bF){bb.jQuery=bU}return bF},isReady:false,readyWait:1,holdReady:function(b0){if(b0){bF.readyWait++}else{bF.ready(true)}},ready:function(b0){if((b0===true&&!--bF.readyWait)||(b0!==true&&!bF.isReady)){if(!av.body){return setTimeout(bF.ready,1)}bF.isReady=true;if(b0!==true&&--bF.readyWait>0){return}bC.fireWith(av,[bF]);if(bF.fn.trigger){bF(av).trigger("ready").off("ready")}}},bindReady:function(){if(bC){return}bC=bF.Callbacks("once memory");if(av.readyState==="complete"){return setTimeout(bF.ready,1)}if(av.addEventListener){av.addEventListener("DOMContentLoaded",e,false);bb.addEventListener("load",bF.ready,false)}else{if(av.attachEvent){av.attachEvent("onreadystatechange",e);bb.attachEvent("onload",bF.ready);var b0=false;try{b0=bb.frameElement==null}catch(b1){}if(av.documentElement.doScroll&&b0){bw()}}}},isFunction:function(b0){return bF.type(b0)==="function"},isArray:Array.isArray||function(b0){return bF.type(b0)==="array"},isWindow:function(b0){return b0&&typeof b0==="object"&&"setInterval" in b0},isNumeric:function(b0){return !isNaN(parseFloat(b0))&&isFinite(b0)},type:function(b0){return b0==null?String(b0):bx[bL.call(b0)]||"object"},isPlainObject:function(b2){if(!b2||bF.type(b2)!=="object"||b2.nodeType||bF.isWindow(b2)){return false}try{if(b2.constructor&&!bG.call(b2,"constructor")&&!bG.call(b2.constructor.prototype,"isPrototypeOf")){return false}}catch(b1){return false}var b0;for(b0 in b2){}return b0===L||bG.call(b2,b0)},isEmptyObject:function(b1){for(var b0 in b1){return false}return true},error:function(b0){throw new Error(b0)},parseJSON:function(b0){if(typeof b0!=="string"||!b0){return null}b0=bF.trim(b0);if(bb.JSON&&bb.JSON.parse){return bb.JSON.parse(b0)}if(bN.test(b0.replace(bW,"@").replace(bP,"]").replace(bJ,""))){return(new Function("return "+b0))()}bF.error("Invalid JSON: "+b0)},parseXML:function(b2){var b0,b1;try{if(bb.DOMParser){b1=new DOMParser();b0=b1.parseFromString(b2,"text/xml")}else{b0=new ActiveXObject("Microsoft.XMLDOM");b0.async="false";b0.loadXML(b2)}}catch(b3){b0=L}if(!b0||!b0.documentElement||b0.getElementsByTagName("parsererror").length){bF.error("Invalid XML: "+b2)}return b0},noop:function(){},globalEval:function(b0){if(b0&&bM.test(b0)){(bb.execScript||function(b1){bb["eval"].call(bb,b1)})(b0)}},camelCase:function(b0){return b0.replace(bZ,"ms-").replace(bB,bT)},nodeName:function(b1,b0){return b1.nodeName&&b1.nodeName.toUpperCase()===b0.toUpperCase()},each:function(b3,b6,b2){var b1,b4=0,b5=b3.length,b0=b5===L||bF.isFunction(b3);if(b2){if(b0){for(b1 in b3){if(b6.apply(b3[b1],b2)===false){break}}}else{for(;b4<b5;){if(b6.apply(b3[b4++],b2)===false){break}}}}else{if(b0){for(b1 in b3){if(b6.call(b3[b1],b1,b3[b1])===false){break}}}else{for(;b4<b5;){if(b6.call(b3[b4],b4,b3[b4++])===false){break}}}}return b3},trim:bO?function(b0){return b0==null?"":bO.call(b0)}:function(b0){return b0==null?"":b0.toString().replace(bI,"").replace(bE,"")},makeArray:function(b3,b1){var b0=b1||[];if(b3!=null){var b2=bF.type(b3);if(b3.length==null||b2==="string"||b2==="function"||b2==="regexp"||bF.isWindow(b3)){bz.call(b0,b3)}else{bF.merge(b0,b3)}}return b0},inArray:function(b2,b3,b1){var b0;if(b3){if(bv){return bv.call(b3,b2,b1)}b0=b3.length;b1=b1?b1<0?Math.max(0,b0+b1):b1:0;for(;b1<b0;b1++){if(b1 in b3&&b3[b1]===b2){return b1}}}return -1},merge:function(b4,b2){var b3=b4.length,b1=0;if(typeof b2.length==="number"){for(var b0=b2.length;b1<b0;b1++){b4[b3++]=b2[b1]}}else{while(b2[b1]!==L){b4[b3++]=b2[b1++]}}b4.length=b3;return b4},grep:function(b1,b6,b0){var b2=[],b5;b0=!!b0;for(var b3=0,b4=b1.length;b3<b4;b3++){b5=!!b6(b1[b3],b3);if(b0!==b5){b2.push(b1[b3])}}return b2},map:function(b0,b7,b8){var b5,b6,b4=[],b2=0,b1=b0.length,b3=b0 instanceof bF||b1!==L&&typeof b1==="number"&&((b1>0&&b0[0]&&b0[b1-1])||b1===0||bF.isArray(b0));if(b3){for(;b2<b1;b2++){b5=b7(b0[b2],b2,b8);if(b5!=null){b4[b4.length]=b5}}}else{for(b6 in b0){b5=b7(b0[b6],b6,b8);if(b5!=null){b4[b4.length]=b5}}}return b4.concat.apply([],b4)},guid:1,proxy:function(b4,b3){if(typeof b3==="string"){var b2=b4[b3];b3=b4;b4=b2}if(!bF.isFunction(b4)){return L}var b0=bK.call(arguments,2),b1=function(){return b4.apply(b3,b0.concat(bK.call(arguments)))};b1.guid=b4.guid=b4.guid||b1.guid||bF.guid++;return b1},access:function(b0,b8,b6,b2,b5,b7){var b1=b0.length;if(typeof b8==="object"){for(var b3 in b8){bF.access(b0,b3,b8[b3],b2,b5,b6)}return b0}if(b6!==L){b2=!b7&&b2&&bF.isFunction(b6);for(var b4=0;b4<b1;b4++){b5(b0[b4],b8,b2?b6.call(b0[b4],b4,b5(b0[b4],b8)):b6,b7)}return b0}return b1?b5(b0[0],b8):L},now:function(){return(new Date()).getTime()},uaMatch:function(b1){b1=b1.toLowerCase();var b0=by.exec(b1)||bR.exec(b1)||bQ.exec(b1)||b1.indexOf("compatible")<0&&bS.exec(b1)||[];return{browser:b0[1]||"",version:b0[2]||"0"}},sub:function(){function b0(b3,b4){return new b0.fn.init(b3,b4)}bF.extend(true,b0,this);b0.superclass=this;b0.fn=b0.prototype=this();b0.fn.constructor=b0;b0.sub=this.sub;b0.fn.init=function b2(b3,b4){if(b4&&b4 instanceof bF&&!(b4 instanceof b0)){b4=b0(b4)}return bF.fn.init.call(this,b3,b4,b1)};b0.fn.init.prototype=b0.fn;var b1=b0(av);return b0},browser:{}});bF.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(b1,b0){bx["[object "+b0+"]"]=b0.toLowerCase()});bV=bF.uaMatch(bX);if(bV.browser){bF.browser[bV.browser]=true;bF.browser.version=bV.version}if(bF.browser.webkit){bF.browser.safari=true}if(bM.test("\xA0")){bI=/^[\s\xA0]+/;bE=/[\s\xA0]+$/}bD=bF(av);if(av.addEventListener){e=function(){av.removeEventListener("DOMContentLoaded",e,false);bF.ready()}}else{if(av.attachEvent){e=function(){if(av.readyState==="complete"){av.detachEvent("onreadystatechange",e);bF.ready()}}}}function bw(){if(bF.isReady){return}try{av.documentElement.doScroll("left")}catch(b0){setTimeout(bw,1);return}bF.ready()}return bF})();var a2={};function X(e){var bv=a2[e]={},bw,bx;e=e.split(/\s+/);for(bw=0,bx=e.length;bw<bx;bw++){bv[e[bw]]=true}return bv}b.Callbacks=function(bw){bw=bw?(a2[bw]||X(bw)):{};var bB=[],bC=[],bx,by,bv,bz,bA,bE=function(bF){var bG,bJ,bI,bH,bK;for(bG=0,bJ=bF.length;bG<bJ;bG++){bI=bF[bG];bH=b.type(bI);if(bH==="array"){bE(bI)}else{if(bH==="function"){if(!bw.unique||!bD.has(bI)){bB.push(bI)}}}}},e=function(bG,bF){bF=bF||[];bx=!bw.memory||[bG,bF];by=true;bA=bv||0;bv=0;bz=bB.length;for(;bB&&bA<bz;bA++){if(bB[bA].apply(bG,bF)===false&&bw.stopOnFalse){bx=true;break}}by=false;if(bB){if(!bw.once){if(bC&&bC.length){bx=bC.shift();bD.fireWith(bx[0],bx[1])}}else{if(bx===true){bD.disable()}else{bB=[]}}}},bD={add:function(){if(bB){var bF=bB.length;bE(arguments);if(by){bz=bB.length}else{if(bx&&bx!==true){bv=bF;e(bx[0],bx[1])}}}return this},remove:function(){if(bB){var bF=arguments,bH=0,bI=bF.length;for(;bH<bI;bH++){for(var bG=0;bG<bB.length;bG++){if(bF[bH]===bB[bG]){if(by){if(bG<=bz){bz--;if(bG<=bA){bA--}}}bB.splice(bG--,1);if(bw.unique){break}}}}}return this},has:function(bG){if(bB){var bF=0,bH=bB.length;for(;bF<bH;bF++){if(bG===bB[bF]){return true}}}return false},empty:function(){bB=[];return this},disable:function(){bB=bC=bx=L;return this},disabled:function(){return !bB},lock:function(){bC=L;if(!bx||bx===true){bD.disable()}return this},locked:function(){return !bC},fireWith:function(bG,bF){if(bC){if(by){if(!bw.once){bC.push([bG,bF])}}else{if(!(bw.once&&bx)){e(bG,bF)}}}return this},fire:function(){bD.fireWith(this,arguments);return this},fired:function(){return !!bx}};return bD};var aJ=[].slice;b.extend({Deferred:function(by){var bx=b.Callbacks("once memory"),bw=b.Callbacks("once memory"),bv=b.Callbacks("memory"),e="pending",bA={resolve:bx,reject:bw,notify:bv},bC={done:bx.add,fail:bw.add,progress:bv.add,state:function(){return e},isResolved:bx.fired,isRejected:bw.fired,then:function(bE,bD,bF){bB.done(bE).fail(bD).progress(bF);return this},always:function(){bB.done.apply(bB,arguments).fail.apply(bB,arguments);return this},pipe:function(bF,bE,bD){return b.Deferred(function(bG){b.each({done:[bF,"resolve"],fail:[bE,"reject"],progress:[bD,"notify"]},function(bI,bL){var bH=bL[0],bK=bL[1],bJ;if(b.isFunction(bH)){bB[bI](function(){bJ=bH.apply(this,arguments);if(bJ&&b.isFunction(bJ.promise)){bJ.promise().then(bG.resolve,bG.reject,bG.notify)}else{bG[bK+"With"](this===bB?bG:this,[bJ])}})}else{bB[bI](bG[bK])}})}).promise()},promise:function(bE){if(bE==null){bE=bC}else{for(var bD in bC){bE[bD]=bC[bD]}}return bE}},bB=bC.promise({}),bz;for(bz in bA){bB[bz]=bA[bz].fire;bB[bz+"With"]=bA[bz].fireWith}bB.done(function(){e="resolved"},bw.disable,bv.lock).fail(function(){e="rejected"},bx.disable,bv.lock);if(by){by.call(bB,bB)}return bB},when:function(bA){var bx=aJ.call(arguments,0),bv=0,e=bx.length,bB=new Array(e),bw=e,by=e,bC=e<=1&&bA&&b.isFunction(bA.promise)?bA:b.Deferred(),bE=bC.promise();function bD(bF){return function(bG){bx[bF]=arguments.length>1?aJ.call(arguments,0):bG;if(!(--bw)){bC.resolveWith(bC,bx)}}}function bz(bF){return function(bG){bB[bF]=arguments.length>1?aJ.call(arguments,0):bG;bC.notifyWith(bE,bB)}}if(e>1){for(;bv<e;bv++){if(bx[bv]&&bx[bv].promise&&b.isFunction(bx[bv].promise)){bx[bv].promise().then(bD(bv),bC.reject,bz(bv))}else{--bw}}if(!bw){bC.resolveWith(bC,bx)}}else{if(bC!==bA){bC.resolveWith(bC,e?[bA]:[])}}return bE}});b.support=(function(){var bJ,bI,bF,bG,bx,bE,bA,bD,bz,bK,bB,by,bw,bv=av.createElement("div"),bH=av.documentElement;bv.setAttribute("className","t");bv.innerHTML="   <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>";bI=bv.getElementsByTagName("*");bF=bv.getElementsByTagName("a")[0];if(!bI||!bI.length||!bF){return{}}bG=av.createElement("select");bx=bG.appendChild(av.createElement("option"));bE=bv.getElementsByTagName("input")[0];bJ={leadingWhitespace:(bv.firstChild.nodeType===3),tbody:!bv.getElementsByTagName("tbody").length,htmlSerialize:!!bv.getElementsByTagName("link").length,style:/top/.test(bF.getAttribute("style")),hrefNormalized:(bF.getAttribute("href")==="/a"),opacity:/^0.55/.test(bF.style.opacity),cssFloat:!!bF.style.cssFloat,checkOn:(bE.value==="on"),optSelected:bx.selected,getSetAttribute:bv.className!=="t",enctype:!!av.createElement("form").enctype,html5Clone:av.createElement("nav").cloneNode(true).outerHTML!=="<:nav></:nav>",submitBubbles:true,changeBubbles:true,focusinBubbles:false,deleteExpando:true,noCloneEvent:true,inlineBlockNeedsLayout:false,shrinkWrapBlocks:false,reliableMarginRight:true};bE.checked=true;bJ.noCloneChecked=bE.cloneNode(true).checked;bG.disabled=true;bJ.optDisabled=!bx.disabled;try{delete bv.test}catch(bC){bJ.deleteExpando=false}if(!bv.addEventListener&&bv.attachEvent&&bv.fireEvent){bv.attachEvent("onclick",function(){bJ.noCloneEvent=false});bv.cloneNode(true).fireEvent("onclick")}bE=av.createElement("input");bE.value="t";bE.setAttribute("type","radio");bJ.radioValue=bE.value==="t";bE.setAttribute("checked","checked");bv.appendChild(bE);bD=av.createDocumentFragment();bD.appendChild(bv.lastChild);bJ.checkClone=bD.cloneNode(true).cloneNode(true).lastChild.checked;bJ.appendChecked=bE.checked;bD.removeChild(bE);bD.appendChild(bv);bv.innerHTML="";if(bb.getComputedStyle){bA=av.createElement("div");bA.style.width="0";bA.style.marginRight="0";bv.style.width="2px";bv.appendChild(bA);bJ.reliableMarginRight=(parseInt((bb.getComputedStyle(bA,null)||{marginRight:0}).marginRight,10)||0)===0}if(bv.attachEvent){for(by in {submit:1,change:1,focusin:1}){bB="on"+by;bw=(bB in bv);if(!bw){bv.setAttribute(bB,"return;");bw=(typeof bv[bB]==="function")}bJ[by+"Bubbles"]=bw}}bD.removeChild(bv);bD=bG=bx=bA=bv=bE=null;b(function(){var bM,bU,bV,bT,bN,bO,bL,bS,bR,e,bP,bQ=av.getElementsByTagName("body")[0];if(!bQ){return}bL=1;bS="position:absolute;top:0;left:0;width:1px;height:1px;margin:0;";bR="visibility:hidden;border:0;";e="style='"+bS+"border:5px solid #000;padding:0;'";bP="<div "+e+"><div></div></div><table "+e+" cellpadding='0' cellspacing='0'><tr><td></td></tr></table>";bM=av.createElement("div");bM.style.cssText=bR+"width:0;height:0;position:static;top:0;margin-top:"+bL+"px";bQ.insertBefore(bM,bQ.firstChild);bv=av.createElement("div");bM.appendChild(bv);bv.innerHTML="<table><tr><td style='padding:0;border:0;display:none'></td><td>t</td></tr></table>";bz=bv.getElementsByTagName("td");bw=(bz[0].offsetHeight===0);bz[0].style.display="";bz[1].style.display="none";bJ.reliableHiddenOffsets=bw&&(bz[0].offsetHeight===0);bv.innerHTML="";bv.style.width=bv.style.paddingLeft="1px";b.boxModel=bJ.boxModel=bv.offsetWidth===2;if(typeof bv.style.zoom!=="undefined"){bv.style.display="inline";bv.style.zoom=1;bJ.inlineBlockNeedsLayout=(bv.offsetWidth===2);bv.style.display="";bv.innerHTML="<div style='width:4px;'></div>";bJ.shrinkWrapBlocks=(bv.offsetWidth!==2)}bv.style.cssText=bS+bR;bv.innerHTML=bP;bU=bv.firstChild;bV=bU.firstChild;bN=bU.nextSibling.firstChild.firstChild;bO={doesNotAddBorder:(bV.offsetTop!==5),doesAddBorderForTableAndCells:(bN.offsetTop===5)};bV.style.position="fixed";bV.style.top="20px";bO.fixedPosition=(bV.offsetTop===20||bV.offsetTop===15);bV.style.position=bV.style.top="";bU.style.overflow="hidden";bU.style.position="relative";bO.subtractsBorderForOverflowNotVisible=(bV.offsetTop===-5);bO.doesNotIncludeMarginInBodyOffset=(bQ.offsetTop!==bL);bQ.removeChild(bM);bv=bM=null;b.extend(bJ,bO)});return bJ})();var aS=/^(?:\{.*\}|\[.*\])$/,aA=/([A-Z])/g;b.extend({cache:{},uuid:0,expando:"jQuery"+(b.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:true,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:true},hasData:function(e){e=e.nodeType?b.cache[e[b.expando]]:e[b.expando];return !!e&&!S(e)},data:function(bx,bv,bz,by){if(!b.acceptData(bx)){return}var bG,bA,bD,bE=b.expando,bC=typeof bv==="string",bF=bx.nodeType,e=bF?b.cache:bx,bw=bF?bx[bE]:bx[bE]&&bE,bB=bv==="events";if((!bw||!e[bw]||(!bB&&!by&&!e[bw].data))&&bC&&bz===L){return}if(!bw){if(bF){bx[bE]=bw=++b.uuid}else{bw=bE}}if(!e[bw]){e[bw]={};if(!bF){e[bw].toJSON=b.noop}}if(typeof bv==="object"||typeof bv==="function"){if(by){e[bw]=b.extend(e[bw],bv)}else{e[bw].data=b.extend(e[bw].data,bv)}}bG=bA=e[bw];if(!by){if(!bA.data){bA.data={}}bA=bA.data}if(bz!==L){bA[b.camelCase(bv)]=bz}if(bB&&!bA[bv]){return bG.events}if(bC){bD=bA[bv];if(bD==null){bD=bA[b.camelCase(bv)]}}else{bD=bA}return bD},removeData:function(bx,bv,by){if(!b.acceptData(bx)){return}var bB,bA,bz,bC=b.expando,bD=bx.nodeType,e=bD?b.cache:bx,bw=bD?bx[bC]:bC;if(!e[bw]){return}if(bv){bB=by?e[bw]:e[bw].data;if(bB){if(!b.isArray(bv)){if(bv in bB){bv=[bv]}else{bv=b.camelCase(bv);if(bv in bB){bv=[bv]}else{bv=bv.split(" ")}}}for(bA=0,bz=bv.length;bA<bz;bA++){delete bB[bv[bA]]}if(!(by?S:b.isEmptyObject)(bB)){return}}}if(!by){delete e[bw].data;if(!S(e[bw])){return}}if(b.support.deleteExpando||!e.setInterval){delete e[bw]}else{e[bw]=null}if(bD){if(b.support.deleteExpando){delete bx[bC]}else{if(bx.removeAttribute){bx.removeAttribute(bC)}else{bx[bC]=null}}}},_data:function(bv,e,bw){return b.data(bv,e,bw,true)},acceptData:function(bv){if(bv.nodeName){var e=b.noData[bv.nodeName.toLowerCase()];if(e){return !(e===true||bv.getAttribute("classid")!==e)}}return true}});b.fn.extend({data:function(by,bA){var bB,e,bw,bz=null;if(typeof by==="undefined"){if(this.length){bz=b.data(this[0]);if(this[0].nodeType===1&&!b._data(this[0],"parsedAttrs")){e=this[0].attributes;for(var bx=0,bv=e.length;bx<bv;bx++){bw=e[bx].name;if(bw.indexOf("data-")===0){bw=b.camelCase(bw.substring(5));a5(this[0],bw,bz[bw])}}b._data(this[0],"parsedAttrs",true)}}return bz}else{if(typeof by==="object"){return this.each(function(){b.data(this,by)})}}bB=by.split(".");bB[1]=bB[1]?"."+bB[1]:"";if(bA===L){bz=this.triggerHandler("getData"+bB[1]+"!",[bB[0]]);if(bz===L&&this.length){bz=b.data(this[0],by);bz=a5(this[0],by,bz)}return bz===L&&bB[1]?this.data(bB[0]):bz}else{return this.each(function(){var bC=b(this),bD=[bB[0],bA];bC.triggerHandler("setData"+bB[1]+"!",bD);b.data(this,by,bA);bC.triggerHandler("changeData"+bB[1]+"!",bD)})}},removeData:function(e){return this.each(function(){b.removeData(this,e)})}});function a5(bx,bw,by){if(by===L&&bx.nodeType===1){var bv="data-"+bw.replace(aA,"-$1").toLowerCase();by=bx.getAttribute(bv);if(typeof by==="string"){try{by=by==="true"?true:by==="false"?false:by==="null"?null:b.isNumeric(by)?parseFloat(by):aS.test(by)?b.parseJSON(by):by}catch(bz){}b.data(bx,bw,by)}else{by=L}}return by}function S(bv){for(var e in bv){if(e==="data"&&b.isEmptyObject(bv[e])){continue}if(e!=="toJSON"){return false}}return true}function bi(by,bx,bA){var bw=bx+"defer",bv=bx+"queue",e=bx+"mark",bz=b._data(by,bw);if(bz&&(bA==="queue"||!b._data(by,bv))&&(bA==="mark"||!b._data(by,e))){setTimeout(function(){if(!b._data(by,bv)&&!b._data(by,e)){b.removeData(by,bw,true);bz.fire()}},0)}}b.extend({_mark:function(bv,e){if(bv){e=(e||"fx")+"mark";b._data(bv,e,(b._data(bv,e)||0)+1)}},_unmark:function(by,bx,bv){if(by!==true){bv=bx;bx=by;by=false}if(bx){bv=bv||"fx";var e=bv+"mark",bw=by?0:((b._data(bx,e)||1)-1);if(bw){b._data(bx,e,bw)}else{b.removeData(bx,e,true);bi(bx,bv,"mark")}}},queue:function(bv,e,bx){var bw;if(bv){e=(e||"fx")+"queue";bw=b._data(bv,e);if(bx){if(!bw||b.isArray(bx)){bw=b._data(bv,e,b.makeArray(bx))}else{bw.push(bx)}}return bw||[]}},dequeue:function(by,bx){bx=bx||"fx";var bv=b.queue(by,bx),bw=bv.shift(),e={};if(bw==="inprogress"){bw=bv.shift()}if(bw){if(bx==="fx"){bv.unshift("inprogress")}b._data(by,bx+".run",e);bw.call(by,function(){b.dequeue(by,bx)},e)}if(!bv.length){b.removeData(by,bx+"queue "+bx+".run",true);bi(by,bx,"queue")}}});b.fn.extend({queue:function(e,bv){if(typeof e!=="string"){bv=e;e="fx"}if(bv===L){return b.queue(this[0],e)}return this.each(function(){var bw=b.queue(this,e,bv);if(e==="fx"&&bw[0]!=="inprogress"){b.dequeue(this,e)}})},dequeue:function(e){return this.each(function(){b.dequeue(this,e)})},delay:function(bv,e){bv=b.fx?b.fx.speeds[bv]||bv:bv;e=e||"fx";return this.queue(e,function(bx,bw){var by=setTimeout(bx,bv);bw.stop=function(){clearTimeout(by)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(bD,bw){if(typeof bD!=="string"){bw=bD;bD=L}bD=bD||"fx";var e=b.Deferred(),bv=this,by=bv.length,bB=1,bz=bD+"defer",bA=bD+"queue",bC=bD+"mark",bx;function bE(){if(!(--bB)){e.resolveWith(bv,[bv])}}while(by--){if((bx=b.data(bv[by],bz,L,true)||(b.data(bv[by],bA,L,true)||b.data(bv[by],bC,L,true))&&b.data(bv[by],bz,b.Callbacks("once memory"),true))){bB++;bx.add(bE)}}bE();return e.promise()}});var aP=/[\n\t\r]/g,af=/\s+/,aU=/\r/g,g=/^(?:button|input)$/i,D=/^(?:button|input|object|select|textarea)$/i,l=/^a(?:rea)?$/i,ao=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,F=b.support.getSetAttribute,be,aY,aF;b.fn.extend({attr:function(e,bv){return b.access(this,e,bv,true,b.attr)},removeAttr:function(e){return this.each(function(){b.removeAttr(this,e)})},prop:function(e,bv){return b.access(this,e,bv,true,b.prop)},removeProp:function(e){e=b.propFix[e]||e;return this.each(function(){try{this[e]=L;delete this[e]}catch(bv){}})},addClass:function(by){var bA,bw,bv,bx,bz,bB,e;if(b.isFunction(by)){return this.each(function(bC){b(this).addClass(by.call(this,bC,this.className))})}if(by&&typeof by==="string"){bA=by.split(af);for(bw=0,bv=this.length;bw<bv;bw++){bx=this[bw];if(bx.nodeType===1){if(!bx.className&&bA.length===1){bx.className=by}else{bz=" "+bx.className+" ";for(bB=0,e=bA.length;bB<e;bB++){if(!~bz.indexOf(" "+bA[bB]+" ")){bz+=bA[bB]+" "}}bx.className=b.trim(bz)}}}}return this},removeClass:function(bz){var bA,bw,bv,by,bx,bB,e;if(b.isFunction(bz)){return this.each(function(bC){b(this).removeClass(bz.call(this,bC,this.className))})}if((bz&&typeof bz==="string")||bz===L){bA=(bz||"").split(af);for(bw=0,bv=this.length;bw<bv;bw++){by=this[bw];if(by.nodeType===1&&by.className){if(bz){bx=(" "+by.className+" ").replace(aP," ");for(bB=0,e=bA.length;bB<e;bB++){bx=bx.replace(" "+bA[bB]+" "," ")}by.className=b.trim(bx)}else{by.className=""}}}}return this},toggleClass:function(bx,bv){var bw=typeof bx,e=typeof bv==="boolean";if(b.isFunction(bx)){return this.each(function(by){b(this).toggleClass(bx.call(this,by,this.className,bv),bv)})}return this.each(function(){if(bw==="string"){var bA,bz=0,by=b(this),bB=bv,bC=bx.split(af);while((bA=bC[bz++])){bB=e?bB:!by.hasClass(bA);by[bB?"addClass":"removeClass"](bA)}}else{if(bw==="undefined"||bw==="boolean"){if(this.className){b._data(this,"__className__",this.className)}this.className=this.className||bx===false?"":b._data(this,"__className__")||""}}})},hasClass:function(e){var bx=" "+e+" ",bw=0,bv=this.length;for(;bw<bv;bw++){if(this[bw].nodeType===1&&(" "+this[bw].className+" ").replace(aP," ").indexOf(bx)>-1){return true}}return false},val:function(bx){var e,bv,by,bw=this[0];if(!arguments.length){if(bw){e=b.valHooks[bw.nodeName.toLowerCase()]||b.valHooks[bw.type];if(e&&"get" in e&&(bv=e.get(bw,"value"))!==L){return bv}bv=bw.value;return typeof bv==="string"?bv.replace(aU,""):bv==null?"":bv}return}by=b.isFunction(bx);return this.each(function(bA){var bz=b(this),bB;if(this.nodeType!==1){return}if(by){bB=bx.call(this,bA,bz.val())}else{bB=bx}if(bB==null){bB=""}else{if(typeof bB==="number"){bB+=""}else{if(b.isArray(bB)){bB=b.map(bB,function(bC){return bC==null?"":bC+""})}}}e=b.valHooks[this.nodeName.toLowerCase()]||b.valHooks[this.type];if(!e||!("set" in e)||e.set(this,bB,"value")===L){this.value=bB}})}});b.extend({valHooks:{option:{get:function(e){var bv=e.attributes.value;return !bv||bv.specified?e.value:e.text}},select:{get:function(e){var bA,bv,bz,bx,by=e.selectedIndex,bB=[],bC=e.options,bw=e.type==="select-one";if(by<0){return null}bv=bw?by:0;bz=bw?by+1:bC.length;for(;bv<bz;bv++){bx=bC[bv];if(bx.selected&&(b.support.optDisabled?!bx.disabled:bx.getAttribute("disabled")===null)&&(!bx.parentNode.disabled||!b.nodeName(bx.parentNode,"optgroup"))){bA=b(bx).val();if(bw){return bA}bB.push(bA)}}if(bw&&!bB.length&&bC.length){return b(bC[by]).val()}return bB},set:function(bv,bw){var e=b.makeArray(bw);b(bv).find("option").each(function(){this.selected=b.inArray(b(this).val(),e)>=0});if(!e.length){bv.selectedIndex=-1}return e}}},attrFn:{val:true,css:true,html:true,text:true,data:true,width:true,height:true,offset:true},attr:function(bA,bx,bB,bz){var bw,e,by,bv=bA.nodeType;if(!bA||bv===3||bv===8||bv===2){return}if(bz&&bx in b.attrFn){return b(bA)[bx](bB)}if(typeof bA.getAttribute==="undefined"){return b.prop(bA,bx,bB)}by=bv!==1||!b.isXMLDoc(bA);if(by){bx=bx.toLowerCase();e=b.attrHooks[bx]||(ao.test(bx)?aY:be)}if(bB!==L){if(bB===null){b.removeAttr(bA,bx);return}else{if(e&&"set" in e&&by&&(bw=e.set(bA,bB,bx))!==L){return bw}else{bA.setAttribute(bx,""+bB);return bB}}}else{if(e&&"get" in e&&by&&(bw=e.get(bA,bx))!==null){return bw}else{bw=bA.getAttribute(bx);return bw===null?L:bw}}},removeAttr:function(bx,bz){var by,bA,bv,e,bw=0;if(bz&&bx.nodeType===1){bA=bz.toLowerCase().split(af);e=bA.length;for(;bw<e;bw++){bv=bA[bw];if(bv){by=b.propFix[bv]||bv;b.attr(bx,bv,"");bx.removeAttribute(F?bv:by);if(ao.test(bv)&&by in bx){bx[by]=false}}}}},attrHooks:{type:{set:function(e,bv){if(g.test(e.nodeName)&&e.parentNode){b.error("type property can't be changed")}else{if(!b.support.radioValue&&bv==="radio"&&b.nodeName(e,"input")){var bw=e.value;e.setAttribute("type",bv);if(bw){e.value=bw}return bv}}}},value:{get:function(bv,e){if(be&&b.nodeName(bv,"button")){return be.get(bv,e)}return e in bv?bv.value:null},set:function(bv,bw,e){if(be&&b.nodeName(bv,"button")){return be.set(bv,bw,e)}bv.value=bw}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(bz,bx,bA){var bw,e,by,bv=bz.nodeType;if(!bz||bv===3||bv===8||bv===2){return}by=bv!==1||!b.isXMLDoc(bz);if(by){bx=b.propFix[bx]||bx;e=b.propHooks[bx]}if(bA!==L){if(e&&"set" in e&&(bw=e.set(bz,bA,bx))!==L){return bw}else{return(bz[bx]=bA)}}else{if(e&&"get" in e&&(bw=e.get(bz,bx))!==null){return bw}else{return bz[bx]}}},propHooks:{tabIndex:{get:function(bv){var e=bv.getAttributeNode("tabindex");return e&&e.specified?parseInt(e.value,10):D.test(bv.nodeName)||l.test(bv.nodeName)&&bv.href?0:L}}}});b.attrHooks.tabindex=b.propHooks.tabIndex;aY={get:function(bv,e){var bx,bw=b.prop(bv,e);return bw===true||typeof bw!=="boolean"&&(bx=bv.getAttributeNode(e))&&bx.nodeValue!==false?e.toLowerCase():L},set:function(bv,bx,e){var bw;if(bx===false){b.removeAttr(bv,e)}else{bw=b.propFix[e]||e;if(bw in bv){bv[bw]=true}bv.setAttribute(e,e.toLowerCase())}return e}};if(!F){aF={name:true,id:true};be=b.valHooks.button={get:function(bw,bv){var e;e=bw.getAttributeNode(bv);return e&&(aF[bv]?e.nodeValue!=="":e.specified)?e.nodeValue:L},set:function(bw,bx,bv){var e=bw.getAttributeNode(bv);if(!e){e=av.createAttribute(bv);bw.setAttributeNode(e)}return(e.nodeValue=bx+"")}};b.attrHooks.tabindex.set=be.set;b.each(["width","height"],function(bv,e){b.attrHooks[e]=b.extend(b.attrHooks[e],{set:function(bw,bx){if(bx===""){bw.setAttribute(e,"auto");return bx}}})});b.attrHooks.contenteditable={get:be.get,set:function(bv,bw,e){if(bw===""){bw="false"}be.set(bv,bw,e)}}}if(!b.support.hrefNormalized){b.each(["href","src","width","height"],function(bv,e){b.attrHooks[e]=b.extend(b.attrHooks[e],{get:function(bx){var bw=bx.getAttribute(e,2);return bw===null?L:bw}})})}if(!b.support.style){b.attrHooks.style={get:function(e){return e.style.cssText.toLowerCase()||L},set:function(e,bv){return(e.style.cssText=""+bv)}}}if(!b.support.optSelected){b.propHooks.selected=b.extend(b.propHooks.selected,{get:function(bv){var e=bv.parentNode;if(e){e.selectedIndex;if(e.parentNode){e.parentNode.selectedIndex}}return null}})}if(!b.support.enctype){b.propFix.enctype="encoding"}if(!b.support.checkOn){b.each(["radio","checkbox"],function(){b.valHooks[this]={get:function(e){return e.getAttribute("value")===null?"on":e.value}}})}b.each(["radio","checkbox"],function(){b.valHooks[this]=b.extend(b.valHooks[this],{set:function(e,bv){if(b.isArray(bv)){return(e.checked=b.inArray(b(e).val(),bv)>=0)}}})});var bd=/^(?:textarea|input|select)$/i,n=/^([^\.]*)?(?:\.(.+))?$/,J=/\bhover(\.\S+)?\b/,aO=/^key/,bf=/^(?:mouse|contextmenu)|click/,T=/^(?:focusinfocus|focusoutblur)$/,U=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,Y=function(e){var bv=U.exec(e);if(bv){bv[1]=(bv[1]||"").toLowerCase();bv[3]=bv[3]&&new RegExp("(?:^|\\s)"+bv[3]+"(?:\\s|$)")}return bv},j=function(bw,e){var bv=bw.attributes||{};return((!e[1]||bw.nodeName.toLowerCase()===e[1])&&(!e[2]||(bv.id||{}).value===e[2])&&(!e[3]||e[3].test((bv["class"]||{}).value)))},bt=function(e){return b.event.special.hover?e:e.replace(J,"mouseenter$1 mouseleave$1")};b.event={add:function(bx,bC,bJ,bA,by){var bD,bB,bK,bI,bH,bF,e,bG,bv,bz,bw,bE;if(bx.nodeType===3||bx.nodeType===8||!bC||!bJ||!(bD=b._data(bx))){return}if(bJ.handler){bv=bJ;bJ=bv.handler}if(!bJ.guid){bJ.guid=b.guid++}bK=bD.events;if(!bK){bD.events=bK={}}bB=bD.handle;if(!bB){bD.handle=bB=function(bL){return typeof b!=="undefined"&&(!bL||b.event.triggered!==bL.type)?b.event.dispatch.apply(bB.elem,arguments):L};bB.elem=bx}bC=b.trim(bt(bC)).split(" ");for(bI=0;bI<bC.length;bI++){bH=n.exec(bC[bI])||[];bF=bH[1];e=(bH[2]||"").split(".").sort();bE=b.event.special[bF]||{};bF=(by?bE.delegateType:bE.bindType)||bF;bE=b.event.special[bF]||{};bG=b.extend({type:bF,origType:bH[1],data:bA,handler:bJ,guid:bJ.guid,selector:by,quick:Y(by),namespace:e.join(".")},bv);bw=bK[bF];if(!bw){bw=bK[bF]=[];bw.delegateCount=0;if(!bE.setup||bE.setup.call(bx,bA,e,bB)===false){if(bx.addEventListener){bx.addEventListener(bF,bB,false)}else{if(bx.attachEvent){bx.attachEvent("on"+bF,bB)}}}}if(bE.add){bE.add.call(bx,bG);if(!bG.handler.guid){bG.handler.guid=bJ.guid}}if(by){bw.splice(bw.delegateCount++,0,bG)}else{bw.push(bG)}b.event.global[bF]=true}bx=null},global:{},remove:function(bJ,bE,bv,bH,bB){var bI=b.hasData(bJ)&&b._data(bJ),bF,bx,bz,bL,bC,bA,bG,bw,by,bK,bD,e;if(!bI||!(bw=bI.events)){return}bE=b.trim(bt(bE||"")).split(" ");for(bF=0;bF<bE.length;bF++){bx=n.exec(bE[bF])||[];bz=bL=bx[1];bC=bx[2];if(!bz){for(bz in bw){b.event.remove(bJ,bz+bE[bF],bv,bH,true)}continue}by=b.event.special[bz]||{};bz=(bH?by.delegateType:by.bindType)||bz;bD=bw[bz]||[];bA=bD.length;bC=bC?new RegExp("(^|\\.)"+bC.split(".").sort().join("\\.(?:.*\\.)?")+"(\\.|$)"):null;for(bG=0;bG<bD.length;bG++){e=bD[bG];if((bB||bL===e.origType)&&(!bv||bv.guid===e.guid)&&(!bC||bC.test(e.namespace))&&(!bH||bH===e.selector||bH==="**"&&e.selector)){bD.splice(bG--,1);if(e.selector){bD.delegateCount--}if(by.remove){by.remove.call(bJ,e)}}}if(bD.length===0&&bA!==bD.length){if(!by.teardown||by.teardown.call(bJ,bC)===false){b.removeEvent(bJ,bz,bI.handle)}delete bw[bz]}}if(b.isEmptyObject(bw)){bK=bI.handle;if(bK){bK.elem=null}b.removeData(bJ,["events","handle"],true)}},customEvent:{getData:true,setData:true,changeData:true},trigger:function(bv,bD,bA,bJ){if(bA&&(bA.nodeType===3||bA.nodeType===8)){return}var bG=bv.type||bv,bx=[],e,bw,bC,bH,bz,by,bF,bE,bB,bI;if(T.test(bG+b.event.triggered)){return}if(bG.indexOf("!")>=0){bG=bG.slice(0,-1);bw=true}if(bG.indexOf(".")>=0){bx=bG.split(".");bG=bx.shift();bx.sort()}if((!bA||b.event.customEvent[bG])&&!b.event.global[bG]){return}bv=typeof bv==="object"?bv[b.expando]?bv:new b.Event(bG,bv):new b.Event(bG);bv.type=bG;bv.isTrigger=true;bv.exclusive=bw;bv.namespace=bx.join(".");bv.namespace_re=bv.namespace?new RegExp("(^|\\.)"+bx.join("\\.(?:.*\\.)?")+"(\\.|$)"):null;by=bG.indexOf(":")<0?"on"+bG:"";if(!bA){e=b.cache;for(bC in e){if(e[bC].events&&e[bC].events[bG]){b.event.trigger(bv,bD,e[bC].handle.elem,true)}}return}bv.result=L;if(!bv.target){bv.target=bA}bD=bD!=null?b.makeArray(bD):[];bD.unshift(bv);bF=b.event.special[bG]||{};if(bF.trigger&&bF.trigger.apply(bA,bD)===false){return}bB=[[bA,bF.bindType||bG]];if(!bJ&&!bF.noBubble&&!b.isWindow(bA)){bI=bF.delegateType||bG;bH=T.test(bI+bG)?bA:bA.parentNode;bz=null;for(;bH;bH=bH.parentNode){bB.push([bH,bI]);bz=bH}if(bz&&bz===bA.ownerDocument){bB.push([bz.defaultView||bz.parentWindow||bb,bI])}}for(bC=0;bC<bB.length&&!bv.isPropagationStopped();bC++){bH=bB[bC][0];bv.type=bB[bC][1];bE=(b._data(bH,"events")||{})[bv.type]&&b._data(bH,"handle");if(bE){bE.apply(bH,bD)}bE=by&&bH[by];if(bE&&b.acceptData(bH)&&bE.apply(bH,bD)===false){bv.preventDefault()}}bv.type=bG;if(!bJ&&!bv.isDefaultPrevented()){if((!bF._default||bF._default.apply(bA.ownerDocument,bD)===false)&&!(bG==="click"&&b.nodeName(bA,"a"))&&b.acceptData(bA)){if(by&&bA[bG]&&((bG!=="focus"&&bG!=="blur")||bv.target.offsetWidth!==0)&&!b.isWindow(bA)){bz=bA[by];if(bz){bA[by]=null}b.event.triggered=bG;bA[bG]();b.event.triggered=L;if(bz){bA[by]=bz}}}}return bv.result},dispatch:function(e){e=b.event.fix(e||bb.event);var bz=((b._data(this,"events")||{})[e.type]||[]),bA=bz.delegateCount,bG=[].slice.call(arguments,0),by=!e.exclusive&&!e.namespace,bH=[],bC,bB,bK,bx,bF,bE,bv,bD,bI,bw,bJ;bG[0]=e;e.delegateTarget=this;if(bA&&!e.target.disabled&&!(e.button&&e.type==="click")){bx=b(this);bx.context=this.ownerDocument||this;for(bK=e.target;bK!=this;bK=bK.parentNode||this){bE={};bD=[];bx[0]=bK;for(bC=0;bC<bA;bC++){bI=bz[bC];bw=bI.selector;if(bE[bw]===L){bE[bw]=(bI.quick?j(bK,bI.quick):bx.is(bw))}if(bE[bw]){bD.push(bI)}}if(bD.length){bH.push({elem:bK,matches:bD})}}}if(bz.length>bA){bH.push({elem:this,matches:bz.slice(bA)})}for(bC=0;bC<bH.length&&!e.isPropagationStopped();bC++){bv=bH[bC];e.currentTarget=bv.elem;for(bB=0;bB<bv.matches.length&&!e.isImmediatePropagationStopped();bB++){bI=bv.matches[bB];if(by||(!e.namespace&&!bI.namespace)||e.namespace_re&&e.namespace_re.test(bI.namespace)){e.data=bI.data;e.handleObj=bI;bF=((b.event.special[bI.origType]||{}).handle||bI.handler).apply(bv.elem,bG);if(bF!==L){e.result=bF;if(bF===false){e.preventDefault();e.stopPropagation()}}}}}return e.result},props:"attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(bv,e){if(bv.which==null){bv.which=e.charCode!=null?e.charCode:e.keyCode}return bv}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(bx,bw){var by,bz,e,bv=bw.button,bA=bw.fromElement;if(bx.pageX==null&&bw.clientX!=null){by=bx.target.ownerDocument||av;bz=by.documentElement;e=by.body;bx.pageX=bw.clientX+(bz&&bz.scrollLeft||e&&e.scrollLeft||0)-(bz&&bz.clientLeft||e&&e.clientLeft||0);bx.pageY=bw.clientY+(bz&&bz.scrollTop||e&&e.scrollTop||0)-(bz&&bz.clientTop||e&&e.clientTop||0)}if(!bx.relatedTarget&&bA){bx.relatedTarget=bA===bx.target?bw.toElement:bA}if(!bx.which&&bv!==L){bx.which=(bv&1?1:(bv&2?3:(bv&4?2:0)))}return bx}},fix:function(bw){if(bw[b.expando]){return bw}var bv,bz,e=bw,bx=b.event.fixHooks[bw.type]||{},by=bx.props?this.props.concat(bx.props):this.props;bw=b.Event(e);for(bv=by.length;bv;){bz=by[--bv];bw[bz]=e[bz]}if(!bw.target){bw.target=e.srcElement||av}if(bw.target.nodeType===3){bw.target=bw.target.parentNode}if(bw.metaKey===L){bw.metaKey=bw.ctrlKey}return bx.filter?bx.filter(bw,e):bw},special:{ready:{setup:b.bindReady},load:{noBubble:true},focus:{delegateType:"focusin"},blur:{delegateType:"focusout"},beforeunload:{setup:function(bw,bv,e){if(b.isWindow(this)){this.onbeforeunload=e}},teardown:function(bv,e){if(this.onbeforeunload===e){this.onbeforeunload=null}}}},simulate:function(bw,by,bx,bv){var bz=b.extend(new b.Event(),bx,{type:bw,isSimulated:true,originalEvent:{}});if(bv){b.event.trigger(bz,null,by)}else{b.event.dispatch.call(by,bz)}if(bz.isDefaultPrevented()){bx.preventDefault()}}};b.event.handle=b.event.dispatch;b.removeEvent=av.removeEventListener?function(bv,e,bw){if(bv.removeEventListener){bv.removeEventListener(e,bw,false)}}:function(bv,e,bw){if(bv.detachEvent){bv.detachEvent("on"+e,bw)}};b.Event=function(bv,e){if(!(this instanceof b.Event)){return new b.Event(bv,e)}if(bv&&bv.type){this.originalEvent=bv;this.type=bv.type;this.isDefaultPrevented=(bv.defaultPrevented||bv.returnValue===false||bv.getPreventDefault&&bv.getPreventDefault())?i:bk}else{this.type=bv}if(e){b.extend(this,e)}this.timeStamp=bv&&bv.timeStamp||b.now();this[b.expando]=true};function bk(){return false}function i(){return true}b.Event.prototype={preventDefault:function(){this.isDefaultPrevented=i;var bv=this.originalEvent;if(!bv){return}if(bv.preventDefault){bv.preventDefault()}else{bv.returnValue=false}},stopPropagation:function(){this.isPropagationStopped=i;var bv=this.originalEvent;if(!bv){return}if(bv.stopPropagation){bv.stopPropagation()}bv.cancelBubble=true},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=i;this.stopPropagation()},isDefaultPrevented:bk,isPropagationStopped:bk,isImmediatePropagationStopped:bk};b.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(bv,e){b.event.special[bv]={delegateType:e,bindType:e,handle:function(bz){var bB=this,bA=bz.relatedTarget,by=bz.handleObj,bw=by.selector,bx;if(!bA||(bA!==bB&&!b.contains(bB,bA))){bz.type=by.origType;bx=by.handler.apply(this,arguments);bz.type=e}return bx}}});if(!b.support.submitBubbles){b.event.special.submit={setup:function(){if(b.nodeName(this,"form")){return false}b.event.add(this,"click._submit keypress._submit",function(bx){var bw=bx.target,bv=b.nodeName(bw,"input")||b.nodeName(bw,"button")?bw.form:L;if(bv&&!bv._submit_attached){b.event.add(bv,"submit._submit",function(e){if(this.parentNode&&!e.isTrigger){b.event.simulate("submit",this.parentNode,e,true)}});bv._submit_attached=true}})},teardown:function(){if(b.nodeName(this,"form")){return false}b.event.remove(this,"._submit")}}}if(!b.support.changeBubbles){b.event.special.change={setup:function(){if(bd.test(this.nodeName)){if(this.type==="checkbox"||this.type==="radio"){b.event.add(this,"propertychange._change",function(e){if(e.originalEvent.propertyName==="checked"){this._just_changed=true}});b.event.add(this,"click._change",function(e){if(this._just_changed&&!e.isTrigger){this._just_changed=false;b.event.simulate("change",this,e,true)}})}return false}b.event.add(this,"beforeactivate._change",function(bw){var bv=bw.target;if(bd.test(bv.nodeName)&&!bv._change_attached){b.event.add(bv,"change._change",function(e){if(this.parentNode&&!e.isSimulated&&!e.isTrigger){b.event.simulate("change",this.parentNode,e,true)}});bv._change_attached=true}})},handle:function(bv){var e=bv.target;if(this!==e||bv.isSimulated||bv.isTrigger||(e.type!=="radio"&&e.type!=="checkbox")){return bv.handleObj.handler.apply(this,arguments)}},teardown:function(){b.event.remove(this,"._change");return bd.test(this.nodeName)}}}if(!b.support.focusinBubbles){b.each({focus:"focusin",blur:"focusout"},function(bx,e){var bv=0,bw=function(by){b.event.simulate(e,by.target,b.event.fix(by),true)};b.event.special[e]={setup:function(){if(bv++===0){av.addEventListener(bx,bw,true)}},teardown:function(){if(--bv===0){av.removeEventListener(bx,bw,true)}}}})}b.fn.extend({on:function(bw,e,bz,by,bv){var bA,bx;if(typeof bw==="object"){if(typeof e!=="string"){bz=e;e=L}for(bx in bw){this.on(bx,e,bz,bw[bx],bv)}return this}if(bz==null&&by==null){by=e;bz=e=L}else{if(by==null){if(typeof e==="string"){by=bz;bz=L}else{by=bz;bz=e;e=L}}}if(by===false){by=bk}else{if(!by){return this}}if(bv===1){bA=by;by=function(bB){b().off(bB);return bA.apply(this,arguments)};by.guid=bA.guid||(bA.guid=b.guid++)}return this.each(function(){b.event.add(this,bw,by,bz,e)})},one:function(bv,e,bx,bw){return this.on.call(this,bv,e,bx,bw,1)},off:function(bw,e,by){if(bw&&bw.preventDefault&&bw.handleObj){var bv=bw.handleObj;b(bw.delegateTarget).off(bv.namespace?bv.type+"."+bv.namespace:bv.type,bv.selector,bv.handler);return this}if(typeof bw==="object"){for(var bx in bw){this.off(bx,e,bw[bx])}return this}if(e===false||typeof e==="function"){by=e;e=L}if(by===false){by=bk}return this.each(function(){b.event.remove(this,bw,by,e)})},bind:function(e,bw,bv){return this.on(e,null,bw,bv)},unbind:function(e,bv){return this.off(e,null,bv)},live:function(e,bw,bv){b(this.context).on(e,this.selector,bw,bv);return this},die:function(e,bv){b(this.context).off(e,this.selector||"**",bv);return this},delegate:function(e,bv,bx,bw){return this.on(bv,e,bx,bw)},undelegate:function(e,bv,bw){return arguments.length==1?this.off(e,"**"):this.off(bv,e,bw)},trigger:function(e,bv){return this.each(function(){b.event.trigger(e,bv,this)})},triggerHandler:function(e,bv){if(this[0]){return b.event.trigger(e,bv,this[0],true)}},toggle:function(bx){var bv=arguments,e=bx.guid||b.guid++,bw=0,by=function(bz){var bA=(b._data(this,"lastToggle"+bx.guid)||0)%bw;b._data(this,"lastToggle"+bx.guid,bA+1);bz.preventDefault();return bv[bA].apply(this,arguments)||false};by.guid=e;while(bw<bv.length){bv[bw++].guid=e}return this.click(by)},hover:function(e,bv){return this.mouseenter(e).mouseleave(bv||e)}});b.each(("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu").split(" "),function(bv,e){b.fn[e]=function(bx,bw){if(bw==null){bw=bx;bx=null}return arguments.length>0?this.on(e,null,bx,bw):this.trigger(e)};if(b.attrFn){b.attrFn[e]=true}if(aO.test(e)){b.event.fixHooks[e]=b.event.keyHooks}if(bf.test(e)){b.event.fixHooks[e]=b.event.mouseHooks}});
-/*
- * Sizzle CSS Selector Engine
- *  Copyright 2011, The Dojo Foundation
- *  Released under the MIT, BSD, and GPL Licenses.
- *  More information: http://sizzlejs.com/
- */
-(function(){var bH=/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,bC="sizcache"+(Math.random()+"").replace(".",""),bI=0,bL=Object.prototype.toString,bB=false,bA=true,bK=/\\/g,bO=/\r\n/g,bQ=/\W/;[0,0].sort(function(){bA=false;return 0});var by=function(bV,e,bY,bZ){bY=bY||[];e=e||av;var b1=e;if(e.nodeType!==1&&e.nodeType!==9){return[]}if(!bV||typeof bV!=="string"){return bY}var bS,b3,b6,bR,b2,b5,b4,bX,bU=true,bT=by.isXML(e),bW=[],b0=bV;do{bH.exec("");bS=bH.exec(b0);if(bS){b0=bS[3];bW.push(bS[1]);if(bS[2]){bR=bS[3];break}}}while(bS);if(bW.length>1&&bD.exec(bV)){if(bW.length===2&&bE.relative[bW[0]]){b3=bM(bW[0]+bW[1],e,bZ)}else{b3=bE.relative[bW[0]]?[e]:by(bW.shift(),e);while(bW.length){bV=bW.shift();if(bE.relative[bV]){bV+=bW.shift()}b3=bM(bV,b3,bZ)}}}else{if(!bZ&&bW.length>1&&e.nodeType===9&&!bT&&bE.match.ID.test(bW[0])&&!bE.match.ID.test(bW[bW.length-1])){b2=by.find(bW.shift(),e,bT);e=b2.expr?by.filter(b2.expr,b2.set)[0]:b2.set[0]}if(e){b2=bZ?{expr:bW.pop(),set:bF(bZ)}:by.find(bW.pop(),bW.length===1&&(bW[0]==="~"||bW[0]==="+")&&e.parentNode?e.parentNode:e,bT);b3=b2.expr?by.filter(b2.expr,b2.set):b2.set;if(bW.length>0){b6=bF(b3)}else{bU=false}while(bW.length){b5=bW.pop();b4=b5;if(!bE.relative[b5]){b5=""}else{b4=bW.pop()}if(b4==null){b4=e}bE.relative[b5](b6,b4,bT)}}else{b6=bW=[]}}if(!b6){b6=b3}if(!b6){by.error(b5||bV)}if(bL.call(b6)==="[object Array]"){if(!bU){bY.push.apply(bY,b6)}else{if(e&&e.nodeType===1){for(bX=0;b6[bX]!=null;bX++){if(b6[bX]&&(b6[bX]===true||b6[bX].nodeType===1&&by.contains(e,b6[bX]))){bY.push(b3[bX])}}}else{for(bX=0;b6[bX]!=null;bX++){if(b6[bX]&&b6[bX].nodeType===1){bY.push(b3[bX])}}}}}else{bF(b6,bY)}if(bR){by(bR,b1,bY,bZ);by.uniqueSort(bY)}return bY};by.uniqueSort=function(bR){if(bJ){bB=bA;bR.sort(bJ);if(bB){for(var e=1;e<bR.length;e++){if(bR[e]===bR[e-1]){bR.splice(e--,1)}}}}return bR};by.matches=function(e,bR){return by(e,null,null,bR)};by.matchesSelector=function(e,bR){return by(bR,null,null,[e]).length>0};by.find=function(bX,e,bY){var bW,bS,bU,bT,bV,bR;if(!bX){return[]}for(bS=0,bU=bE.order.length;bS<bU;bS++){bV=bE.order[bS];if((bT=bE.leftMatch[bV].exec(bX))){bR=bT[1];bT.splice(1,1);if(bR.substr(bR.length-1)!=="\\"){bT[1]=(bT[1]||"").replace(bK,"");bW=bE.find[bV](bT,e,bY);if(bW!=null){bX=bX.replace(bE.match[bV],"");break}}}}if(!bW){bW=typeof e.getElementsByTagName!=="undefined"?e.getElementsByTagName("*"):[]}return{set:bW,expr:bX}};by.filter=function(b1,b0,b4,bU){var bW,e,bZ,b6,b3,bR,bT,bV,b2,bS=b1,b5=[],bY=b0,bX=b0&&b0[0]&&by.isXML(b0[0]);while(b1&&b0.length){for(bZ in bE.filter){if((bW=bE.leftMatch[bZ].exec(b1))!=null&&bW[2]){bR=bE.filter[bZ];bT=bW[1];e=false;bW.splice(1,1);if(bT.substr(bT.length-1)==="\\"){continue}if(bY===b5){b5=[]}if(bE.preFilter[bZ]){bW=bE.preFilter[bZ](bW,bY,b4,b5,bU,bX);if(!bW){e=b6=true}else{if(bW===true){continue}}}if(bW){for(bV=0;(b3=bY[bV])!=null;bV++){if(b3){b6=bR(b3,bW,bV,bY);b2=bU^b6;if(b4&&b6!=null){if(b2){e=true}else{bY[bV]=false}}else{if(b2){b5.push(b3);e=true}}}}}if(b6!==L){if(!b4){bY=b5}b1=b1.replace(bE.match[bZ],"");if(!e){return[]}break}}}if(b1===bS){if(e==null){by.error(b1)}else{break}}bS=b1}return bY};by.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)};var bw=by.getText=function(bU){var bS,bT,e=bU.nodeType,bR="";if(e){if(e===1||e===9){if(typeof bU.textContent==="string"){return bU.textContent}else{if(typeof bU.innerText==="string"){return bU.innerText.replace(bO,"")}else{for(bU=bU.firstChild;bU;bU=bU.nextSibling){bR+=bw(bU)}}}}else{if(e===3||e===4){return bU.nodeValue}}}else{for(bS=0;(bT=bU[bS]);bS++){if(bT.nodeType!==8){bR+=bw(bT)}}}return bR};var bE=by.selectors={order:["ID","NAME","TAG"],match:{ID:/#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,CLASS:/\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,NAME:/\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/,ATTR:/\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/,TAG:/^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/,POS:/:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/,PSEUDO:/:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/},leftMatch:{},attrMap:{"class":"className","for":"htmlFor"},attrHandle:{href:function(e){return e.getAttribute("href")},type:function(e){return e.getAttribute("type")}},relative:{"+":function(bW,bR){var bT=typeof bR==="string",bV=bT&&!bQ.test(bR),bX=bT&&!bV;if(bV){bR=bR.toLowerCase()}for(var bS=0,e=bW.length,bU;bS<e;bS++){if((bU=bW[bS])){while((bU=bU.previousSibling)&&bU.nodeType!==1){}bW[bS]=bX||bU&&bU.nodeName.toLowerCase()===bR?bU||false:bU===bR}}if(bX){by.filter(bR,bW,true)}},">":function(bW,bR){var bV,bU=typeof bR==="string",bS=0,e=bW.length;if(bU&&!bQ.test(bR)){bR=bR.toLowerCase();for(;bS<e;bS++){bV=bW[bS];if(bV){var bT=bV.parentNode;bW[bS]=bT.nodeName.toLowerCase()===bR?bT:false}}}else{for(;bS<e;bS++){bV=bW[bS];if(bV){bW[bS]=bU?bV.parentNode:bV.parentNode===bR}}if(bU){by.filter(bR,bW,true)}}},"":function(bT,bR,bV){var bU,bS=bI++,e=bN;if(typeof bR==="string"&&!bQ.test(bR)){bR=bR.toLowerCase();bU=bR;e=bv}e("parentNode",bR,bS,bT,bU,bV)},"~":function(bT,bR,bV){var bU,bS=bI++,e=bN;if(typeof bR==="string"&&!bQ.test(bR)){bR=bR.toLowerCase();bU=bR;e=bv}e("previousSibling",bR,bS,bT,bU,bV)}},find:{ID:function(bR,bS,bT){if(typeof bS.getElementById!=="undefined"&&!bT){var e=bS.getElementById(bR[1]);return e&&e.parentNode?[e]:[]}},NAME:function(bS,bV){if(typeof bV.getElementsByName!=="undefined"){var bR=[],bU=bV.getElementsByName(bS[1]);for(var bT=0,e=bU.length;bT<e;bT++){if(bU[bT].getAttribute("name")===bS[1]){bR.push(bU[bT])}}return bR.length===0?null:bR}},TAG:function(e,bR){if(typeof bR.getElementsByTagName!=="undefined"){return bR.getElementsByTagName(e[1])}}},preFilter:{CLASS:function(bT,bR,bS,e,bW,bX){bT=" "+bT[1].replace(bK,"")+" ";if(bX){return bT}for(var bU=0,bV;(bV=bR[bU])!=null;bU++){if(bV){if(bW^(bV.className&&(" "+bV.className+" ").replace(/[\t\n\r]/g," ").indexOf(bT)>=0)){if(!bS){e.push(bV)}}else{if(bS){bR[bU]=false}}}}return false},ID:function(e){return e[1].replace(bK,"")},TAG:function(bR,e){return bR[1].replace(bK,"").toLowerCase()},CHILD:function(e){if(e[1]==="nth"){if(!e[2]){by.error(e[0])}e[2]=e[2].replace(/^\+|\s*/g,"");var bR=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(e[2]==="even"&&"2n"||e[2]==="odd"&&"2n+1"||!/\D/.test(e[2])&&"0n+"+e[2]||e[2]);e[2]=(bR[1]+(bR[2]||1))-0;e[3]=bR[3]-0}else{if(e[2]){by.error(e[0])}}e[0]=bI++;return e},ATTR:function(bU,bR,bS,e,bV,bW){var bT=bU[1]=bU[1].replace(bK,"");if(!bW&&bE.attrMap[bT]){bU[1]=bE.attrMap[bT]}bU[4]=(bU[4]||bU[5]||"").replace(bK,"");if(bU[2]==="~="){bU[4]=" "+bU[4]+" "}return bU},PSEUDO:function(bU,bR,bS,e,bV){if(bU[1]==="not"){if((bH.exec(bU[3])||"").length>1||/^\w/.test(bU[3])){bU[3]=by(bU[3],null,null,bR)}else{var bT=by.filter(bU[3],bR,bS,true^bV);if(!bS){e.push.apply(e,bT)}return false}}else{if(bE.match.POS.test(bU[0])||bE.match.CHILD.test(bU[0])){return true}}return bU},POS:function(e){e.unshift(true);return e}},filters:{enabled:function(e){return e.disabled===false&&e.type!=="hidden"},disabled:function(e){return e.disabled===true},checked:function(e){return e.checked===true},selected:function(e){if(e.parentNode){e.parentNode.selectedIndex}return e.selected===true},parent:function(e){return !!e.firstChild},empty:function(e){return !e.firstChild},has:function(bS,bR,e){return !!by(e[3],bS).length},header:function(e){return(/h\d/i).test(e.nodeName)},text:function(bS){var e=bS.getAttribute("type"),bR=bS.type;return bS.nodeName.toLowerCase()==="input"&&"text"===bR&&(e===bR||e===null)},radio:function(e){return e.nodeName.toLowerCase()==="input"&&"radio"===e.type},checkbox:function(e){return e.nodeName.toLowerCase()==="input"&&"checkbox"===e.type},file:function(e){return e.nodeName.toLowerCase()==="input"&&"file"===e.type},password:function(e){return e.nodeName.toLowerCase()==="input"&&"password"===e.type},submit:function(bR){var e=bR.nodeName.toLowerCase();return(e==="input"||e==="button")&&"submit"===bR.type},image:function(e){return e.nodeName.toLowerCase()==="input"&&"image"===e.type},reset:function(bR){var e=bR.nodeName.toLowerCase();return(e==="input"||e==="button")&&"reset"===bR.type},button:function(bR){var e=bR.nodeName.toLowerCase();return e==="input"&&"button"===bR.type||e==="button"},input:function(e){return(/input|select|textarea|button/i).test(e.nodeName)},focus:function(e){return e===e.ownerDocument.activeElement}},setFilters:{first:function(bR,e){return e===0},last:function(bS,bR,e,bT){return bR===bT.length-1},even:function(bR,e){return e%2===0},odd:function(bR,e){return e%2===1},lt:function(bS,bR,e){return bR<e[3]-0},gt:function(bS,bR,e){return bR>e[3]-0},nth:function(bS,bR,e){return e[3]-0===bR},eq:function(bS,bR,e){return e[3]-0===bR}},filter:{PSEUDO:function(bS,bX,bW,bY){var e=bX[1],bR=bE.filters[e];if(bR){return bR(bS,bW,bX,bY)}else{if(e==="contains"){return(bS.textContent||bS.innerText||bw([bS])||"").indexOf(bX[3])>=0}else{if(e==="not"){var bT=bX[3];for(var bV=0,bU=bT.length;bV<bU;bV++){if(bT[bV]===bS){return false}}return true}else{by.error(e)}}}},CHILD:function(bS,bU){var bT,b0,bW,bZ,e,bV,bY,bX=bU[1],bR=bS;switch(bX){case"only":case"first":while((bR=bR.previousSibling)){if(bR.nodeType===1){return false}}if(bX==="first"){return true}bR=bS;case"last":while((bR=bR.nextSibling)){if(bR.nodeType===1){return false}}return true;case"nth":bT=bU[2];b0=bU[3];if(bT===1&&b0===0){return true}bW=bU[0];bZ=bS.parentNode;if(bZ&&(bZ[bC]!==bW||!bS.nodeIndex)){bV=0;for(bR=bZ.firstChild;bR;bR=bR.nextSibling){if(bR.nodeType===1){bR.nodeIndex=++bV}}bZ[bC]=bW}bY=bS.nodeIndex-b0;if(bT===0){return bY===0}else{return(bY%bT===0&&bY/bT>=0)}}},ID:function(bR,e){return bR.nodeType===1&&bR.getAttribute("id")===e},TAG:function(bR,e){return(e==="*"&&bR.nodeType===1)||!!bR.nodeName&&bR.nodeName.toLowerCase()===e},CLASS:function(bR,e){return(" "+(bR.className||bR.getAttribute("class"))+" ").indexOf(e)>-1},ATTR:function(bV,bT){var bS=bT[1],e=by.attr?by.attr(bV,bS):bE.attrHandle[bS]?bE.attrHandle[bS](bV):bV[bS]!=null?bV[bS]:bV.getAttribute(bS),bW=e+"",bU=bT[2],bR=bT[4];return e==null?bU==="!=":!bU&&by.attr?e!=null:bU==="="?bW===bR:bU==="*="?bW.indexOf(bR)>=0:bU==="~="?(" "+bW+" ").indexOf(bR)>=0:!bR?bW&&e!==false:bU==="!="?bW!==bR:bU==="^="?bW.indexOf(bR)===0:bU==="$="?bW.substr(bW.length-bR.length)===bR:bU==="|="?bW===bR||bW.substr(0,bR.length+1)===bR+"-":false},POS:function(bU,bR,bS,bV){var e=bR[2],bT=bE.setFilters[e];if(bT){return bT(bU,bS,bR,bV)}}}};var bD=bE.match.POS,bx=function(bR,e){return"\\"+(e-0+1)};for(var bz in bE.match){bE.match[bz]=new RegExp(bE.match[bz].source+(/(?![^\[]*\])(?![^\(]*\))/.source));bE.leftMatch[bz]=new RegExp(/(^(?:.|\r|\n)*?)/.source+bE.match[bz].source.replace(/\\(\d+)/g,bx))}var bF=function(bR,e){bR=Array.prototype.slice.call(bR,0);if(e){e.push.apply(e,bR);return e}return bR};try{Array.prototype.slice.call(av.documentElement.childNodes,0)[0].nodeType}catch(bP){bF=function(bU,bT){var bS=0,bR=bT||[];if(bL.call(bU)==="[object Array]"){Array.prototype.push.apply(bR,bU)}else{if(typeof bU.length==="number"){for(var e=bU.length;bS<e;bS++){bR.push(bU[bS])}}else{for(;bU[bS];bS++){bR.push(bU[bS])}}}return bR}}var bJ,bG;if(av.documentElement.compareDocumentPosition){bJ=function(bR,e){if(bR===e){bB=true;return 0}if(!bR.compareDocumentPosition||!e.compareDocumentPosition){return bR.compareDocumentPosition?-1:1}return bR.compareDocumentPosition(e)&4?-1:1}}else{bJ=function(bY,bX){if(bY===bX){bB=true;return 0}else{if(bY.sourceIndex&&bX.sourceIndex){return bY.sourceIndex-bX.sourceIndex}}var bV,bR,bS=[],e=[],bU=bY.parentNode,bW=bX.parentNode,bZ=bU;if(bU===bW){return bG(bY,bX)}else{if(!bU){return -1}else{if(!bW){return 1}}}while(bZ){bS.unshift(bZ);bZ=bZ.parentNode}bZ=bW;while(bZ){e.unshift(bZ);bZ=bZ.parentNode}bV=bS.length;bR=e.length;for(var bT=0;bT<bV&&bT<bR;bT++){if(bS[bT]!==e[bT]){return bG(bS[bT],e[bT])}}return bT===bV?bG(bY,e[bT],-1):bG(bS[bT],bX,1)};bG=function(bR,e,bS){if(bR===e){return bS}var bT=bR.nextSibling;while(bT){if(bT===e){return -1}bT=bT.nextSibling}return 1}}(function(){var bR=av.createElement("div"),bS="script"+(new Date()).getTime(),e=av.documentElement;bR.innerHTML="<a name='"+bS+"'/>";e.insertBefore(bR,e.firstChild);if(av.getElementById(bS)){bE.find.ID=function(bU,bV,bW){if(typeof bV.getElementById!=="undefined"&&!bW){var bT=bV.getElementById(bU[1]);return bT?bT.id===bU[1]||typeof bT.getAttributeNode!=="undefined"&&bT.getAttributeNode("id").nodeValue===bU[1]?[bT]:L:[]}};bE.filter.ID=function(bV,bT){var bU=typeof bV.getAttributeNode!=="undefined"&&bV.getAttributeNode("id");return bV.nodeType===1&&bU&&bU.nodeValue===bT}}e.removeChild(bR);e=bR=null})();(function(){var e=av.createElement("div");e.appendChild(av.createComment(""));if(e.getElementsByTagName("*").length>0){bE.find.TAG=function(bR,bV){var bU=bV.getElementsByTagName(bR[1]);if(bR[1]==="*"){var bT=[];for(var bS=0;bU[bS];bS++){if(bU[bS].nodeType===1){bT.push(bU[bS])}}bU=bT}return bU}}e.innerHTML="<a href='#'></a>";if(e.firstChild&&typeof e.firstChild.getAttribute!=="undefined"&&e.firstChild.getAttribute("href")!=="#"){bE.attrHandle.href=function(bR){return bR.getAttribute("href",2)}}e=null})();if(av.querySelectorAll){(function(){var e=by,bT=av.createElement("div"),bS="__sizzle__";bT.innerHTML="<p class='TEST'></p>";if(bT.querySelectorAll&&bT.querySelectorAll(".TEST").length===0){return}by=function(b4,bV,bZ,b3){bV=bV||av;if(!b3&&!by.isXML(bV)){var b2=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b4);if(b2&&(bV.nodeType===1||bV.nodeType===9)){if(b2[1]){return bF(bV.getElementsByTagName(b4),bZ)}else{if(b2[2]&&bE.find.CLASS&&bV.getElementsByClassName){return bF(bV.getElementsByClassName(b2[2]),bZ)}}}if(bV.nodeType===9){if(b4==="body"&&bV.body){return bF([bV.body],bZ)}else{if(b2&&b2[3]){var bY=bV.getElementById(b2[3]);if(bY&&bY.parentNode){if(bY.id===b2[3]){return bF([bY],bZ)}}else{return bF([],bZ)}}}try{return bF(bV.querySelectorAll(b4),bZ)}catch(b0){}}else{if(bV.nodeType===1&&bV.nodeName.toLowerCase()!=="object"){var bW=bV,bX=bV.getAttribute("id"),bU=bX||bS,b6=bV.parentNode,b5=/^\s*[+~]/.test(b4);if(!bX){bV.setAttribute("id",bU)}else{bU=bU.replace(/'/g,"\\$&")}if(b5&&b6){bV=bV.parentNode}try{if(!b5||b6){return bF(bV.querySelectorAll("[id='"+bU+"'] "+b4),bZ)}}catch(b1){}finally{if(!bX){bW.removeAttribute("id")}}}}}return e(b4,bV,bZ,b3)};for(var bR in e){by[bR]=e[bR]}bT=null})()}(function(){var e=av.documentElement,bS=e.matchesSelector||e.mozMatchesSelector||e.webkitMatchesSelector||e.msMatchesSelector;if(bS){var bU=!bS.call(av.createElement("div"),"div"),bR=false;try{bS.call(av.documentElement,"[test!='']:sizzle")}catch(bT){bR=true}by.matchesSelector=function(bW,bY){bY=bY.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!by.isXML(bW)){try{if(bR||!bE.match.PSEUDO.test(bY)&&!/!=/.test(bY)){var bV=bS.call(bW,bY);if(bV||!bU||bW.document&&bW.document.nodeType!==11){return bV}}}catch(bX){}}return by(bY,null,null,[bW]).length>0}}})();(function(){var e=av.createElement("div");e.innerHTML="<div class='test e'></div><div class='test'></div>";if(!e.getElementsByClassName||e.getElementsByClassName("e").length===0){return}e.lastChild.className="e";if(e.getElementsByClassName("e").length===1){return}bE.order.splice(1,0,"CLASS");bE.find.CLASS=function(bR,bS,bT){if(typeof bS.getElementsByClassName!=="undefined"&&!bT){return bS.getElementsByClassName(bR[1])}};e=null})();function bv(bR,bW,bV,bZ,bX,bY){for(var bT=0,bS=bZ.length;bT<bS;bT++){var e=bZ[bT];if(e){var bU=false;e=e[bR];while(e){if(e[bC]===bV){bU=bZ[e.sizset];break}if(e.nodeType===1&&!bY){e[bC]=bV;e.sizset=bT}if(e.nodeName.toLowerCase()===bW){bU=e;break}e=e[bR]}bZ[bT]=bU}}}function bN(bR,bW,bV,bZ,bX,bY){for(var bT=0,bS=bZ.length;bT<bS;bT++){var e=bZ[bT];if(e){var bU=false;e=e[bR];while(e){if(e[bC]===bV){bU=bZ[e.sizset];break}if(e.nodeType===1){if(!bY){e[bC]=bV;e.sizset=bT}if(typeof bW!=="string"){if(e===bW){bU=true;break}}else{if(by.filter(bW,[e]).length>0){bU=e;break}}}e=e[bR]}bZ[bT]=bU}}}if(av.documentElement.contains){by.contains=function(bR,e){return bR!==e&&(bR.contains?bR.contains(e):true)}}else{if(av.documentElement.compareDocumentPosition){by.contains=function(bR,e){return !!(bR.compareDocumentPosition(e)&16)}}else{by.contains=function(){return false}}}by.isXML=function(e){var bR=(e?e.ownerDocument||e:0).documentElement;return bR?bR.nodeName!=="HTML":false};var bM=function(bS,e,bW){var bV,bX=[],bU="",bY=e.nodeType?[e]:e;while((bV=bE.match.PSEUDO.exec(bS))){bU+=bV[0];bS=bS.replace(bE.match.PSEUDO,"")}bS=bE.relative[bS]?bS+"*":bS;for(var bT=0,bR=bY.length;bT<bR;bT++){by(bS,bY[bT],bX,bW)}return by.filter(bU,bX)};by.attr=b.attr;by.selectors.attrMap={};b.find=by;b.expr=by.selectors;b.expr[":"]=b.expr.filters;b.unique=by.uniqueSort;b.text=by.getText;b.isXMLDoc=by.isXML;b.contains=by.contains})();var ab=/Until$/,aq=/^(?:parents|prevUntil|prevAll)/,a9=/,/,bp=/^.[^:#\[\.,]*$/,P=Array.prototype.slice,H=b.expr.match.POS,ay={children:true,contents:true,next:true,prev:true};b.fn.extend({find:function(e){var bw=this,by,bv;if(typeof e!=="string"){return b(e).filter(function(){for(by=0,bv=bw.length;by<bv;by++){if(b.contains(bw[by],this)){return true}}})}var bx=this.pushStack("","find",e),bA,bB,bz;for(by=0,bv=this.length;by<bv;by++){bA=bx.length;b.find(e,this[by],bx);if(by>0){for(bB=bA;bB<bx.length;bB++){for(bz=0;bz<bA;bz++){if(bx[bz]===bx[bB]){bx.splice(bB--,1);break}}}}}return bx},has:function(bv){var e=b(bv);return this.filter(function(){for(var bx=0,bw=e.length;bx<bw;bx++){if(b.contains(this,e[bx])){return true}}})},not:function(e){return this.pushStack(aG(this,e,false),"not",e)},filter:function(e){return this.pushStack(aG(this,e,true),"filter",e)},is:function(e){return !!e&&(typeof e==="string"?H.test(e)?b(e,this.context).index(this[0])>=0:b.filter(e,this).length>0:this.filter(e).length>0)},closest:function(by,bx){var bv=[],bw,e,bz=this[0];if(b.isArray(by)){var bB=1;while(bz&&bz.ownerDocument&&bz!==bx){for(bw=0;bw<by.length;bw++){if(b(bz).is(by[bw])){bv.push({selector:by[bw],elem:bz,level:bB})}}bz=bz.parentNode;bB++}return bv}var bA=H.test(by)||typeof by!=="string"?b(by,bx||this.context):0;for(bw=0,e=this.length;bw<e;bw++){bz=this[bw];while(bz){if(bA?bA.index(bz)>-1:b.find.matchesSelector(bz,by)){bv.push(bz);break}else{bz=bz.parentNode;if(!bz||!bz.ownerDocument||bz===bx||bz.nodeType===11){break}}}}bv=bv.length>1?b.unique(bv):bv;return this.pushStack(bv,"closest",by)},index:function(e){if(!e){return(this[0]&&this[0].parentNode)?this.prevAll().length:-1}if(typeof e==="string"){return b.inArray(this[0],b(e))}return b.inArray(e.jquery?e[0]:e,this)},add:function(e,bv){var bx=typeof e==="string"?b(e,bv):b.makeArray(e&&e.nodeType?[e]:e),bw=b.merge(this.get(),bx);return this.pushStack(C(bx[0])||C(bw[0])?bw:b.unique(bw))},andSelf:function(){return this.add(this.prevObject)}});function C(e){return !e||!e.parentNode||e.parentNode.nodeType===11}b.each({parent:function(bv){var e=bv.parentNode;return e&&e.nodeType!==11?e:null},parents:function(e){return b.dir(e,"parentNode")},parentsUntil:function(bv,e,bw){return b.dir(bv,"parentNode",bw)},next:function(e){return b.nth(e,2,"nextSibling")},prev:function(e){return b.nth(e,2,"previousSibling")},nextAll:function(e){return b.dir(e,"nextSibling")},prevAll:function(e){return b.dir(e,"previousSibling")},nextUntil:function(bv,e,bw){return b.dir(bv,"nextSibling",bw)},prevUntil:function(bv,e,bw){return b.dir(bv,"previousSibling",bw)},siblings:function(e){return b.sibling(e.parentNode.firstChild,e)},children:function(e){return b.sibling(e.firstChild)},contents:function(e){return b.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:b.makeArray(e.childNodes)}},function(e,bv){b.fn[e]=function(by,bw){var bx=b.map(this,bv,by);if(!ab.test(e)){bw=by}if(bw&&typeof bw==="string"){bx=b.filter(bw,bx)}bx=this.length>1&&!ay[e]?b.unique(bx):bx;if((this.length>1||a9.test(bw))&&aq.test(e)){bx=bx.reverse()}return this.pushStack(bx,e,P.call(arguments).join(","))}});b.extend({filter:function(bw,e,bv){if(bv){bw=":not("+bw+")"}return e.length===1?b.find.matchesSelector(e[0],bw)?[e[0]]:[]:b.find.matches(bw,e)},dir:function(bw,bv,by){var e=[],bx=bw[bv];while(bx&&bx.nodeType!==9&&(by===L||bx.nodeType!==1||!b(bx).is(by))){if(bx.nodeType===1){e.push(bx)}bx=bx[bv]}return e},nth:function(by,e,bw,bx){e=e||1;var bv=0;for(;by;by=by[bw]){if(by.nodeType===1&&++bv===e){break}}return by},sibling:function(bw,bv){var e=[];for(;bw;bw=bw.nextSibling){if(bw.nodeType===1&&bw!==bv){e.push(bw)}}return e}});function aG(bx,bw,e){bw=bw||0;if(b.isFunction(bw)){return b.grep(bx,function(bz,by){var bA=!!bw.call(bz,by,bz);return bA===e})}else{if(bw.nodeType){return b.grep(bx,function(bz,by){return(bz===bw)===e})}else{if(typeof bw==="string"){var bv=b.grep(bx,function(by){return by.nodeType===1});if(bp.test(bw)){return b.filter(bw,bv,!e)}else{bw=b.filter(bw,bv)}}}}return b.grep(bx,function(bz,by){return(b.inArray(bz,bw)>=0)===e})}function a(e){var bw=aR.split("|"),bv=e.createDocumentFragment();if(bv.createElement){while(bw.length){bv.createElement(bw.pop())}}return bv}var aR="abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",ag=/ jQuery\d+="(?:\d+|null)"/g,ar=/^\s+/,R=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,d=/<([\w:]+)/,w=/<tbody/i,W=/<|&#?\w+;/,ae=/<(?:script|style)/i,O=/<(?:script|object|embed|option|style)/i,ah=new RegExp("<(?:"+aR+")","i"),o=/checked\s*(?:[^=]|=\s*.checked.)/i,bm=/\/(java|ecma)script/i,aN=/^\s*<!(?:\[CDATA\[|\-\-)/,ax={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},ac=a(av);ax.optgroup=ax.option;ax.tbody=ax.tfoot=ax.colgroup=ax.caption=ax.thead;ax.th=ax.td;if(!b.support.htmlSerialize){ax._default=[1,"div<div>","</div>"]}b.fn.extend({text:function(e){if(b.isFunction(e)){return this.each(function(bw){var bv=b(this);bv.text(e.call(this,bw,bv.text()))})}if(typeof e!=="object"&&e!==L){return this.empty().append((this[0]&&this[0].ownerDocument||av).createTextNode(e))}return b.text(this)},wrapAll:function(e){if(b.isFunction(e)){return this.each(function(bw){b(this).wrapAll(e.call(this,bw))})}if(this[0]){var bv=b(e,this[0].ownerDocument).eq(0).clone(true);if(this[0].parentNode){bv.insertBefore(this[0])}bv.map(function(){var bw=this;while(bw.firstChild&&bw.firstChild.nodeType===1){bw=bw.firstChild}return bw}).append(this)}return this},wrapInner:function(e){if(b.isFunction(e)){return this.each(function(bv){b(this).wrapInner(e.call(this,bv))})}return this.each(function(){var bv=b(this),bw=bv.contents();if(bw.length){bw.wrapAll(e)}else{bv.append(e)}})},wrap:function(e){var bv=b.isFunction(e);return this.each(function(bw){b(this).wrapAll(bv?e.call(this,bw):e)})},unwrap:function(){return this.parent().each(function(){if(!b.nodeName(this,"body")){b(this).replaceWith(this.childNodes)}}).end()},append:function(){return this.domManip(arguments,true,function(e){if(this.nodeType===1){this.appendChild(e)}})},prepend:function(){return this.domManip(arguments,true,function(e){if(this.nodeType===1){this.insertBefore(e,this.firstChild)}})},before:function(){if(this[0]&&this[0].parentNode){return this.domManip(arguments,false,function(bv){this.parentNode.insertBefore(bv,this)})}else{if(arguments.length){var e=b.clean(arguments);e.push.apply(e,this.toArray());return this.pushStack(e,"before",arguments)}}},after:function(){if(this[0]&&this[0].parentNode){return this.domManip(arguments,false,function(bv){this.parentNode.insertBefore(bv,this.nextSibling)})}else{if(arguments.length){var e=this.pushStack(this,"after",arguments);e.push.apply(e,b.clean(arguments));return e}}},remove:function(e,bx){for(var bv=0,bw;(bw=this[bv])!=null;bv++){if(!e||b.filter(e,[bw]).length){if(!bx&&bw.nodeType===1){b.cleanData(bw.getElementsByTagName("*"));b.cleanData([bw])}if(bw.parentNode){bw.parentNode.removeChild(bw)}}}return this},empty:function(){for(var e=0,bv;(bv=this[e])!=null;e++){if(bv.nodeType===1){b.cleanData(bv.getElementsByTagName("*"))}while(bv.firstChild){bv.removeChild(bv.firstChild)}}return this},clone:function(bv,e){bv=bv==null?false:bv;e=e==null?bv:e;return this.map(function(){return b.clone(this,bv,e)})},html:function(bx){if(bx===L){return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(ag,""):null}else{if(typeof bx==="string"&&!ae.test(bx)&&(b.support.leadingWhitespace||!ar.test(bx))&&!ax[(d.exec(bx)||["",""])[1].toLowerCase()]){bx=bx.replace(R,"<$1></$2>");try{for(var bw=0,bv=this.length;bw<bv;bw++){if(this[bw].nodeType===1){b.cleanData(this[bw].getElementsByTagName("*"));this[bw].innerHTML=bx}}}catch(by){this.empty().append(bx)}}else{if(b.isFunction(bx)){this.each(function(bz){var e=b(this);e.html(bx.call(this,bz,e.html()))})}else{this.empty().append(bx)}}}return this},replaceWith:function(e){if(this[0]&&this[0].parentNode){if(b.isFunction(e)){return this.each(function(bx){var bw=b(this),bv=bw.html();bw.replaceWith(e.call(this,bx,bv))})}if(typeof e!=="string"){e=b(e).detach()}return this.each(function(){var bw=this.nextSibling,bv=this.parentNode;b(this).remove();if(bw){b(bw).before(e)}else{b(bv).append(e)}})}else{return this.length?this.pushStack(b(b.isFunction(e)?e():e),"replaceWith",e):this}},detach:function(e){return this.remove(e,true)},domManip:function(bB,bF,bE){var bx,by,bA,bD,bC=bB[0],bv=[];if(!b.support.checkClone&&arguments.length===3&&typeof bC==="string"&&o.test(bC)){return this.each(function(){b(this).domManip(bB,bF,bE,true)})}if(b.isFunction(bC)){return this.each(function(bH){var bG=b(this);bB[0]=bC.call(this,bH,bF?bG.html():L);bG.domManip(bB,bF,bE)})}if(this[0]){bD=bC&&bC.parentNode;if(b.support.parentNode&&bD&&bD.nodeType===11&&bD.childNodes.length===this.length){bx={fragment:bD}}else{bx=b.buildFragment(bB,this,bv)}bA=bx.fragment;if(bA.childNodes.length===1){by=bA=bA.firstChild}else{by=bA.firstChild}if(by){bF=bF&&b.nodeName(by,"tr");for(var bw=0,e=this.length,bz=e-1;bw<e;bw++){bE.call(bF?ba(this[bw],by):this[bw],bx.cacheable||(e>1&&bw<bz)?b.clone(bA,true,true):bA)}}if(bv.length){b.each(bv,bo)}}return this}});function ba(e,bv){return b.nodeName(e,"table")?(e.getElementsByTagName("tbody")[0]||e.appendChild(e.ownerDocument.createElement("tbody"))):e}function t(bB,bv){if(bv.nodeType!==1||!b.hasData(bB)){return}var by,bx,e,bA=b._data(bB),bz=b._data(bv,bA),bw=bA.events;if(bw){delete bz.handle;bz.events={};for(by in bw){for(bx=0,e=bw[by].length;bx<e;bx++){b.event.add(bv,by+(bw[by][bx].namespace?".":"")+bw[by][bx].namespace,bw[by][bx],bw[by][bx].data)}}}if(bz.data){bz.data=b.extend({},bz.data)}}function ai(bv,e){var bw;if(e.nodeType!==1){return}if(e.clearAttributes){e.clearAttributes()}if(e.mergeAttributes){e.mergeAttributes(bv)}bw=e.nodeName.toLowerCase();if(bw==="object"){e.outerHTML=bv.outerHTML}else{if(bw==="input"&&(bv.type==="checkbox"||bv.type==="radio")){if(bv.checked){e.defaultChecked=e.checked=bv.checked}if(e.value!==bv.value){e.value=bv.value}}else{if(bw==="option"){e.selected=bv.defaultSelected}else{if(bw==="input"||bw==="textarea"){e.defaultValue=bv.defaultValue}}}}e.removeAttribute(b.expando)}b.buildFragment=function(bz,bx,bv){var by,e,bw,bA,bB=bz[0];if(bx&&bx[0]){bA=bx[0].ownerDocument||bx[0]}if(!bA.createDocumentFragment){bA=av}if(bz.length===1&&typeof bB==="string"&&bB.length<512&&bA===av&&bB.charAt(0)==="<"&&!O.test(bB)&&(b.support.checkClone||!o.test(bB))&&(b.support.html5Clone||!ah.test(bB))){e=true;bw=b.fragments[bB];if(bw&&bw!==1){by=bw}}if(!by){by=bA.createDocumentFragment();b.clean(bz,bA,by,bv)}if(e){b.fragments[bB]=bw?by:1}return{fragment:by,cacheable:e}};b.fragments={};b.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,bv){b.fn[e]=function(bw){var bz=[],bC=b(bw),bB=this.length===1&&this[0].parentNode;if(bB&&bB.nodeType===11&&bB.childNodes.length===1&&bC.length===1){bC[bv](this[0]);return this}else{for(var bA=0,bx=bC.length;bA<bx;bA++){var by=(bA>0?this.clone(true):this).get();b(bC[bA])[bv](by);bz=bz.concat(by)}return this.pushStack(bz,e,bC.selector)}}});function bg(e){if(typeof e.getElementsByTagName!=="undefined"){return e.getElementsByTagName("*")}else{if(typeof e.querySelectorAll!=="undefined"){return e.querySelectorAll("*")}else{return[]}}}function az(e){if(e.type==="checkbox"||e.type==="radio"){e.defaultChecked=e.checked}}function E(e){var bv=(e.nodeName||"").toLowerCase();if(bv==="input"){az(e)}else{if(bv!=="script"&&typeof e.getElementsByTagName!=="undefined"){b.grep(e.getElementsByTagName("input"),az)}}}function al(e){var bv=av.createElement("div");ac.appendChild(bv);bv.innerHTML=e.outerHTML;return bv.firstChild}b.extend({clone:function(by,bA,bw){var e,bv,bx,bz=b.support.html5Clone||!ah.test("<"+by.nodeName)?by.cloneNode(true):al(by);if((!b.support.noCloneEvent||!b.support.noCloneChecked)&&(by.nodeType===1||by.nodeType===11)&&!b.isXMLDoc(by)){ai(by,bz);e=bg(by);bv=bg(bz);for(bx=0;e[bx];++bx){if(bv[bx]){ai(e[bx],bv[bx])}}}if(bA){t(by,bz);if(bw){e=bg(by);bv=bg(bz);for(bx=0;e[bx];++bx){t(e[bx],bv[bx])}}}e=bv=null;return bz},clean:function(bw,by,bH,bA){var bF;by=by||av;if(typeof by.createElement==="undefined"){by=by.ownerDocument||by[0]&&by[0].ownerDocument||av}var bI=[],bB;for(var bE=0,bz;(bz=bw[bE])!=null;bE++){if(typeof bz==="number"){bz+=""}if(!bz){continue}if(typeof bz==="string"){if(!W.test(bz)){bz=by.createTextNode(bz)}else{bz=bz.replace(R,"<$1></$2>");var bK=(d.exec(bz)||["",""])[1].toLowerCase(),bx=ax[bK]||ax._default,bD=bx[0],bv=by.createElement("div");if(by===av){ac.appendChild(bv)}else{a(by).appendChild(bv)}bv.innerHTML=bx[1]+bz+bx[2];while(bD--){bv=bv.lastChild}if(!b.support.tbody){var e=w.test(bz),bC=bK==="table"&&!e?bv.firstChild&&bv.firstChild.childNodes:bx[1]==="<table>"&&!e?bv.childNodes:[];for(bB=bC.length-1;bB>=0;--bB){if(b.nodeName(bC[bB],"tbody")&&!bC[bB].childNodes.length){bC[bB].parentNode.removeChild(bC[bB])}}}if(!b.support.leadingWhitespace&&ar.test(bz)){bv.insertBefore(by.createTextNode(ar.exec(bz)[0]),bv.firstChild)}bz=bv.childNodes}}var bG;if(!b.support.appendChecked){if(bz[0]&&typeof(bG=bz.length)==="number"){for(bB=0;bB<bG;bB++){E(bz[bB])}}else{E(bz)}}if(bz.nodeType){bI.push(bz)}else{bI=b.merge(bI,bz)}}if(bH){bF=function(bL){return !bL.type||bm.test(bL.type)};for(bE=0;bI[bE];bE++){if(bA&&b.nodeName(bI[bE],"script")&&(!bI[bE].type||bI[bE].type.toLowerCase()==="text/javascript")){bA.push(bI[bE].parentNode?bI[bE].parentNode.removeChild(bI[bE]):bI[bE])}else{if(bI[bE].nodeType===1){var bJ=b.grep(bI[bE].getElementsByTagName("script"),bF);bI.splice.apply(bI,[bE+1,0].concat(bJ))}bH.appendChild(bI[bE])}}}return bI},cleanData:function(bv){var by,bw,e=b.cache,bB=b.event.special,bA=b.support.deleteExpando;for(var bz=0,bx;(bx=bv[bz])!=null;bz++){if(bx.nodeName&&b.noData[bx.nodeName.toLowerCase()]){continue}bw=bx[b.expando];if(bw){by=e[bw];if(by&&by.events){for(var bC in by.events){if(bB[bC]){b.event.remove(bx,bC)}else{b.removeEvent(bx,bC,by.handle)}}if(by.handle){by.handle.elem=null}}if(bA){delete bx[b.expando]}else{if(bx.removeAttribute){bx.removeAttribute(b.expando)}}delete e[bw]}}}});function bo(e,bv){if(bv.src){b.ajax({url:bv.src,async:false,dataType:"script"})}else{b.globalEval((bv.text||bv.textContent||bv.innerHTML||"").replace(aN,"/*$0*/"))}if(bv.parentNode){bv.parentNode.removeChild(bv)}}var ak=/alpha\([^)]*\)/i,au=/opacity=([^)]*)/,z=/([A-Z]|^ms)/g,bc=/^-?\d+(?:px)?$/i,bn=/^-?\d/,I=/^([\-+])=([\-+.\de]+)/,a7={position:"absolute",visibility:"hidden",display:"block"},an=["Left","Right"],a1=["Top","Bottom"],Z,aI,aX;b.fn.css=function(e,bv){if(arguments.length===2&&bv===L){return this}return b.access(this,e,bv,true,function(bx,bw,by){return by!==L?b.style(bx,bw,by):b.css(bx,bw)})};b.extend({cssHooks:{opacity:{get:function(bw,bv){if(bv){var e=Z(bw,"opacity","opacity");return e===""?"1":e}else{return bw.style.opacity}}}},cssNumber:{fillOpacity:true,fontWeight:true,lineHeight:true,opacity:true,orphans:true,widows:true,zIndex:true,zoom:true},cssProps:{"float":b.support.cssFloat?"cssFloat":"styleFloat"},style:function(bx,bw,bD,by){if(!bx||bx.nodeType===3||bx.nodeType===8||!bx.style){return}var bB,bC,bz=b.camelCase(bw),bv=bx.style,bE=b.cssHooks[bz];bw=b.cssProps[bz]||bz;if(bD!==L){bC=typeof bD;if(bC==="string"&&(bB=I.exec(bD))){bD=(+(bB[1]+1)*+bB[2])+parseFloat(b.css(bx,bw));bC="number"}if(bD==null||bC==="number"&&isNaN(bD)){return}if(bC==="number"&&!b.cssNumber[bz]){bD+="px"}if(!bE||!("set" in bE)||(bD=bE.set(bx,bD))!==L){try{bv[bw]=bD}catch(bA){}}}else{if(bE&&"get" in bE&&(bB=bE.get(bx,false,by))!==L){return bB}return bv[bw]}},css:function(by,bx,bv){var bw,e;bx=b.camelCase(bx);e=b.cssHooks[bx];bx=b.cssProps[bx]||bx;if(bx==="cssFloat"){bx="float"}if(e&&"get" in e&&(bw=e.get(by,true,bv))!==L){return bw}else{if(Z){return Z(by,bx)}}},swap:function(bx,bw,by){var e={};for(var bv in bw){e[bv]=bx.style[bv];bx.style[bv]=bw[bv]}by.call(bx);for(bv in bw){bx.style[bv]=e[bv]}}});b.curCSS=b.css;b.each(["height","width"],function(bv,e){b.cssHooks[e]={get:function(by,bx,bw){var bz;if(bx){if(by.offsetWidth!==0){return p(by,e,bw)}else{b.swap(by,a7,function(){bz=p(by,e,bw)})}return bz}},set:function(bw,bx){if(bc.test(bx)){bx=parseFloat(bx);if(bx>=0){return bx+"px"}}else{return bx}}}});if(!b.support.opacity){b.cssHooks.opacity={get:function(bv,e){return au.test((e&&bv.currentStyle?bv.currentStyle.filter:bv.style.filter)||"")?(parseFloat(RegExp.$1)/100)+"":e?"1":""},set:function(by,bz){var bx=by.style,bv=by.currentStyle,e=b.isNumeric(bz)?"alpha(opacity="+bz*100+")":"",bw=bv&&bv.filter||bx.filter||"";bx.zoom=1;if(bz>=1&&b.trim(bw.replace(ak,""))===""){bx.removeAttribute("filter");if(bv&&!bv.filter){return}}bx.filter=ak.test(bw)?bw.replace(ak,e):bw+" "+e}}}b(function(){if(!b.support.reliableMarginRight){b.cssHooks.marginRight={get:function(bw,bv){var e;b.swap(bw,{display:"inline-block"},function(){if(bv){e=Z(bw,"margin-right","marginRight")}else{e=bw.style.marginRight}});return e}}}});if(av.defaultView&&av.defaultView.getComputedStyle){aI=function(by,bw){var bv,bx,e;bw=bw.replace(z,"-$1").toLowerCase();if((bx=by.ownerDocument.defaultView)&&(e=bx.getComputedStyle(by,null))){bv=e.getPropertyValue(bw);if(bv===""&&!b.contains(by.ownerDocument.documentElement,by)){bv=b.style(by,bw)}}return bv}}if(av.documentElement.currentStyle){aX=function(bz,bw){var bA,e,by,bv=bz.currentStyle&&bz.currentStyle[bw],bx=bz.style;if(bv===null&&bx&&(by=bx[bw])){bv=by}if(!bc.test(bv)&&bn.test(bv)){bA=bx.left;e=bz.runtimeStyle&&bz.runtimeStyle.left;if(e){bz.runtimeStyle.left=bz.currentStyle.left}bx.left=bw==="fontSize"?"1em":(bv||0);bv=bx.pixelLeft+"px";bx.left=bA;if(e){bz.runtimeStyle.left=e}}return bv===""?"auto":bv}}Z=aI||aX;function p(by,bw,bv){var bA=bw==="width"?by.offsetWidth:by.offsetHeight,bz=bw==="width"?an:a1,bx=0,e=bz.length;if(bA>0){if(bv!=="border"){for(;bx<e;bx++){if(!bv){bA-=parseFloat(b.css(by,"padding"+bz[bx]))||0}if(bv==="margin"){bA+=parseFloat(b.css(by,bv+bz[bx]))||0}else{bA-=parseFloat(b.css(by,"border"+bz[bx]+"Width"))||0}}}return bA+"px"}bA=Z(by,bw,bw);if(bA<0||bA==null){bA=by.style[bw]||0}bA=parseFloat(bA)||0;if(bv){for(;bx<e;bx++){bA+=parseFloat(b.css(by,"padding"+bz[bx]))||0;if(bv!=="padding"){bA+=parseFloat(b.css(by,"border"+bz[bx]+"Width"))||0}if(bv==="margin"){bA+=parseFloat(b.css(by,bv+bz[bx]))||0}}}return bA+"px"}if(b.expr&&b.expr.filters){b.expr.filters.hidden=function(bw){var bv=bw.offsetWidth,e=bw.offsetHeight;return(bv===0&&e===0)||(!b.support.reliableHiddenOffsets&&((bw.style&&bw.style.display)||b.css(bw,"display"))==="none")};b.expr.filters.visible=function(e){return !b.expr.filters.hidden(e)}}var k=/%20/g,ap=/\[\]$/,bs=/\r?\n/g,bq=/#.*$/,aD=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,aZ=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,aM=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,aQ=/^(?:GET|HEAD)$/,c=/^\/\//,M=/\?/,a6=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,q=/^(?:select|textarea)/i,h=/\s+/,br=/([?&])_=[^&]*/,K=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,A=b.fn.load,aa={},r={},aE,s,aV=["*/"]+["*"];try{aE=bl.href}catch(aw){aE=av.createElement("a");aE.href="";aE=aE.href}s=K.exec(aE.toLowerCase())||[];function f(e){return function(by,bA){if(typeof by!=="string"){bA=by;by="*"}if(b.isFunction(bA)){var bx=by.toLowerCase().split(h),bw=0,bz=bx.length,bv,bB,bC;for(;bw<bz;bw++){bv=bx[bw];bC=/^\+/.test(bv);if(bC){bv=bv.substr(1)||"*"}bB=e[bv]=e[bv]||[];bB[bC?"unshift":"push"](bA)}}}}function aW(bv,bE,bz,bD,bB,bx){bB=bB||bE.dataTypes[0];bx=bx||{};bx[bB]=true;var bA=bv[bB],bw=0,e=bA?bA.length:0,by=(bv===aa),bC;for(;bw<e&&(by||!bC);bw++){bC=bA[bw](bE,bz,bD);if(typeof bC==="string"){if(!by||bx[bC]){bC=L}else{bE.dataTypes.unshift(bC);bC=aW(bv,bE,bz,bD,bC,bx)}}}if((by||!bC)&&!bx["*"]){bC=aW(bv,bE,bz,bD,"*",bx)}return bC}function am(bw,bx){var bv,e,by=b.ajaxSettings.flatOptions||{};for(bv in bx){if(bx[bv]!==L){(by[bv]?bw:(e||(e={})))[bv]=bx[bv]}}if(e){b.extend(true,bw,e)}}b.fn.extend({load:function(bw,bz,bA){if(typeof bw!=="string"&&A){return A.apply(this,arguments)}else{if(!this.length){return this}}var by=bw.indexOf(" ");if(by>=0){var e=bw.slice(by,bw.length);bw=bw.slice(0,by)}var bx="GET";if(bz){if(b.isFunction(bz)){bA=bz;bz=L}else{if(typeof bz==="object"){bz=b.param(bz,b.ajaxSettings.traditional);bx="POST"}}}var bv=this;b.ajax({url:bw,type:bx,dataType:"html",data:bz,complete:function(bC,bB,bD){bD=bC.responseText;if(bC.isResolved()){bC.done(function(bE){bD=bE});bv.html(e?b("<div>").append(bD.replace(a6,"")).find(e):bD)}if(bA){bv.each(bA,[bD,bB,bC])}}});return this},serialize:function(){return b.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?b.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||q.test(this.nodeName)||aZ.test(this.type))}).map(function(e,bv){var bw=b(this).val();return bw==null?null:b.isArray(bw)?b.map(bw,function(by,bx){return{name:bv.name,value:by.replace(bs,"\r\n")}}):{name:bv.name,value:bw.replace(bs,"\r\n")}}).get()}});b.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(e,bv){b.fn[bv]=function(bw){return this.on(bv,bw)}});b.each(["get","post"],function(e,bv){b[bv]=function(bw,by,bz,bx){if(b.isFunction(by)){bx=bx||bz;bz=by;by=L}return b.ajax({type:bv,url:bw,data:by,success:bz,dataType:bx})}});b.extend({getScript:function(e,bv){return b.get(e,L,bv,"script")},getJSON:function(e,bv,bw){return b.get(e,bv,bw,"json")},ajaxSetup:function(bv,e){if(e){am(bv,b.ajaxSettings)}else{e=bv;bv=b.ajaxSettings}am(bv,e);return bv},ajaxSettings:{url:aE,isLocal:aM.test(s[1]),global:true,type:"GET",contentType:"application/x-www-form-urlencoded",processData:true,async:true,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":aV},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":bb.String,"text html":true,"text json":b.parseJSON,"text xml":b.parseXML},flatOptions:{context:true,url:true}},ajaxPrefilter:f(aa),ajaxTransport:f(r),ajax:function(bz,bx){if(typeof bz==="object"){bx=bz;bz=L}bx=bx||{};var bD=b.ajaxSetup({},bx),bS=bD.context||bD,bG=bS!==bD&&(bS.nodeType||bS instanceof b)?b(bS):b.event,bR=b.Deferred(),bN=b.Callbacks("once memory"),bB=bD.statusCode||{},bC,bH={},bO={},bQ,by,bL,bE,bI,bA=0,bw,bK,bJ={readyState:0,setRequestHeader:function(bT,bU){if(!bA){var e=bT.toLowerCase();bT=bO[e]=bO[e]||bT;bH[bT]=bU}return this},getAllResponseHeaders:function(){return bA===2?bQ:null},getResponseHeader:function(bT){var e;if(bA===2){if(!by){by={};while((e=aD.exec(bQ))){by[e[1].toLowerCase()]=e[2]}}e=by[bT.toLowerCase()]}return e===L?null:e},overrideMimeType:function(e){if(!bA){bD.mimeType=e}return this},abort:function(e){e=e||"abort";if(bL){bL.abort(e)}bF(0,e);return this}};function bF(bZ,bU,b0,bW){if(bA===2){return}bA=2;if(bE){clearTimeout(bE)}bL=L;bQ=bW||"";bJ.readyState=bZ>0?4:0;var bT,b4,b3,bX=bU,bY=b0?bj(bD,bJ,b0):L,bV,b2;if(bZ>=200&&bZ<300||bZ===304){if(bD.ifModified){if((bV=bJ.getResponseHeader("Last-Modified"))){b.lastModified[bC]=bV}if((b2=bJ.getResponseHeader("Etag"))){b.etag[bC]=b2}}if(bZ===304){bX="notmodified";bT=true}else{try{b4=G(bD,bY);bX="success";bT=true}catch(b1){bX="parsererror";b3=b1}}}else{b3=bX;if(!bX||bZ){bX="error";if(bZ<0){bZ=0}}}bJ.status=bZ;bJ.statusText=""+(bU||bX);if(bT){bR.resolveWith(bS,[b4,bX,bJ])}else{bR.rejectWith(bS,[bJ,bX,b3])}bJ.statusCode(bB);bB=L;if(bw){bG.trigger("ajax"+(bT?"Success":"Error"),[bJ,bD,bT?b4:b3])}bN.fireWith(bS,[bJ,bX]);if(bw){bG.trigger("ajaxComplete",[bJ,bD]);if(!(--b.active)){b.event.trigger("ajaxStop")}}}bR.promise(bJ);bJ.success=bJ.done;bJ.error=bJ.fail;bJ.complete=bN.add;bJ.statusCode=function(bT){if(bT){var e;if(bA<2){for(e in bT){bB[e]=[bB[e],bT[e]]}}else{e=bT[bJ.status];bJ.then(e,e)}}return this};bD.url=((bz||bD.url)+"").replace(bq,"").replace(c,s[1]+"//");bD.dataTypes=b.trim(bD.dataType||"*").toLowerCase().split(h);if(bD.crossDomain==null){bI=K.exec(bD.url.toLowerCase());bD.crossDomain=!!(bI&&(bI[1]!=s[1]||bI[2]!=s[2]||(bI[3]||(bI[1]==="http:"?80:443))!=(s[3]||(s[1]==="http:"?80:443))))}if(bD.data&&bD.processData&&typeof bD.data!=="string"){bD.data=b.param(bD.data,bD.traditional)}aW(aa,bD,bx,bJ);if(bA===2){return false}bw=bD.global;bD.type=bD.type.toUpperCase();bD.hasContent=!aQ.test(bD.type);if(bw&&b.active++===0){b.event.trigger("ajaxStart")}if(!bD.hasContent){if(bD.data){bD.url+=(M.test(bD.url)?"&":"?")+bD.data;delete bD.data}bC=bD.url;if(bD.cache===false){var bv=b.now(),bP=bD.url.replace(br,"$1_="+bv);bD.url=bP+((bP===bD.url)?(M.test(bD.url)?"&":"?")+"_="+bv:"")}}if(bD.data&&bD.hasContent&&bD.contentType!==false||bx.contentType){bJ.setRequestHeader("Content-Type",bD.contentType)}if(bD.ifModified){bC=bC||bD.url;if(b.lastModified[bC]){bJ.setRequestHeader("If-Modified-Since",b.lastModified[bC])}if(b.etag[bC]){bJ.setRequestHeader("If-None-Match",b.etag[bC])}}bJ.setRequestHeader("Accept",bD.dataTypes[0]&&bD.accepts[bD.dataTypes[0]]?bD.accepts[bD.dataTypes[0]]+(bD.dataTypes[0]!=="*"?", "+aV+"; q=0.01":""):bD.accepts["*"]);for(bK in bD.headers){bJ.setRequestHeader(bK,bD.headers[bK])}if(bD.beforeSend&&(bD.beforeSend.call(bS,bJ,bD)===false||bA===2)){bJ.abort();return false}for(bK in {success:1,error:1,complete:1}){bJ[bK](bD[bK])}bL=aW(r,bD,bx,bJ);if(!bL){bF(-1,"No Transport")}else{bJ.readyState=1;if(bw){bG.trigger("ajaxSend",[bJ,bD])}if(bD.async&&bD.timeout>0){bE=setTimeout(function(){bJ.abort("timeout")},bD.timeout)}try{bA=1;bL.send(bH,bF)}catch(bM){if(bA<2){bF(-1,bM)}else{throw bM}}}return bJ},param:function(e,bw){var bv=[],by=function(bz,bA){bA=b.isFunction(bA)?bA():bA;bv[bv.length]=encodeURIComponent(bz)+"="+encodeURIComponent(bA)};if(bw===L){bw=b.ajaxSettings.traditional}if(b.isArray(e)||(e.jquery&&!b.isPlainObject(e))){b.each(e,function(){by(this.name,this.value)})}else{for(var bx in e){v(bx,e[bx],bw,by)}}return bv.join("&").replace(k,"+")}});function v(bw,by,bv,bx){if(b.isArray(by)){b.each(by,function(bA,bz){if(bv||ap.test(bw)){bx(bw,bz)}else{v(bw+"["+(typeof bz==="object"||b.isArray(bz)?bA:"")+"]",bz,bv,bx)}})}else{if(!bv&&by!=null&&typeof by==="object"){for(var e in by){v(bw+"["+e+"]",by[e],bv,bx)}}else{bx(bw,by)}}}b.extend({active:0,lastModified:{},etag:{}});function bj(bD,bC,bz){var bv=bD.contents,bB=bD.dataTypes,bw=bD.responseFields,by,bA,bx,e;for(bA in bw){if(bA in bz){bC[bw[bA]]=bz[bA]}}while(bB[0]==="*"){bB.shift();if(by===L){by=bD.mimeType||bC.getResponseHeader("content-type")}}if(by){for(bA in bv){if(bv[bA]&&bv[bA].test(by)){bB.unshift(bA);break}}}if(bB[0] in bz){bx=bB[0]}else{for(bA in bz){if(!bB[0]||bD.converters[bA+" "+bB[0]]){bx=bA;break}if(!e){e=bA}}bx=bx||e}if(bx){if(bx!==bB[0]){bB.unshift(bx)}return bz[bx]}}function G(bH,bz){if(bH.dataFilter){bz=bH.dataFilter(bz,bH.dataType)}var bD=bH.dataTypes,bG={},bA,bE,bw=bD.length,bB,bC=bD[0],bx,by,bF,bv,e;for(bA=1;bA<bw;bA++){if(bA===1){for(bE in bH.converters){if(typeof bE==="string"){bG[bE.toLowerCase()]=bH.converters[bE]}}}bx=bC;bC=bD[bA];if(bC==="*"){bC=bx}else{if(bx!=="*"&&bx!==bC){by=bx+" "+bC;bF=bG[by]||bG["* "+bC];if(!bF){e=L;for(bv in bG){bB=bv.split(" ");if(bB[0]===bx||bB[0]==="*"){e=bG[bB[1]+" "+bC];if(e){bv=bG[bv];if(bv===true){bF=e}else{if(e===true){bF=bv}}break}}}}if(!(bF||e)){b.error("No conversion from "+by.replace(" "," to "))}if(bF!==true){bz=bF?bF(bz):e(bv(bz))}}}}return bz}var aC=b.now(),u=/(\=)\?(&|$)|\?\?/i;b.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return b.expando+"_"+(aC++)}});b.ajaxPrefilter("json jsonp",function(bD,bA,bC){var bx=bD.contentType==="application/x-www-form-urlencoded"&&(typeof bD.data==="string");if(bD.dataTypes[0]==="jsonp"||bD.jsonp!==false&&(u.test(bD.url)||bx&&u.test(bD.data))){var bB,bw=bD.jsonpCallback=b.isFunction(bD.jsonpCallback)?bD.jsonpCallback():bD.jsonpCallback,bz=bb[bw],e=bD.url,by=bD.data,bv="$1"+bw+"$2";if(bD.jsonp!==false){e=e.replace(u,bv);if(bD.url===e){if(bx){by=by.replace(u,bv)}if(bD.data===by){e+=(/\?/.test(e)?"&":"?")+bD.jsonp+"="+bw}}}bD.url=e;bD.data=by;bb[bw]=function(bE){bB=[bE]};bC.always(function(){bb[bw]=bz;if(bB&&b.isFunction(bz)){bb[bw](bB[0])}});bD.converters["script json"]=function(){if(!bB){b.error(bw+" was not called")}return bB[0]};bD.dataTypes[0]="json";return"script"}});b.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(e){b.globalEval(e);return e}}});b.ajaxPrefilter("script",function(e){if(e.cache===L){e.cache=false}if(e.crossDomain){e.type="GET";e.global=false}});b.ajaxTransport("script",function(bw){if(bw.crossDomain){var e,bv=av.head||av.getElementsByTagName("head")[0]||av.documentElement;return{send:function(bx,by){e=av.createElement("script");e.async="async";if(bw.scriptCharset){e.charset=bw.scriptCharset}e.src=bw.url;e.onload=e.onreadystatechange=function(bA,bz){if(bz||!e.readyState||/loaded|complete/.test(e.readyState)){e.onload=e.onreadystatechange=null;if(bv&&e.parentNode){bv.removeChild(e)}e=L;if(!bz){by(200,"success")}}};bv.insertBefore(e,bv.firstChild)},abort:function(){if(e){e.onload(0,1)}}}}});var B=bb.ActiveXObject?function(){for(var e in N){N[e](0,1)}}:false,y=0,N;function aL(){try{return new bb.XMLHttpRequest()}catch(bv){}}function aj(){try{return new bb.ActiveXObject("Microsoft.XMLHTTP")}catch(bv){}}b.ajaxSettings.xhr=bb.ActiveXObject?function(){return !this.isLocal&&aL()||aj()}:aL;(function(e){b.extend(b.support,{ajax:!!e,cors:!!e&&("withCredentials" in e)})})(b.ajaxSettings.xhr());if(b.support.ajax){b.ajaxTransport(function(e){if(!e.crossDomain||b.support.cors){var bv;return{send:function(bB,bw){var bA=e.xhr(),bz,by;if(e.username){bA.open(e.type,e.url,e.async,e.username,e.password)}else{bA.open(e.type,e.url,e.async)}if(e.xhrFields){for(by in e.xhrFields){bA[by]=e.xhrFields[by]}}if(e.mimeType&&bA.overrideMimeType){bA.overrideMimeType(e.mimeType)}if(!e.crossDomain&&!bB["X-Requested-With"]){bB["X-Requested-With"]="XMLHttpRequest"}try{for(by in bB){bA.setRequestHeader(by,bB[by])}}catch(bx){}bA.send((e.hasContent&&e.data)||null);bv=function(bK,bE){var bF,bD,bC,bI,bH;try{if(bv&&(bE||bA.readyState===4)){bv=L;if(bz){bA.onreadystatechange=b.noop;if(B){delete N[bz]}}if(bE){if(bA.readyState!==4){bA.abort()}}else{bF=bA.status;bC=bA.getAllResponseHeaders();bI={};bH=bA.responseXML;if(bH&&bH.documentElement){bI.xml=bH}bI.text=bA.responseText;try{bD=bA.statusText}catch(bJ){bD=""}if(!bF&&e.isLocal&&!e.crossDomain){bF=bI.text?200:404}else{if(bF===1223){bF=204}}}}}catch(bG){if(!bE){bw(-1,bG)}}if(bI){bw(bF,bD,bI,bC)}};if(!e.async||bA.readyState===4){bv()}else{bz=++y;if(B){if(!N){N={};b(bb).unload(B)}N[bz]=bv}bA.onreadystatechange=bv}},abort:function(){if(bv){bv(0,1)}}}}})}var Q={},a8,m,aB=/^(?:toggle|show|hide)$/,aT=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,a3,aH=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],a4;b.fn.extend({show:function(bx,bA,bz){var bw,by;if(bx||bx===0){return this.animate(a0("show",3),bx,bA,bz)}else{for(var bv=0,e=this.length;bv<e;bv++){bw=this[bv];if(bw.style){by=bw.style.display;if(!b._data(bw,"olddisplay")&&by==="none"){by=bw.style.display=""}if(by===""&&b.css(bw,"display")==="none"){b._data(bw,"olddisplay",x(bw.nodeName))}}}for(bv=0;bv<e;bv++){bw=this[bv];if(bw.style){by=bw.style.display;if(by===""||by==="none"){bw.style.display=b._data(bw,"olddisplay")||""}}}return this}},hide:function(bx,bA,bz){if(bx||bx===0){return this.animate(a0("hide",3),bx,bA,bz)}else{var bw,by,bv=0,e=this.length;for(;bv<e;bv++){bw=this[bv];if(bw.style){by=b.css(bw,"display");if(by!=="none"&&!b._data(bw,"olddisplay")){b._data(bw,"olddisplay",by)}}}for(bv=0;bv<e;bv++){if(this[bv].style){this[bv].style.display="none"}}return this}},_toggle:b.fn.toggle,toggle:function(bw,bv,bx){var e=typeof bw==="boolean";if(b.isFunction(bw)&&b.isFunction(bv)){this._toggle.apply(this,arguments)}else{if(bw==null||e){this.each(function(){var by=e?bw:b(this).is(":hidden");b(this)[by?"show":"hide"]()})}else{this.animate(a0("toggle",3),bw,bv,bx)}}return this},fadeTo:function(e,bx,bw,bv){return this.filter(":hidden").css("opacity",0).show().end().animate({opacity:bx},e,bw,bv)},animate:function(bz,bw,by,bx){var e=b.speed(bw,by,bx);if(b.isEmptyObject(bz)){return this.each(e.complete,[false])}bz=b.extend({},bz);function bv(){if(e.queue===false){b._mark(this)}var bE=b.extend({},e),bK=this.nodeType===1,bI=bK&&b(this).is(":hidden"),bB,bF,bD,bJ,bH,bC,bG,bL,bA;bE.animatedProperties={};for(bD in bz){bB=b.camelCase(bD);if(bD!==bB){bz[bB]=bz[bD];delete bz[bD]}bF=bz[bB];if(b.isArray(bF)){bE.animatedProperties[bB]=bF[1];bF=bz[bB]=bF[0]}else{bE.animatedProperties[bB]=bE.specialEasing&&bE.specialEasing[bB]||bE.easing||"swing"}if(bF==="hide"&&bI||bF==="show"&&!bI){return bE.complete.call(this)}if(bK&&(bB==="height"||bB==="width")){bE.overflow=[this.style.overflow,this.style.overflowX,this.style.overflowY];if(b.css(this,"display")==="inline"&&b.css(this,"float")==="none"){if(!b.support.inlineBlockNeedsLayout||x(this.nodeName)==="inline"){this.style.display="inline-block"}else{this.style.zoom=1}}}}if(bE.overflow!=null){this.style.overflow="hidden"}for(bD in bz){bJ=new b.fx(this,bE,bD);bF=bz[bD];if(aB.test(bF)){bA=b._data(this,"toggle"+bD)||(bF==="toggle"?bI?"show":"hide":0);if(bA){b._data(this,"toggle"+bD,bA==="show"?"hide":"show");bJ[bA]()}else{bJ[bF]()}}else{bH=aT.exec(bF);bC=bJ.cur();if(bH){bG=parseFloat(bH[2]);bL=bH[3]||(b.cssNumber[bD]?"":"px");if(bL!=="px"){b.style(this,bD,(bG||1)+bL);bC=((bG||1)/bJ.cur())*bC;b.style(this,bD,bC+bL)}if(bH[1]){bG=((bH[1]==="-="?-1:1)*bG)+bC}bJ.custom(bC,bG,bL)}else{bJ.custom(bC,bF,"")}}}return true}return e.queue===false?this.each(bv):this.queue(e.queue,bv)},stop:function(bw,bv,e){if(typeof bw!=="string"){e=bv;bv=bw;bw=L}if(bv&&bw!==false){this.queue(bw||"fx",[])}return this.each(function(){var bx,by=false,bA=b.timers,bz=b._data(this);if(!e){b._unmark(true,this)}function bB(bE,bF,bD){var bC=bF[bD];b.removeData(bE,bD,true);bC.stop(e)}if(bw==null){for(bx in bz){if(bz[bx]&&bz[bx].stop&&bx.indexOf(".run")===bx.length-4){bB(this,bz,bx)}}}else{if(bz[bx=bw+".run"]&&bz[bx].stop){bB(this,bz,bx)}}for(bx=bA.length;bx--;){if(bA[bx].elem===this&&(bw==null||bA[bx].queue===bw)){if(e){bA[bx](true)}else{bA[bx].saveState()}by=true;bA.splice(bx,1)}}if(!(e&&by)){b.dequeue(this,bw)}})}});function bh(){setTimeout(at,0);return(a4=b.now())}function at(){a4=L}function a0(bv,e){var bw={};b.each(aH.concat.apply([],aH.slice(0,e)),function(){bw[this]=bv});return bw}b.each({slideDown:a0("show",1),slideUp:a0("hide",1),slideToggle:a0("toggle",1),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,bv){b.fn[e]=function(bw,by,bx){return this.animate(bv,bw,by,bx)}});b.extend({speed:function(bw,bx,bv){var e=bw&&typeof bw==="object"?b.extend({},bw):{complete:bv||!bv&&bx||b.isFunction(bw)&&bw,duration:bw,easing:bv&&bx||bx&&!b.isFunction(bx)&&bx};e.duration=b.fx.off?0:typeof e.duration==="number"?e.duration:e.duration in b.fx.speeds?b.fx.speeds[e.duration]:b.fx.speeds._default;if(e.queue==null||e.queue===true){e.queue="fx"}e.old=e.complete;e.complete=function(by){if(b.isFunction(e.old)){e.old.call(this)}if(e.queue){b.dequeue(this,e.queue)}else{if(by!==false){b._unmark(this)}}};return e},easing:{linear:function(bw,bx,e,bv){return e+bv*bw},swing:function(bw,bx,e,bv){return((-Math.cos(bw*Math.PI)/2)+0.5)*bv+e}},timers:[],fx:function(bv,e,bw){this.options=e;this.elem=bv;this.prop=bw;e.orig=e.orig||{}}});b.fx.prototype={update:function(){if(this.options.step){this.options.step.call(this.elem,this.now,this)}(b.fx.step[this.prop]||b.fx.step._default)(this)},cur:function(){if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==null)){return this.elem[this.prop]}var e,bv=b.css(this.elem,this.prop);return isNaN(e=parseFloat(bv))?!bv||bv==="auto"?0:bv:e},custom:function(bz,by,bx){var e=this,bw=b.fx;this.startTime=a4||bh();this.end=by;this.now=this.start=bz;this.pos=this.state=0;this.unit=bx||this.unit||(b.cssNumber[this.prop]?"":"px");function bv(bA){return e.step(bA)}bv.queue=this.options.queue;bv.elem=this.elem;bv.saveState=function(){if(e.options.hide&&b._data(e.elem,"fxshow"+e.prop)===L){b._data(e.elem,"fxshow"+e.prop,e.start)}};if(bv()&&b.timers.push(bv)&&!a3){a3=setInterval(bw.tick,bw.interval)}},show:function(){var e=b._data(this.elem,"fxshow"+this.prop);this.options.orig[this.prop]=e||b.style(this.elem,this.prop);this.options.show=true;if(e!==L){this.custom(this.cur(),e)}else{this.custom(this.prop==="width"||this.prop==="height"?1:0,this.cur())}b(this.elem).show()},hide:function(){this.options.orig[this.prop]=b._data(this.elem,"fxshow"+this.prop)||b.style(this.elem,this.prop);this.options.hide=true;this.custom(this.cur(),0)},step:function(by){var bA,bB,bv,bx=a4||bh(),e=true,bz=this.elem,bw=this.options;if(by||bx>=bw.duration+this.startTime){this.now=this.end;this.pos=this.state=1;this.update();bw.animatedProperties[this.prop]=true;for(bA in bw.animatedProperties){if(bw.animatedProperties[bA]!==true){e=false}}if(e){if(bw.overflow!=null&&!b.support.shrinkWrapBlocks){b.each(["","X","Y"],function(bC,bD){bz.style["overflow"+bD]=bw.overflow[bC]})}if(bw.hide){b(bz).hide()}if(bw.hide||bw.show){for(bA in bw.animatedProperties){b.style(bz,bA,bw.orig[bA]);b.removeData(bz,"fxshow"+bA,true);b.removeData(bz,"toggle"+bA,true)}}bv=bw.complete;if(bv){bw.complete=false;bv.call(bz)}}return false}else{if(bw.duration==Infinity){this.now=bx}else{bB=bx-this.startTime;this.state=bB/bw.duration;this.pos=b.easing[bw.animatedProperties[this.prop]](this.state,bB,0,1,bw.duration);this.now=this.start+((this.end-this.start)*this.pos)}this.update()}return true}};b.extend(b.fx,{tick:function(){var bw,bv=b.timers,e=0;for(;e<bv.length;e++){bw=bv[e];if(!bw()&&bv[e]===bw){bv.splice(e--,1)}}if(!bv.length){b.fx.stop()}},interval:13,stop:function(){clearInterval(a3);a3=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:function(e){b.style(e.elem,"opacity",e.now)},_default:function(e){if(e.elem.style&&e.elem.style[e.prop]!=null){e.elem.style[e.prop]=e.now+e.unit}else{e.elem[e.prop]=e.now}}}});b.each(["width","height"],function(e,bv){b.fx.step[bv]=function(bw){b.style(bw.elem,bv,Math.max(0,bw.now)+bw.unit)}});if(b.expr&&b.expr.filters){b.expr.filters.animated=function(e){return b.grep(b.timers,function(bv){return e===bv.elem}).length}}function x(bx){if(!Q[bx]){var e=av.body,bv=b("<"+bx+">").appendTo(e),bw=bv.css("display");bv.remove();if(bw==="none"||bw===""){if(!a8){a8=av.createElement("iframe");a8.frameBorder=a8.width=a8.height=0}e.appendChild(a8);if(!m||!a8.createElement){m=(a8.contentWindow||a8.contentDocument).document;m.write((av.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>");m.close()}bv=m.createElement(bx);m.body.appendChild(bv);bw=b.css(bv,"display");e.removeChild(a8)}Q[bx]=bw}return Q[bx]}var V=/^t(?:able|d|h)$/i,ad=/^(?:body|html)$/i;if("getBoundingClientRect" in av.documentElement){b.fn.offset=function(bI){var by=this[0],bB;if(bI){return this.each(function(e){b.offset.setOffset(this,bI,e)})}if(!by||!by.ownerDocument){return null}if(by===by.ownerDocument.body){return b.offset.bodyOffset(by)}try{bB=by.getBoundingClientRect()}catch(bF){}var bH=by.ownerDocument,bw=bH.documentElement;if(!bB||!b.contains(bw,by)){return bB?{top:bB.top,left:bB.left}:{top:0,left:0}}var bC=bH.body,bD=aK(bH),bA=bw.clientTop||bC.clientTop||0,bE=bw.clientLeft||bC.clientLeft||0,bv=bD.pageYOffset||b.support.boxModel&&bw.scrollTop||bC.scrollTop,bz=bD.pageXOffset||b.support.boxModel&&bw.scrollLeft||bC.scrollLeft,bG=bB.top+bv-bA,bx=bB.left+bz-bE;return{top:bG,left:bx}}}else{b.fn.offset=function(bF){var bz=this[0];if(bF){return this.each(function(bG){b.offset.setOffset(this,bF,bG)})}if(!bz||!bz.ownerDocument){return null}if(bz===bz.ownerDocument.body){return b.offset.bodyOffset(bz)}var bC,bw=bz.offsetParent,bv=bz,bE=bz.ownerDocument,bx=bE.documentElement,bA=bE.body,bB=bE.defaultView,e=bB?bB.getComputedStyle(bz,null):bz.currentStyle,bD=bz.offsetTop,by=bz.offsetLeft;while((bz=bz.parentNode)&&bz!==bA&&bz!==bx){if(b.support.fixedPosition&&e.position==="fixed"){break}bC=bB?bB.getComputedStyle(bz,null):bz.currentStyle;bD-=bz.scrollTop;by-=bz.scrollLeft;if(bz===bw){bD+=bz.offsetTop;by+=bz.offsetLeft;if(b.support.doesNotAddBorder&&!(b.support.doesAddBorderForTableAndCells&&V.test(bz.nodeName))){bD+=parseFloat(bC.borderTopWidth)||0;by+=parseFloat(bC.borderLeftWidth)||0}bv=bw;bw=bz.offsetParent}if(b.support.subtractsBorderForOverflowNotVisible&&bC.overflow!=="visible"){bD+=parseFloat(bC.borderTopWidth)||0;by+=parseFloat(bC.borderLeftWidth)||0}e=bC}if(e.position==="relative"||e.position==="static"){bD+=bA.offsetTop;by+=bA.offsetLeft}if(b.support.fixedPosition&&e.position==="fixed"){bD+=Math.max(bx.scrollTop,bA.scrollTop);by+=Math.max(bx.scrollLeft,bA.scrollLeft)}return{top:bD,left:by}}}b.offset={bodyOffset:function(e){var bw=e.offsetTop,bv=e.offsetLeft;if(b.support.doesNotIncludeMarginInBodyOffset){bw+=parseFloat(b.css(e,"marginTop"))||0;bv+=parseFloat(b.css(e,"marginLeft"))||0}return{top:bw,left:bv}},setOffset:function(bx,bG,bA){var bB=b.css(bx,"position");if(bB==="static"){bx.style.position="relative"}var bz=b(bx),bv=bz.offset(),e=b.css(bx,"top"),bE=b.css(bx,"left"),bF=(bB==="absolute"||bB==="fixed")&&b.inArray("auto",[e,bE])>-1,bD={},bC={},bw,by;if(bF){bC=bz.position();bw=bC.top;by=bC.left}else{bw=parseFloat(e)||0;by=parseFloat(bE)||0}if(b.isFunction(bG)){bG=bG.call(bx,bA,bv)}if(bG.top!=null){bD.top=(bG.top-bv.top)+bw}if(bG.left!=null){bD.left=(bG.left-bv.left)+by}if("using" in bG){bG.using.call(bx,bD)}else{bz.css(bD)}}};b.fn.extend({position:function(){if(!this[0]){return null}var bw=this[0],bv=this.offsetParent(),bx=this.offset(),e=ad.test(bv[0].nodeName)?{top:0,left:0}:bv.offset();bx.top-=parseFloat(b.css(bw,"marginTop"))||0;bx.left-=parseFloat(b.css(bw,"marginLeft"))||0;e.top+=parseFloat(b.css(bv[0],"borderTopWidth"))||0;e.left+=parseFloat(b.css(bv[0],"borderLeftWidth"))||0;return{top:bx.top-e.top,left:bx.left-e.left}},offsetParent:function(){return this.map(function(){var e=this.offsetParent||av.body;while(e&&(!ad.test(e.nodeName)&&b.css(e,"position")==="static")){e=e.offsetParent}return e})}});b.each(["Left","Top"],function(bv,e){var bw="scroll"+e;b.fn[bw]=function(bz){var bx,by;if(bz===L){bx=this[0];if(!bx){return null}by=aK(bx);return by?("pageXOffset" in by)?by[bv?"pageYOffset":"pageXOffset"]:b.support.boxModel&&by.document.documentElement[bw]||by.document.body[bw]:bx[bw]}return this.each(function(){by=aK(this);if(by){by.scrollTo(!bv?bz:b(by).scrollLeft(),bv?bz:b(by).scrollTop())}else{this[bw]=bz}})}});function aK(e){return b.isWindow(e)?e:e.nodeType===9?e.defaultView||e.parentWindow:false}b.each(["Height","Width"],function(bv,e){var bw=e.toLowerCase();b.fn["inner"+e]=function(){var bx=this[0];return bx?bx.style?parseFloat(b.css(bx,bw,"padding")):this[bw]():null};b.fn["outer"+e]=function(by){var bx=this[0];return bx?bx.style?parseFloat(b.css(bx,bw,by?"margin":"border")):this[bw]():null};b.fn[bw]=function(bz){var bA=this[0];if(!bA){return bz==null?null:this}if(b.isFunction(bz)){return this.each(function(bE){var bD=b(this);bD[bw](bz.call(this,bE,bD[bw]()))})}if(b.isWindow(bA)){var bB=bA.document.documentElement["client"+e],bx=bA.document.body;return bA.document.compatMode==="CSS1Compat"&&bB||bx&&bx["client"+e]||bB}else{if(bA.nodeType===9){return Math.max(bA.documentElement["client"+e],bA.body["scroll"+e],bA.documentElement["scroll"+e],bA.body["offset"+e],bA.documentElement["offset"+e])}else{if(bz===L){var bC=b.css(bA,bw),by=parseFloat(bC);return b.isNumeric(by)?by:bC}else{return this.css(bw,typeof bz==="string"?bz:bz+"px")}}}}});bb.jQuery=bb.$=b;if(typeof define==="function"&&define.amd&&define.amd.jQuery){define("jquery",[],function(){return b})}})(window);/*
- * jQuery UI 1.8.18
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI
- */
-(function(a,d){a.ui=a.ui||{};if(a.ui.version){return}a.extend(a.ui,{version:"1.8.18",keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,RIGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}});a.fn.extend({propAttr:a.fn.prop||a.fn.attr,_focus:a.fn.focus,focus:function(e,f){return typeof e==="number"?this.each(function(){var g=this;setTimeout(function(){a(g).focus();if(f){f.call(g)}},e)}):this._focus.apply(this,arguments)},scrollParent:function(){var e;if((a.browser.msie&&(/(static|relative)/).test(this.css("position")))||(/absolute/).test(this.css("position"))){e=this.parents().filter(function(){return(/(relative|absolute|fixed)/).test(a.curCSS(this,"position",1))&&(/(auto|scroll)/).test(a.curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"overflow-x",1))}).eq(0)}else{e=this.parents().filter(function(){return(/(auto|scroll)/).test(a.curCSS(this,"overflow",1)+a.curCSS(this,"overflow-y",1)+a.curCSS(this,"overflow-x",1))}).eq(0)}return(/fixed/).test(this.css("position"))||!e.length?a(document):e},zIndex:function(h){if(h!==d){return this.css("zIndex",h)}if(this.length){var f=a(this[0]),e,g;while(f.length&&f[0]!==document){e=f.css("position");if(e==="absolute"||e==="relative"||e==="fixed"){g=parseInt(f.css("zIndex"),10);if(!isNaN(g)&&g!==0){return g}}f=f.parent()}}return 0},disableSelection:function(){return this.bind((a.support.selectstart?"selectstart":"mousedown")+".ui-disableSelection",function(e){e.preventDefault()})},enableSelection:function(){return this.unbind(".ui-disableSelection")}});a.each(["Width","Height"],function(g,e){var f=e==="Width"?["Left","Right"]:["Top","Bottom"],h=e.toLowerCase(),k={innerWidth:a.fn.innerWidth,innerHeight:a.fn.innerHeight,outerWidth:a.fn.outerWidth,outerHeight:a.fn.outerHeight};function j(m,l,i,n){a.each(f,function(){l-=parseFloat(a.curCSS(m,"padding"+this,true))||0;if(i){l-=parseFloat(a.curCSS(m,"border"+this+"Width",true))||0}if(n){l-=parseFloat(a.curCSS(m,"margin"+this,true))||0}});return l}a.fn["inner"+e]=function(i){if(i===d){return k["inner"+e].call(this)}return this.each(function(){a(this).css(h,j(this,i)+"px")})};a.fn["outer"+e]=function(i,l){if(typeof i!=="number"){return k["outer"+e].call(this,i)}return this.each(function(){a(this).css(h,j(this,i,true,l)+"px")})}});function c(g,e){var j=g.nodeName.toLowerCase();if("area"===j){var i=g.parentNode,h=i.name,f;if(!g.href||!h||i.nodeName.toLowerCase()!=="map"){return false}f=a("img[usemap=#"+h+"]")[0];return !!f&&b(f)}return(/input|select|textarea|button|object/.test(j)?!g.disabled:"a"==j?g.href||e:e)&&b(g)}function b(e){return !a(e).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).length}a.extend(a.expr[":"],{data:function(g,f,e){return !!a.data(g,e[3])},focusable:function(e){return c(e,!isNaN(a.attr(e,"tabindex")))},tabbable:function(g){var e=a.attr(g,"tabindex"),f=isNaN(e);return(f||e>=0)&&c(g,!f)}});a(function(){var e=document.body,f=e.appendChild(f=document.createElement("div"));f.offsetHeight;a.extend(f.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:0});a.support.minHeight=f.offsetHeight===100;a.support.selectstart="onselectstart" in f;e.removeChild(f).style.display="none"});a.extend(a.ui,{plugin:{add:function(f,g,j){var h=a.ui[f].prototype;for(var e in j){h.plugins[e]=h.plugins[e]||[];h.plugins[e].push([g,j[e]])}},call:function(e,g,f){var j=e.plugins[g];if(!j||!e.element[0].parentNode){return}for(var h=0;h<j.length;h++){if(e.options[j[h][0]]){j[h][1].apply(e.element,f)}}}},contains:function(f,e){return document.compareDocumentPosition?f.compareDocumentPosition(e)&16:f!==e&&f.contains(e)},hasScroll:function(h,f){if(a(h).css("overflow")==="hidden"){return false}var e=(f&&f==="left")?"scrollLeft":"scrollTop",g=false;if(h[e]>0){return true}h[e]=1;g=(h[e]>0);h[e]=0;return g},isOverAxis:function(f,e,g){return(f>e)&&(f<(e+g))},isOver:function(j,f,i,h,e,g){return a.ui.isOverAxis(j,i,e)&&a.ui.isOverAxis(f,h,g)}})})(jQuery);/*
- * jQuery UI Widget 1.8.18
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI/Widget
- */
-(function(b,d){if(b.cleanData){var c=b.cleanData;b.cleanData=function(f){for(var g=0,h;(h=f[g])!=null;g++){try{b(h).triggerHandler("remove")}catch(j){}}c(f)}}else{var a=b.fn.remove;b.fn.remove=function(e,f){return this.each(function(){if(!f){if(!e||b.filter(e,[this]).length){b("*",this).add([this]).each(function(){try{b(this).triggerHandler("remove")}catch(g){}})}}return a.call(b(this),e,f)})}}b.widget=function(f,h,e){var g=f.split(".")[0],j;f=f.split(".")[1];j=g+"-"+f;if(!e){e=h;h=b.Widget}b.expr[":"][j]=function(k){return !!b.data(k,f)};b[g]=b[g]||{};b[g][f]=function(k,l){if(arguments.length){this._createWidget(k,l)}};var i=new h();i.options=b.extend(true,{},i.options);b[g][f].prototype=b.extend(true,i,{namespace:g,widgetName:f,widgetEventPrefix:b[g][f].prototype.widgetEventPrefix||f,widgetBaseClass:j},e);b.widget.bridge(f,b[g][f])};b.widget.bridge=function(f,e){b.fn[f]=function(i){var g=typeof i==="string",h=Array.prototype.slice.call(arguments,1),j=this;i=!g&&h.length?b.extend.apply(null,[true,i].concat(h)):i;if(g&&i.charAt(0)==="_"){return j}if(g){this.each(function(){var k=b.data(this,f),l=k&&b.isFunction(k[i])?k[i].apply(k,h):k;if(l!==k&&l!==d){j=l;return false}})}else{this.each(function(){var k=b.data(this,f);if(k){k.option(i||{})._init()}else{b.data(this,f,new e(i,this))}})}return j}};b.Widget=function(e,f){if(arguments.length){this._createWidget(e,f)}};b.Widget.prototype={widgetName:"widget",widgetEventPrefix:"",options:{disabled:false},_createWidget:function(f,g){b.data(g,this.widgetName,this);this.element=b(g);this.options=b.extend(true,{},this.options,this._getCreateOptions(),f);var e=this;this.element.bind("remove."+this.widgetName,function(){e.destroy()});this._create();this._trigger("create");this._init()},_getCreateOptions:function(){return b.metadata&&b.metadata.get(this.element[0])[this.widgetName]},_create:function(){},_init:function(){},destroy:function(){this.element.unbind("."+this.widgetName).removeData(this.widgetName);this.widget().unbind("."+this.widgetName).removeAttr("aria-disabled").removeClass(this.widgetBaseClass+"-disabled ui-state-disabled")},widget:function(){return this.element},option:function(f,g){var e=f;if(arguments.length===0){return b.extend({},this.options)}if(typeof f==="string"){if(g===d){return this.options[f]}e={};e[f]=g}this._setOptions(e);return this},_setOptions:function(f){var e=this;b.each(f,function(g,h){e._setOption(g,h)});return this},_setOption:function(e,f){this.options[e]=f;if(e==="disabled"){this.widget()[f?"addClass":"removeClass"](this.widgetBaseClass+"-disabled ui-state-disabled").attr("aria-disabled",f)}return this},enable:function(){return this._setOption("disabled",false)},disable:function(){return this._setOption("disabled",true)},_trigger:function(e,f,g){var j,i,h=this.options[e];g=g||{};f=b.Event(f);f.type=(e===this.widgetEventPrefix?e:this.widgetEventPrefix+e).toLowerCase();f.target=this.element[0];i=f.originalEvent;if(i){for(j in i){if(!(j in f)){f[j]=i[j]}}}this.element.trigger(f,g);return !(b.isFunction(h)&&h.call(this.element[0],f,g)===false||f.isDefaultPrevented())}}})(jQuery);/*
- * jQuery UI Mouse 1.8.18
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI/Mouse
- *
- * Depends:
- *	jquery.ui.widget.js
- */
-(function(b,c){var a=false;b(document).mouseup(function(d){a=false});b.widget("ui.mouse",{options:{cancel:":input,option",distance:1,delay:0},_mouseInit:function(){var d=this;this.element.bind("mousedown."+this.widgetName,function(e){return d._mouseDown(e)}).bind("click."+this.widgetName,function(e){if(true===b.data(e.target,d.widgetName+".preventClickEvent")){b.removeData(e.target,d.widgetName+".preventClickEvent");e.stopImmediatePropagation();return false}});this.started=false},_mouseDestroy:function(){this.element.unbind("."+this.widgetName)},_mouseDown:function(f){if(a){return}(this._mouseStarted&&this._mouseUp(f));this._mouseDownEvent=f;var e=this,g=(f.which==1),d=(typeof this.options.cancel=="string"&&f.target.nodeName?b(f.target).closest(this.options.cancel).length:false);if(!g||d||!this._mouseCapture(f)){return true}this.mouseDelayMet=!this.options.delay;if(!this.mouseDelayMet){this._mouseDelayTimer=setTimeout(function(){e.mouseDelayMet=true},this.options.delay)}if(this._mouseDistanceMet(f)&&this._mouseDelayMet(f)){this._mouseStarted=(this._mouseStart(f)!==false);if(!this._mouseStarted){f.preventDefault();return true}}if(true===b.data(f.target,this.widgetName+".preventClickEvent")){b.removeData(f.target,this.widgetName+".preventClickEvent")}this._mouseMoveDelegate=function(h){return e._mouseMove(h)};this._mouseUpDelegate=function(h){return e._mouseUp(h)};b(document).bind("mousemove."+this.widgetName,this._mouseMoveDelegate).bind("mouseup."+this.widgetName,this._mouseUpDelegate);f.preventDefault();a=true;return true},_mouseMove:function(d){if(b.browser.msie&&!(document.documentMode>=9)&&!d.button){return this._mouseUp(d)}if(this._mouseStarted){this._mouseDrag(d);return d.preventDefault()}if(this._mouseDistanceMet(d)&&this._mouseDelayMet(d)){this._mouseStarted=(this._mouseStart(this._mouseDownEvent,d)!==false);(this._mouseStarted?this._mouseDrag(d):this._mouseUp(d))}return !this._mouseStarted},_mouseUp:function(d){b(document).unbind("mousemove."+this.widgetName,this._mouseMoveDelegate).unbind("mouseup."+this.widgetName,this._mouseUpDelegate);if(this._mouseStarted){this._mouseStarted=false;if(d.target==this._mouseDownEvent.target){b.data(d.target,this.widgetName+".preventClickEvent",true)}this._mouseStop(d)}return false},_mouseDistanceMet:function(d){return(Math.max(Math.abs(this._mouseDownEvent.pageX-d.pageX),Math.abs(this._mouseDownEvent.pageY-d.pageY))>=this.options.distance)},_mouseDelayMet:function(d){return this.mouseDelayMet},_mouseStart:function(d){},_mouseDrag:function(d){},_mouseStop:function(d){},_mouseCapture:function(d){return true}})})(jQuery);(function(c,d){c.widget("ui.resizable",c.ui.mouse,{widgetEventPrefix:"resize",options:{alsoResize:false,animate:false,animateDuration:"slow",animateEasing:"swing",aspectRatio:false,autoHide:false,containment:false,ghost:false,grid:false,handles:"e,s,se",helper:false,maxHeight:null,maxWidth:null,minHeight:10,minWidth:10,zIndex:1000},_create:function(){var f=this,k=this.options;this.element.addClass("ui-resizable");c.extend(this,{_aspectRatio:!!(k.aspectRatio),aspectRatio:k.aspectRatio,originalElement:this.element,_proportionallyResizeElements:[],_helper:k.helper||k.ghost||k.animate?k.helper||"ui-resizable-helper":null});if(this.element[0].nodeName.match(/canvas|textarea|input|select|button|img/i)){this.element.wrap(c('<div class="ui-wrapper" style="overflow: hidden;"></div>').css({position:this.element.css("position"),width:this.element.outerWidth(),height:this.element.outerHeight(),top:this.element.css("top"),left:this.element.css("left")}));this.element=this.element.parent().data("resizable",this.element.data("resizable"));this.elementIsWrapper=true;this.element.css({marginLeft:this.originalElement.css("marginLeft"),marginTop:this.originalElement.css("marginTop"),marginRight:this.originalElement.css("marginRight"),marginBottom:this.originalElement.css("marginBottom")});this.originalElement.css({marginLeft:0,marginTop:0,marginRight:0,marginBottom:0});this.originalResizeStyle=this.originalElement.css("resize");this.originalElement.css("resize","none");this._proportionallyResizeElements.push(this.originalElement.css({position:"static",zoom:1,display:"block"}));this.originalElement.css({margin:this.originalElement.css("margin")});this._proportionallyResize()}this.handles=k.handles||(!c(".ui-resizable-handle",this.element).length?"e,s,se":{n:".ui-resizable-n",e:".ui-resizable-e",s:".ui-resizable-s",w:".ui-resizable-w",se:".ui-resizable-se",sw:".ui-resizable-sw",ne:".ui-resizable-ne",nw:".ui-resizable-nw"});if(this.handles.constructor==String){if(this.handles=="all"){this.handles="n,e,s,w,se,sw,ne,nw"}var l=this.handles.split(",");this.handles={};for(var g=0;g<l.length;g++){var j=c.trim(l[g]),e="ui-resizable-"+j;var h=c('<div class="ui-resizable-handle '+e+'"></div>');if(/sw|se|ne|nw/.test(j)){h.css({zIndex:++k.zIndex})}if("se"==j){h.addClass("ui-icon ui-icon-gripsmall-diagonal-se")}this.handles[j]=".ui-resizable-"+j;this.element.append(h)}}this._renderAxis=function(q){q=q||this.element;for(var n in this.handles){if(this.handles[n].constructor==String){this.handles[n]=c(this.handles[n],this.element).show()}if(this.elementIsWrapper&&this.originalElement[0].nodeName.match(/textarea|input|select|button/i)){var o=c(this.handles[n],this.element),p=0;p=/sw|ne|nw|se|n|s/.test(n)?o.outerHeight():o.outerWidth();var m=["padding",/ne|nw|n/.test(n)?"Top":/se|sw|s/.test(n)?"Bottom":/^e$/.test(n)?"Right":"Left"].join("");q.css(m,p);this._proportionallyResize()}if(!c(this.handles[n]).length){continue}}};this._renderAxis(this.element);this._handles=c(".ui-resizable-handle",this.element).disableSelection();this._handles.mouseover(function(){if(!f.resizing){if(this.className){var i=this.className.match(/ui-resizable-(se|sw|ne|nw|n|e|s|w)/i)}f.axis=i&&i[1]?i[1]:"se"}});if(k.autoHide){this._handles.hide();c(this.element).addClass("ui-resizable-autohide").hover(function(){if(k.disabled){return}c(this).removeClass("ui-resizable-autohide");f._handles.show()},function(){if(k.disabled){return}if(!f.resizing){c(this).addClass("ui-resizable-autohide");f._handles.hide()}})}this._mouseInit()},destroy:function(){this._mouseDestroy();var e=function(g){c(g).removeClass("ui-resizable ui-resizable-disabled ui-resizable-resizing").removeData("resizable").unbind(".resizable").find(".ui-resizable-handle").remove()};if(this.elementIsWrapper){e(this.element);var f=this.element;f.after(this.originalElement.css({position:f.css("position"),width:f.outerWidth(),height:f.outerHeight(),top:f.css("top"),left:f.css("left")})).remove()}this.originalElement.css("resize",this.originalResizeStyle);e(this.originalElement);return this},_mouseCapture:function(f){var g=false;for(var e in this.handles){if(c(this.handles[e])[0]==f.target){g=true}}return !this.options.disabled&&g},_mouseStart:function(g){var j=this.options,f=this.element.position(),e=this.element;this.resizing=true;this.documentScroll={top:c(document).scrollTop(),left:c(document).scrollLeft()};if(e.is(".ui-draggable")||(/absolute/).test(e.css("position"))){e.css({position:"absolute",top:f.top,left:f.left})}this._renderProxy();var k=b(this.helper.css("left")),h=b(this.helper.css("top"));if(j.containment){k+=c(j.containment).scrollLeft()||0;h+=c(j.containment).scrollTop()||0}this.offset=this.helper.offset();this.position={left:k,top:h};this.size=this._helper?{width:e.outerWidth(),height:e.outerHeight()}:{width:e.width(),height:e.height()};this.originalSize=this._helper?{width:e.outerWidth(),height:e.outerHeight()}:{width:e.width(),height:e.height()};this.originalPosition={left:k,top:h};this.sizeDiff={width:e.outerWidth()-e.width(),height:e.outerHeight()-e.height()};this.originalMousePosition={left:g.pageX,top:g.pageY};this.aspectRatio=(typeof j.aspectRatio=="number")?j.aspectRatio:((this.originalSize.width/this.originalSize.height)||1);var i=c(".ui-resizable-"+this.axis).css("cursor");c("body").css("cursor",i=="auto"?this.axis+"-resize":i);e.addClass("ui-resizable-resizing");this._propagate("start",g);return true},_mouseDrag:function(e){var h=this.helper,g=this.options,m={},q=this,j=this.originalMousePosition,n=this.axis;var r=(e.pageX-j.left)||0,p=(e.pageY-j.top)||0;var i=this._change[n];if(!i){return false}var l=i.apply(this,[e,r,p]),k=c.browser.msie&&c.browser.version<7,f=this.sizeDiff;this._updateVirtualBoundaries(e.shiftKey);if(this._aspectRatio||e.shiftKey){l=this._updateRatio(l,e)}l=this._respectSize(l,e);this._propagate("resize",e);h.css({top:this.position.top+"px",left:this.position.left+"px",width:this.size.width+"px",height:this.size.height+"px"});if(!this._helper&&this._proportionallyResizeElements.length){this._proportionallyResize()}this._updateCache(l);this._trigger("resize",e,this.ui());return false},_mouseStop:function(h){this.resizing=false;var i=this.options,m=this;if(this._helper){var g=this._proportionallyResizeElements,e=g.length&&(/textarea/i).test(g[0].nodeName),f=e&&c.ui.hasScroll(g[0],"left")?0:m.sizeDiff.height,k=e?0:m.sizeDiff.width;var n={width:(m.helper.width()-k),height:(m.helper.height()-f)},j=(parseInt(m.element.css("left"),10)+(m.position.left-m.originalPosition.left))||null,l=(parseInt(m.element.css("top"),10)+(m.position.top-m.originalPosition.top))||null;if(!i.animate){this.element.css(c.extend(n,{top:l,left:j}))}m.helper.height(m.size.height);m.helper.width(m.size.width);if(this._helper&&!i.animate){this._proportionallyResize()}}c("body").css("cursor","auto");this.element.removeClass("ui-resizable-resizing");this._propagate("stop",h);if(this._helper){this.helper.remove()}return false},_updateVirtualBoundaries:function(g){var j=this.options,i,h,f,k,e;e={minWidth:a(j.minWidth)?j.minWidth:0,maxWidth:a(j.maxWidth)?j.maxWidth:Infinity,minHeight:a(j.minHeight)?j.minHeight:0,maxHeight:a(j.maxHeight)?j.maxHeight:Infinity};if(this._aspectRatio||g){i=e.minHeight*this.aspectRatio;f=e.minWidth/this.aspectRatio;h=e.maxHeight*this.aspectRatio;k=e.maxWidth/this.aspectRatio;if(i>e.minWidth){e.minWidth=i}if(f>e.minHeight){e.minHeight=f}if(h<e.maxWidth){e.maxWidth=h}if(k<e.maxHeight){e.maxHeight=k}}this._vBoundaries=e},_updateCache:function(e){var f=this.options;this.offset=this.helper.offset();if(a(e.left)){this.position.left=e.left}if(a(e.top)){this.position.top=e.top}if(a(e.height)){this.size.height=e.height}if(a(e.width)){this.size.width=e.width}},_updateRatio:function(h,g){var i=this.options,j=this.position,f=this.size,e=this.axis;if(a(h.height)){h.width=(h.height*this.aspectRatio)}else{if(a(h.width)){h.height=(h.width/this.aspectRatio)}}if(e=="sw"){h.left=j.left+(f.width-h.width);h.top=null}if(e=="nw"){h.top=j.top+(f.height-h.height);h.left=j.left+(f.width-h.width)}return h},_respectSize:function(l,g){var j=this.helper,i=this._vBoundaries,r=this._aspectRatio||g.shiftKey,q=this.axis,t=a(l.width)&&i.maxWidth&&(i.maxWidth<l.width),m=a(l.height)&&i.maxHeight&&(i.maxHeight<l.height),h=a(l.width)&&i.minWidth&&(i.minWidth>l.width),s=a(l.height)&&i.minHeight&&(i.minHeight>l.height);if(h){l.width=i.minWidth}if(s){l.height=i.minHeight}if(t){l.width=i.maxWidth}if(m){l.height=i.maxHeight}var f=this.originalPosition.left+this.originalSize.width,p=this.position.top+this.size.height;var k=/sw|nw|w/.test(q),e=/nw|ne|n/.test(q);if(h&&k){l.left=f-i.minWidth}if(t&&k){l.left=f-i.maxWidth}if(s&&e){l.top=p-i.minHeight}if(m&&e){l.top=p-i.maxHeight}var n=!l.width&&!l.height;if(n&&!l.left&&l.top){l.top=null}else{if(n&&!l.top&&l.left){l.left=null}}return l},_proportionallyResize:function(){var k=this.options;if(!this._proportionallyResizeElements.length){return}var g=this.helper||this.element;for(var f=0;f<this._proportionallyResizeElements.length;f++){var h=this._proportionallyResizeElements[f];if(!this.borderDif){var e=[h.css("borderTopWidth"),h.css("borderRightWidth"),h.css("borderBottomWidth"),h.css("borderLeftWidth")],j=[h.css("paddingTop"),h.css("paddingRight"),h.css("paddingBottom"),h.css("paddingLeft")];this.borderDif=c.map(e,function(l,n){var m=parseInt(l,10)||0,o=parseInt(j[n],10)||0;return m+o})}if(c.browser.msie&&!(!(c(g).is(":hidden")||c(g).parents(":hidden").length))){continue}h.css({height:(g.height()-this.borderDif[0]-this.borderDif[2])||0,width:(g.width()-this.borderDif[1]-this.borderDif[3])||0})}},_renderProxy:function(){var f=this.element,i=this.options;this.elementOffset=f.offset();if(this._helper){this.helper=this.helper||c('<div style="overflow:hidden;"></div>');var e=c.browser.msie&&c.browser.version<7,g=(e?1:0),h=(e?2:-1);this.helper.addClass(this._helper).css({width:this.element.outerWidth()+h,height:this.element.outerHeight()+h,position:"absolute",left:this.elementOffset.left-g+"px",top:this.elementOffset.top-g+"px",zIndex:++i.zIndex});this.helper.appendTo("body").disableSelection()}else{this.helper=this.element}},_change:{e:function(g,f,e){return{width:this.originalSize.width+f}},w:function(h,f,e){var j=this.options,g=this.originalSize,i=this.originalPosition;return{left:i.left+f,width:g.width-f}},n:function(h,f,e){var j=this.options,g=this.originalSize,i=this.originalPosition;return{top:i.top+e,height:g.height-e}},s:function(g,f,e){return{height:this.originalSize.height+e}},se:function(g,f,e){return c.extend(this._change.s.apply(this,arguments),this._change.e.apply(this,[g,f,e]))},sw:function(g,f,e){return c.extend(this._change.s.apply(this,arguments),this._change.w.apply(this,[g,f,e]))},ne:function(g,f,e){return c.extend(this._change.n.apply(this,arguments),this._change.e.apply(this,[g,f,e]))},nw:function(g,f,e){return c.extend(this._change.n.apply(this,arguments),this._change.w.apply(this,[g,f,e]))}},_propagate:function(f,e){c.ui.plugin.call(this,f,[e,this.ui()]);(f!="resize"&&this._trigger(f,e,this.ui()))},plugins:{},ui:function(){return{originalElement:this.originalElement,element:this.element,helper:this.helper,position:this.position,size:this.size,originalSize:this.originalSize,originalPosition:this.originalPosition}}});c.extend(c.ui.resizable,{version:"1.8.18"});c.ui.plugin.add("resizable","alsoResize",{start:function(f,g){var e=c(this).data("resizable"),i=e.options;var h=function(j){c(j).each(function(){var k=c(this);k.data("resizable-alsoresize",{width:parseInt(k.width(),10),height:parseInt(k.height(),10),left:parseInt(k.css("left"),10),top:parseInt(k.css("top"),10)})})};if(typeof(i.alsoResize)=="object"&&!i.alsoResize.parentNode){if(i.alsoResize.length){i.alsoResize=i.alsoResize[0];h(i.alsoResize)}else{c.each(i.alsoResize,function(j){h(j)})}}else{h(i.alsoResize)}},resize:function(g,i){var f=c(this).data("resizable"),j=f.options,h=f.originalSize,l=f.originalPosition;var k={height:(f.size.height-h.height)||0,width:(f.size.width-h.width)||0,top:(f.position.top-l.top)||0,left:(f.position.left-l.left)||0},e=function(m,n){c(m).each(function(){var q=c(this),r=c(this).data("resizable-alsoresize"),p={},o=n&&n.length?n:q.parents(i.originalElement[0]).length?["width","height"]:["width","height","top","left"];c.each(o,function(s,u){var t=(r[u]||0)+(k[u]||0);if(t&&t>=0){p[u]=t||null}});q.css(p)})};if(typeof(j.alsoResize)=="object"&&!j.alsoResize.nodeType){c.each(j.alsoResize,function(m,n){e(m,n)})}else{e(j.alsoResize)}},stop:function(e,f){c(this).removeData("resizable-alsoresize")}});c.ui.plugin.add("resizable","animate",{stop:function(i,n){var p=c(this).data("resizable"),j=p.options;var h=p._proportionallyResizeElements,e=h.length&&(/textarea/i).test(h[0].nodeName),f=e&&c.ui.hasScroll(h[0],"left")?0:p.sizeDiff.height,l=e?0:p.sizeDiff.width;var g={width:(p.size.width-l),height:(p.size.height-f)},k=(parseInt(p.element.css("left"),10)+(p.position.left-p.originalPosition.left))||null,m=(parseInt(p.element.css("top"),10)+(p.position.top-p.originalPosition.top))||null;p.element.animate(c.extend(g,m&&k?{top:m,left:k}:{}),{duration:j.animateDuration,easing:j.animateEasing,step:function(){var o={width:parseInt(p.element.css("width"),10),height:parseInt(p.element.css("height"),10),top:parseInt(p.element.css("top"),10),left:parseInt(p.element.css("left"),10)};if(h&&h.length){c(h[0]).css({width:o.width,height:o.height})}p._updateCache(o);p._propagate("resize",i)}})}});c.ui.plugin.add("resizable","containment",{start:function(f,r){var t=c(this).data("resizable"),j=t.options,l=t.element;var g=j.containment,k=(g instanceof c)?g.get(0):(/parent/.test(g))?l.parent().get(0):g;if(!k){return}t.containerElement=c(k);if(/document/.test(g)||g==document){t.containerOffset={left:0,top:0};t.containerPosition={left:0,top:0};t.parentData={element:c(document),left:0,top:0,width:c(document).width(),height:c(document).height()||document.body.parentNode.scrollHeight}}else{var n=c(k),i=[];c(["Top","Right","Left","Bottom"]).each(function(p,o){i[p]=b(n.css("padding"+o))});t.containerOffset=n.offset();t.containerPosition=n.position();t.containerSize={height:(n.innerHeight()-i[3]),width:(n.innerWidth()-i[1])};var q=t.containerOffset,e=t.containerSize.height,m=t.containerSize.width,h=(c.ui.hasScroll(k,"left")?k.scrollWidth:m),s=(c.ui.hasScroll(k)?k.scrollHeight:e);t.parentData={element:k,left:q.left,top:q.top,width:h,height:s}}},resize:function(g,q){var t=c(this).data("resizable"),i=t.options,f=t.containerSize,p=t.containerOffset,m=t.size,n=t.position,r=t._aspectRatio||g.shiftKey,e={top:0,left:0},h=t.containerElement;if(h[0]!=document&&(/static/).test(h.css("position"))){e=p}if(n.left<(t._helper?p.left:0)){t.size.width=t.size.width+(t._helper?(t.position.left-p.left):(t.position.left-e.left));if(r){t.size.height=t.size.width/i.aspectRatio}t.position.left=i.helper?p.left:0}if(n.top<(t._helper?p.top:0)){t.size.height=t.size.height+(t._helper?(t.position.top-p.top):t.position.top);if(r){t.size.width=t.size.height*i.aspectRatio}t.position.top=t._helper?p.top:0}t.offset.left=t.parentData.left+t.position.left;t.offset.top=t.parentData.top+t.position.top;var l=Math.abs((t._helper?t.offset.left-e.left:(t.offset.left-e.left))+t.sizeDiff.width),s=Math.abs((t._helper?t.offset.top-e.top:(t.offset.top-p.top))+t.sizeDiff.height);var k=t.containerElement.get(0)==t.element.parent().get(0),j=/relative|absolute/.test(t.containerElement.css("position"));if(k&&j){l-=t.parentData.left}if(l+t.size.width>=t.parentData.width){t.size.width=t.parentData.width-l;if(r){t.size.height=t.size.width/t.aspectRatio}}if(s+t.size.height>=t.parentData.height){t.size.height=t.parentData.height-s;if(r){t.size.width=t.size.height*t.aspectRatio}}},stop:function(f,n){var q=c(this).data("resizable"),g=q.options,l=q.position,m=q.containerOffset,e=q.containerPosition,i=q.containerElement;var j=c(q.helper),r=j.offset(),p=j.outerWidth()-q.sizeDiff.width,k=j.outerHeight()-q.sizeDiff.height;if(q._helper&&!g.animate&&(/relative/).test(i.css("position"))){c(this).css({left:r.left-e.left-m.left,width:p,height:k})}if(q._helper&&!g.animate&&(/static/).test(i.css("position"))){c(this).css({left:r.left-e.left-m.left,width:p,height:k})}}});c.ui.plugin.add("resizable","ghost",{start:function(g,h){var e=c(this).data("resizable"),i=e.options,f=e.size;e.ghost=e.originalElement.clone();e.ghost.css({opacity:0.25,display:"block",position:"relative",height:f.height,width:f.width,margin:0,left:0,top:0}).addClass("ui-resizable-ghost").addClass(typeof i.ghost=="string"?i.ghost:"");e.ghost.appendTo(e.helper)},resize:function(f,g){var e=c(this).data("resizable"),h=e.options;if(e.ghost){e.ghost.css({position:"relative",height:e.size.height,width:e.size.width})}},stop:function(f,g){var e=c(this).data("resizable"),h=e.options;if(e.ghost&&e.helper){e.helper.get(0).removeChild(e.ghost.get(0))}}});c.ui.plugin.add("resizable","grid",{resize:function(e,m){var p=c(this).data("resizable"),h=p.options,k=p.size,i=p.originalSize,j=p.originalPosition,n=p.axis,l=h._aspectRatio||e.shiftKey;h.grid=typeof h.grid=="number"?[h.grid,h.grid]:h.grid;var g=Math.round((k.width-i.width)/(h.grid[0]||1))*(h.grid[0]||1),f=Math.round((k.height-i.height)/(h.grid[1]||1))*(h.grid[1]||1);if(/^(se|s|e)$/.test(n)){p.size.width=i.width+g;p.size.height=i.height+f}else{if(/^(ne)$/.test(n)){p.size.width=i.width+g;p.size.height=i.height+f;p.position.top=j.top-f}else{if(/^(sw)$/.test(n)){p.size.width=i.width+g;p.size.height=i.height+f;p.position.left=j.left-g}else{p.size.width=i.width+g;p.size.height=i.height+f;p.position.top=j.top-f;p.position.left=j.left-g}}}}});var b=function(e){return parseInt(e,10)||0};var a=function(e){return !isNaN(parseInt(e,10))}})(jQuery);/*
- * jQuery hashchange event - v1.3 - 7/21/2010
- * http://benalman.com/projects/jquery-hashchange-plugin/
- * 
- * Copyright (c) 2010 "Cowboy" Ben Alman
- * Dual licensed under the MIT and GPL licenses.
- * http://benalman.com/about/license/
- */
-(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.href.replace(/#.*/,"")+q}}p=setTimeout(n,$.fn[c].delay)}$.browser.msie&&!d&&(function(){var q,r;j.start=function(){if(!q){r=$.fn[c].src;r=r&&r+a();q=$('<iframe tabindex="-1" title="empty"/>').hide().one("load",function(){r||l(a());n()}).attr("src",r||"javascript:0").insertAfter("body")[0].contentWindow;h.onpropertychange=function(){try{if(event.propertyName==="title"){q.document.title=h.title}}catch(s){}}}};j.stop=k;o=function(){return a(q.location.href)};l=function(v,s){var u=q.document,t=$.fn[c].domain;if(v!==s){u.title=h.title;u.open();t&&u.write('<script>document.domain="'+t+'"<\/script>');u.close();q.location.hash=v}}})();return j})()})(jQuery,this);(function(c){var a=c.scrollTo=function(f,e,d){c(window).scrollTo(f,e,d)};a.defaults={axis:"xy",duration:parseFloat(c.fn.jquery)>=1.3?0:1};a.window=function(d){return c(window)._scrollable()};c.fn._scrollable=function(){return this.map(function(){var e=this,d=!e.nodeName||c.inArray(e.nodeName.toLowerCase(),["iframe","#document","html","body"])!=-1;if(!d){return e}var f=(e.contentWindow||e).document||e.ownerDocument||e;return c.browser.safari||f.compatMode=="BackCompat"?f.body:f.documentElement})};c.fn.scrollTo=function(f,e,d){if(typeof e=="object"){d=e;e=0}if(typeof d=="function"){d={onAfter:d}}if(f=="max"){f=9000000000}d=c.extend({},a.defaults,d);e=e||d.speed||d.duration;d.queue=d.queue&&d.axis.length>1;if(d.queue){e/=2}d.offset=b(d.offset);d.over=b(d.over);return this._scrollable().each(function(){var l=this,j=c(l),k=f,i,g={},m=j.is("html,body");switch(typeof k){case"number":case"string":if(/^([+-]=)?\d+(\.\d+)?(px|%)?$/.test(k)){k=b(k);break}k=c(k,this);case"object":if(k.is||k.style){i=(k=c(k)).offset()}}c.each(d.axis.split(""),function(q,r){var s=r=="x"?"Left":"Top",u=s.toLowerCase(),p="scroll"+s,o=l[p],n=a.max(l,r);if(i){g[p]=i[u]+(m?0:o-j.offset()[u]);if(d.margin){g[p]-=parseInt(k.css("margin"+s))||0;g[p]-=parseInt(k.css("border"+s+"Width"))||0}g[p]+=d.offset[u]||0;if(d.over[u]){g[p]+=k[r=="x"?"width":"height"]()*d.over[u]}}else{var t=k[u];g[p]=t.slice&&t.slice(-1)=="%"?parseFloat(t)/100*n:t}if(/^\d+$/.test(g[p])){g[p]=g[p]<=0?0:Math.min(g[p],n)}if(!q&&d.queue){if(o!=g[p]){h(d.onAfterFirst)}delete g[p]}});h(d.onAfter);function h(n){j.animate(g,e,d.easing,n&&function(){n.call(this,f,d)})}}).end()};a.max=function(j,i){var h=i=="x"?"Width":"Height",e="scroll"+h;if(!c(j).is("html,body")){return j[e]-c(j)[h.toLowerCase()]()}var g="client"+h,f=j.ownerDocument.documentElement,d=j.ownerDocument.body;return Math.max(f[e],d[e])-Math.min(f[g],d[g])};function b(d){return typeof d=="object"?d:{top:d,left:d}}})(jQuery);/*
- PowerTip - v1.2.0 - 2013-04-03
- http://stevenbenner.github.com/jquery-powertip/
- Copyright (c) 2013 Steven Benner (http://stevenbenner.com/).
- Released under MIT license.
- https://raw.github.com/stevenbenner/jquery-powertip/master/LICENSE.txt
-*/
-(function(a){if(typeof define==="function"&&define.amd){define(["jquery"],a)}else{a(jQuery)}}(function(k){var A=k(document),s=k(window),w=k("body");var n="displayController",e="hasActiveHover",d="forcedOpen",u="hasMouseMove",f="mouseOnToPopup",g="originalTitle",y="powertip",o="powertipjq",l="powertiptarget",E=180/Math.PI;var c={isTipOpen:false,isFixedTipOpen:false,isClosing:false,tipOpenImminent:false,activeHover:null,currentX:0,currentY:0,previousX:0,previousY:0,desyncTimeout:null,mouseTrackingActive:false,delayInProgress:false,windowWidth:0,windowHeight:0,scrollTop:0,scrollLeft:0};var p={none:0,top:1,bottom:2,left:4,right:8};k.fn.powerTip=function(F,N){if(!this.length){return this}if(k.type(F)==="string"&&k.powerTip[F]){return k.powerTip[F].call(this,this,N)}var O=k.extend({},k.fn.powerTip.defaults,F),G=new x(O);h();this.each(function M(){var R=k(this),Q=R.data(y),P=R.data(o),T=R.data(l),S;if(R.data(n)){k.powerTip.destroy(R)}S=R.attr("title");if(!Q&&!T&&!P&&S){R.data(y,S);R.data(g,S);R.removeAttr("title")}R.data(n,new t(R,O,G))});if(!O.manual){this.on({"mouseenter.powertip":function J(P){k.powerTip.show(this,P)},"mouseleave.powertip":function L(){k.powerTip.hide(this)},"focus.powertip":function K(){k.powerTip.show(this)},"blur.powertip":function H(){k.powerTip.hide(this,true)},"keydown.powertip":function I(P){if(P.keyCode===27){k.powerTip.hide(this,true)}}})}return this};k.fn.powerTip.defaults={fadeInTime:200,fadeOutTime:100,followMouse:false,popupId:"powerTip",intentSensitivity:7,intentPollInterval:100,closeDelay:100,placement:"n",smartPlacement:false,offset:10,mouseOnToPopup:false,manual:false};k.fn.powerTip.smartPlacementLists={n:["n","ne","nw","s"],e:["e","ne","se","w","nw","sw","n","s","e"],s:["s","se","sw","n"],w:["w","nw","sw","e","ne","se","n","s","w"],nw:["nw","w","sw","n","s","se","nw"],ne:["ne","e","se","n","s","sw","ne"],sw:["sw","w","nw","s","n","ne","sw"],se:["se","e","ne","s","n","nw","se"],"nw-alt":["nw-alt","n","ne-alt","sw-alt","s","se-alt","w","e"],"ne-alt":["ne-alt","n","nw-alt","se-alt","s","sw-alt","e","w"],"sw-alt":["sw-alt","s","se-alt","nw-alt","n","ne-alt","w","e"],"se-alt":["se-alt","s","sw-alt","ne-alt","n","nw-alt","e","w"]};k.powerTip={show:function z(F,G){if(G){i(G);c.previousX=G.pageX;c.previousY=G.pageY;k(F).data(n).show()}else{k(F).first().data(n).show(true,true)}return F},reposition:function r(F){k(F).first().data(n).resetPosition();return F},hide:function D(G,F){if(G){k(G).first().data(n).hide(F)}else{if(c.activeHover){c.activeHover.data(n).hide(true)}}return G},destroy:function C(G){k(G).off(".powertip").each(function F(){var I=k(this),H=[g,n,e,d];if(I.data(g)){I.attr("title",I.data(g));H.push(y)}I.removeData(H)});return G}};k.powerTip.showTip=k.powerTip.show;k.powerTip.closeTip=k.powerTip.hide;function b(){var F=this;F.top="auto";F.left="auto";F.right="auto";F.bottom="auto";F.set=function(H,G){if(k.isNumeric(G)){F[H]=Math.round(G)}}}function t(K,N,F){var J=null;function L(P,Q){M();if(!K.data(e)){if(!P){c.tipOpenImminent=true;J=setTimeout(function O(){J=null;I()},N.intentPollInterval)}else{if(Q){K.data(d,true)}F.showTip(K)}}}function G(P){M();c.tipOpenImminent=false;if(K.data(e)){K.data(d,false);if(!P){c.delayInProgress=true;J=setTimeout(function O(){J=null;F.hideTip(K);c.delayInProgress=false},N.closeDelay)}else{F.hideTip(K)}}}function I(){var Q=Math.abs(c.previousX-c.currentX),O=Math.abs(c.previousY-c.currentY),P=Q+O;if(P<N.intentSensitivity){F.showTip(K)}else{c.previousX=c.currentX;c.previousY=c.currentY;L()}}function M(){J=clearTimeout(J);c.delayInProgress=false}function H(){F.resetPosition(K)}this.show=L;this.hide=G;this.cancel=M;this.resetPosition=H}function j(){function G(M,L,J,O,P){var K=L.split("-")[0],N=new b(),I;if(q(M)){I=H(M,K)}else{I=F(M,K)}switch(L){case"n":N.set("left",I.left-(J/2));N.set("bottom",c.windowHeight-I.top+P);break;case"e":N.set("left",I.left+P);N.set("top",I.top-(O/2));break;case"s":N.set("left",I.left-(J/2));N.set("top",I.top+P);break;case"w":N.set("top",I.top-(O/2));N.set("right",c.windowWidth-I.left+P);break;case"nw":N.set("bottom",c.windowHeight-I.top+P);N.set("right",c.windowWidth-I.left-20);break;case"nw-alt":N.set("left",I.left);N.set("bottom",c.windowHeight-I.top+P);break;case"ne":N.set("left",I.left-20);N.set("bottom",c.windowHeight-I.top+P);break;case"ne-alt":N.set("bottom",c.windowHeight-I.top+P);N.set("right",c.windowWidth-I.left);break;case"sw":N.set("top",I.top+P);N.set("right",c.windowWidth-I.left-20);break;case"sw-alt":N.set("left",I.left);N.set("top",I.top+P);break;case"se":N.set("left",I.left-20);N.set("top",I.top+P);break;case"se-alt":N.set("top",I.top+P);N.set("right",c.windowWidth-I.left);break}return N}function F(K,J){var O=K.offset(),N=K.outerWidth(),I=K.outerHeight(),M,L;switch(J){case"n":M=O.left+N/2;L=O.top;break;case"e":M=O.left+N;L=O.top+I/2;break;case"s":M=O.left+N/2;L=O.top+I;break;case"w":M=O.left;L=O.top+I/2;break;case"nw":M=O.left;L=O.top;break;case"ne":M=O.left+N;L=O.top;break;case"sw":M=O.left;L=O.top+I;break;case"se":M=O.left+N;L=O.top+I;break}return{top:L,left:M}}function H(O,K){var S=O.closest("svg")[0],N=O[0],W=S.createSVGPoint(),L=N.getBBox(),V=N.getScreenCTM(),M=L.width/2,Q=L.height/2,P=[],I=["nw","n","ne","e","se","s","sw","w"],U,X,R,T;function J(){P.push(W.matrixTransform(V))}W.x=L.x;W.y=L.y;J();W.x+=M;J();W.x+=M;J();W.y+=Q;J();W.y+=Q;J();W.x-=M;J();W.x-=M;J();W.y-=Q;J();if(P[0].y!==P[1].y||P[0].x!==P[7].x){X=Math.atan2(V.b,V.a)*E;R=Math.ceil(((X%360)-22.5)/45);if(R<1){R+=8}while(R--){I.push(I.shift())}}for(T=0;T<P.length;T++){if(I[T]===K){U=P[T];break}}return{top:U.y+c.scrollTop,left:U.x+c.scrollLeft}}this.compute=G}function x(Q){var P=new j(),O=k("#"+Q.popupId);if(O.length===0){O=k("<div/>",{id:Q.popupId});if(w.length===0){w=k("body")}w.append(O)}if(Q.followMouse){if(!O.data(u)){A.on("mousemove",M);s.on("scroll",M);O.data(u,true)}}if(Q.mouseOnToPopup){O.on({mouseenter:function L(){if(O.data(f)){if(c.activeHover){c.activeHover.data(n).cancel()}}},mouseleave:function N(){if(c.activeHover){c.activeHover.data(n).hide()}}})}function I(S){S.data(e,true);O.queue(function R(T){H(S);T()})}function H(S){var U;if(!S.data(e)){return}if(c.isTipOpen){if(!c.isClosing){K(c.activeHover)}O.delay(100).queue(function R(V){H(S);V()});return}S.trigger("powerTipPreRender");U=B(S);if(U){O.empty().append(U)}else{return}S.trigger("powerTipRender");c.activeHover=S;c.isTipOpen=true;O.data(f,Q.mouseOnToPopup);if(!Q.followMouse){G(S);c.isFixedTipOpen=true}else{M()}O.fadeIn(Q.fadeInTime,function T(){if(!c.desyncTimeout){c.desyncTimeout=setInterval(J,500)}S.trigger("powerTipOpen")})}function K(R){c.isClosing=true;c.activeHover=null;c.isTipOpen=false;c.desyncTimeout=clearInterval(c.desyncTimeout);R.data(e,false);R.data(d,false);O.fadeOut(Q.fadeOutTime,function S(){var T=new b();c.isClosing=false;c.isFixedTipOpen=false;O.removeClass();T.set("top",c.currentY+Q.offset);T.set("left",c.currentX+Q.offset);O.css(T);R.trigger("powerTipClose")})}function M(){if(!c.isFixedTipOpen&&(c.isTipOpen||(c.tipOpenImminent&&O.data(u)))){var R=O.outerWidth(),V=O.outerHeight(),U=new b(),S,T;U.set("top",c.currentY+Q.offset);U.set("left",c.currentX+Q.offset);S=m(U,R,V);if(S!==p.none){T=a(S);if(T===1){if(S===p.right){U.set("left",c.windowWidth-R)}else{if(S===p.bottom){U.set("top",c.scrollTop+c.windowHeight-V)}}}else{U.set("left",c.currentX-R-Q.offset);U.set("top",c.currentY-V-Q.offset)}}O.css(U)}}function G(S){var R,T;if(Q.smartPlacement){R=k.fn.powerTip.smartPlacementLists[Q.placement];k.each(R,function(U,W){var V=m(F(S,W),O.outerWidth(),O.outerHeight());T=W;if(V===p.none){return false}})}else{F(S,Q.placement);T=Q.placement}O.addClass(T)}function F(U,T){var R=0,S,W,V=new b();V.set("top",0);V.set("left",0);O.css(V);do{S=O.outerWidth();W=O.outerHeight();V=P.compute(U,T,S,W,Q.offset);O.css(V)}while(++R<=5&&(S!==O.outerWidth()||W!==O.outerHeight()));return V}function J(){var R=false;if(c.isTipOpen&&!c.isClosing&&!c.delayInProgress){if(c.activeHover.data(e)===false||c.activeHover.is(":disabled")){R=true}else{if(!v(c.activeHover)&&!c.activeHover.is(":focus")&&!c.activeHover.data(d)){if(O.data(f)){if(!v(O)){R=true}}else{R=true}}}if(R){K(c.activeHover)}}}this.showTip=I;this.hideTip=K;this.resetPosition=G}function q(F){return window.SVGElement&&F[0] instanceof SVGElement}function h(){if(!c.mouseTrackingActive){c.mouseTrackingActive=true;k(function H(){c.scrollLeft=s.scrollLeft();c.scrollTop=s.scrollTop();c.windowWidth=s.width();c.windowHeight=s.height()});A.on("mousemove",i);s.on({resize:function G(){c.windowWidth=s.width();c.windowHeight=s.height()},scroll:function F(){var I=s.scrollLeft(),J=s.scrollTop();if(I!==c.scrollLeft){c.currentX+=I-c.scrollLeft;c.scrollLeft=I}if(J!==c.scrollTop){c.currentY+=J-c.scrollTop;c.scrollTop=J}}})}}function i(F){c.currentX=F.pageX;c.currentY=F.pageY}function v(F){var H=F.offset(),J=F[0].getBoundingClientRect(),I=J.right-J.left,G=J.bottom-J.top;return c.currentX>=H.left&&c.currentX<=H.left+I&&c.currentY>=H.top&&c.currentY<=H.top+G}function B(I){var G=I.data(y),F=I.data(o),K=I.data(l),H,J;if(G){if(k.isFunction(G)){G=G.call(I[0])}J=G}else{if(F){if(k.isFunction(F)){F=F.call(I[0])}if(F.length>0){J=F.clone(true,true)}}else{if(K){H=k("#"+K);if(H.length>0){J=H.html()}}}}return J}function m(M,L,K){var G=c.scrollTop,J=c.scrollLeft,I=G+c.windowHeight,F=J+c.windowWidth,H=p.none;if(M.top<G||Math.abs(M.bottom-c.windowHeight)-K<G){H|=p.top}if(M.top+K>I||Math.abs(M.bottom-c.windowHeight)>I){H|=p.bottom}if(M.left<J||M.right+L>F){H|=p.left}if(M.left+L>F||M.right<J){H|=p.right}return H}function a(G){var F=0;while(G){G&=G-1;F++}return F}}));
\ No newline at end of file
diff --git a/docs/html/modules.html b/docs/html/modules.html
deleted file mode 100644
index b78fe83..0000000
--- a/docs/html/modules.html
+++ /dev/null
@@ -1,111 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Modules</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li class="current"><a href="modules.html"><span>Modules</span></a></li>
-      <li><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-</div><!-- top -->
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-<div class="header">
-  <div class="headertitle">
-<div class="title">Modules</div>  </div>
-</div><!--header-->
-<div class="contents">
-<div class="textblock">Here is a list of all modules:</div><div class="directory">
-<table class="directory">
-<tr id="row_0_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__platform.html" target="_self">Implementation-specific definitions</a></td><td class="desc"></td></tr>
-<tr id="row_1_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__initialization.html" target="_self">Library initialization</a></td><td class="desc"></td></tr>
-<tr id="row_2_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__policy.html" target="_self">Key policies</a></td><td class="desc"></td></tr>
-<tr id="row_3_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__key__management.html" target="_self">Key management</a></td><td class="desc"></td></tr>
-<tr id="row_4_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__import__export.html" target="_self">Key import and export</a></td><td class="desc"></td></tr>
-<tr id="row_5_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__hash.html" target="_self">Message digests</a></td><td class="desc"></td></tr>
-<tr id="row_6_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__MAC.html" target="_self">Message authentication codes</a></td><td class="desc"></td></tr>
-<tr id="row_7_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__cipher.html" target="_self">Symmetric ciphers</a></td><td class="desc"></td></tr>
-<tr id="row_8_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__aead.html" target="_self">Authenticated encryption with associated data (AEAD)</a></td><td class="desc"></td></tr>
-<tr id="row_9_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__asymmetric.html" target="_self">Asymmetric cryptography</a></td><td class="desc"></td></tr>
-<tr id="row_10_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__generators.html" target="_self">Generators</a></td><td class="desc"></td></tr>
-<tr id="row_11_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__derivation.html" target="_self">Key derivation</a></td><td class="desc"></td></tr>
-<tr id="row_12_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__random.html" target="_self">Random generation</a></td><td class="desc"></td></tr>
-<tr id="row_13_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__error.html" target="_self">Error codes</a></td><td class="desc"></td></tr>
-<tr id="row_14_" class="even"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__crypto__types.html" target="_self">Key and algorithm types</a></td><td class="desc"></td></tr>
-<tr id="row_15_"><td class="entry"><span style="width:16px;display:inline-block;">&#160;</span><a class="el" href="group__key__lifetimes.html" target="_self">Key lifetimes</a></td><td class="desc"></td></tr>
-</table>
-</div><!-- directory -->
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/nav_f.png b/docs/html/nav_f.png
deleted file mode 100644
index 72a58a5..0000000
--- a/docs/html/nav_f.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/nav_g.png b/docs/html/nav_g.png
deleted file mode 100644
index 2093a23..0000000
--- a/docs/html/nav_g.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/nav_h.png b/docs/html/nav_h.png
deleted file mode 100644
index 33389b1..0000000
--- a/docs/html/nav_h.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/objects.inv b/docs/html/objects.inv
new file mode 100644
index 0000000..2df1e5e
--- /dev/null
+++ b/docs/html/objects.inv
Binary files differ
diff --git a/docs/html/open.png b/docs/html/open.png
deleted file mode 100644
index 30f75c7..0000000
--- a/docs/html/open.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/psa_c-identifiers.html b/docs/html/psa_c-identifiers.html
new file mode 100644
index 0000000..ddc3b8e
--- /dev/null
+++ b/docs/html/psa_c-identifiers.html
@@ -0,0 +1,2066 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Index of C identifiers &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript" src="_static/jquery.js"></script>
+    <script type="text/javascript" src="_static/underscore.js"></script>
+    <script type="text/javascript" src="_static/doctools.js"></script>
+    <script type="text/javascript" src="_static/language_data.js"></script>
+    <link rel="index" title="Index" href="genindex.html" />
+    <link rel="search" title="Search" href="search.html" />
+
+   
+  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
+  
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+
+
+  </head><body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          
+
+          <div class="body" role="main">
+            
+
+   <h1>Index of C identifiers</h1>
+
+   <div class="modindex-jumpbox">
+   <a href="#cap-PSA_A"><strong>PSA_A</strong></a> | 
+   <a href="#cap-PSA_B"><strong>PSA_B</strong></a> | 
+   <a href="#cap-PSA_C"><strong>PSA_C</strong></a> | 
+   <a href="#cap-PSA_D"><strong>PSA_D</strong></a> | 
+   <a href="#cap-PSA_E"><strong>PSA_E</strong></a> | 
+   <a href="#cap-PSA_G"><strong>PSA_G</strong></a> | 
+   <a href="#cap-PSA_H"><strong>PSA_H</strong></a> | 
+   <a href="#cap-PSA_I"><strong>PSA_I</strong></a> | 
+   <a href="#cap-PSA_K"><strong>PSA_K</strong></a> | 
+   <a href="#cap-PSA_M"><strong>PSA_M</strong></a> | 
+   <a href="#cap-PSA_O"><strong>PSA_O</strong></a> | 
+   <a href="#cap-PSA_R"><strong>PSA_R</strong></a> | 
+   <a href="#cap-PSA_S"><strong>PSA_S</strong></a> | 
+   <a href="#cap-PSA_V"><strong>PSA_V</strong></a> | 
+   <a href="#cap-PSA__"><strong>PSA__</strong></a>
+   </div>
+
+   <table class="indextable modindextable">
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_A"><td></td><td>
+       <strong>PSA_A</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_OPERATION_INIT"><code class="xref">PSA_AEAD_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_TAG_LENGTH"><code class="xref">PSA_AEAD_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_TAG_LENGTH_OFFSET"><code class="xref">PSA_AEAD_TAG_LENGTH_OFFSET</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_AEAD_FROM_BLOCK_FLAG"><code class="xref">PSA_ALG_AEAD_FROM_BLOCK_FLAG</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_AEAD_TAG_LENGTH_MASK"><code class="xref">PSA_ALG_AEAD_TAG_LENGTH_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"><code class="xref">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_AEAD_WITH_TAG_LENGTH"><code class="xref">PSA_ALG_AEAD_WITH_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_ANY_HASH"><code class="xref">PSA_ALG_ANY_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_ARC4"><code class="xref">PSA_ALG_ARC4</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_AEAD"><code class="xref">PSA_ALG_CATEGORY_AEAD</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"><code class="xref">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_CIPHER"><code class="xref">PSA_ALG_CATEGORY_CIPHER</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_HASH"><code class="xref">PSA_ALG_CATEGORY_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_AGREEMENT"><code class="xref">PSA_ALG_CATEGORY_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_DERIVATION"><code class="xref">PSA_ALG_CATEGORY_KEY_DERIVATION</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_MAC"><code class="xref">PSA_ALG_CATEGORY_MAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_MASK"><code class="xref">PSA_ALG_CATEGORY_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CATEGORY_SIGN"><code class="xref">PSA_ALG_CATEGORY_SIGN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CBC_MAC"><code class="xref">PSA_ALG_CBC_MAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CBC_NO_PADDING"><code class="xref">PSA_ALG_CBC_NO_PADDING</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CBC_PKCS7"><code class="xref">PSA_ALG_CBC_PKCS7</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CCM"><code class="xref">PSA_ALG_CCM</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CFB"><code class="xref">PSA_ALG_CFB</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CHACHA20"><code class="xref">PSA_ALG_CHACHA20</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CHACHA20_POLY1305"><code class="xref">PSA_ALG_CHACHA20_POLY1305</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CIPHER_FROM_BLOCK_FLAG"><code class="xref">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CIPHER_MAC_BASE"><code class="xref">PSA_ALG_CIPHER_MAC_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CIPHER_STREAM_FLAG"><code class="xref">PSA_ALG_CIPHER_STREAM_FLAG</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CMAC"><code class="xref">PSA_ALG_CMAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_CTR"><code class="xref">PSA_ALG_CTR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA_BASE"><code class="xref">PSA_ALG_DETERMINISTIC_ECDSA_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_ECDH"><code class="xref">PSA_ALG_ECDH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_ECDSA"><code class="xref">PSA_ALG_ECDSA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_ECDSA_ANY"><code class="xref">PSA_ALG_ECDSA_ANY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_ECDSA_BASE"><code class="xref">PSA_ALG_ECDSA_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_ECDSA_IS_DETERMINISTIC"><code class="xref">PSA_ALG_ECDSA_IS_DETERMINISTIC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_FFDH"><code class="xref">PSA_ALG_FFDH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_FULL_LENGTH_MAC"><code class="xref">PSA_ALG_FULL_LENGTH_MAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_GCM"><code class="xref">PSA_ALG_GCM</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_GMAC"><code class="xref">PSA_ALG_GMAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_HASH_MASK"><code class="xref">PSA_ALG_HASH_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_HKDF"><code class="xref">PSA_ALG_HKDF</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_HKDF_BASE"><code class="xref">PSA_ALG_HKDF_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_HKDF_GET_HASH"><code class="xref">PSA_ALG_HKDF_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_HMAC"><code class="xref">PSA_ALG_HMAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_HMAC_BASE"><code class="xref">PSA_ALG_HMAC_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_HMAC_GET_HASH"><code class="xref">PSA_ALG_HMAC_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_AEAD"><code class="xref">PSA_ALG_IS_AEAD</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref">PSA_ALG_IS_BLOCK_CIPHER_MAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_CIPHER"><code class="xref">PSA_ALG_IS_CIPHER</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_IS_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_ECDH"><code class="xref">PSA_ALG_IS_ECDH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_ECDSA"><code class="xref">PSA_ALG_IS_ECDSA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_FFDH"><code class="xref">PSA_ALG_IS_FFDH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_HASH"><code class="xref">PSA_ALG_IS_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="xref">PSA_ALG_IS_HASH_AND_SIGN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_HKDF"><code class="xref">PSA_ALG_IS_HKDF</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_HMAC"><code class="xref">PSA_ALG_IS_HMAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION"><code class="xref">PSA_ALG_IS_KEY_DERIVATION</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"><code class="xref">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_MAC"><code class="xref">PSA_ALG_IS_MAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref">PSA_ALG_IS_RANDOMIZED_ECDSA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_RAW_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_RSA_OAEP"><code class="xref">PSA_ALG_IS_RSA_OAEP</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_IS_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_RSA_PSS"><code class="xref">PSA_ALG_IS_RSA_PSS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_SIGN"><code class="xref">PSA_ALG_IS_SIGN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_STREAM_CIPHER"><code class="xref">PSA_ALG_IS_STREAM_CIPHER</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_TLS12_PRF"><code class="xref">PSA_ALG_IS_TLS12_PRF</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_IS_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_VENDOR_DEFINED"><code class="xref">PSA_ALG_IS_VENDOR_DEFINED</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_IS_WILDCARD"><code class="xref">PSA_ALG_IS_WILDCARD</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT"><code class="xref">PSA_ALG_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_KDF</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_MASK"><code class="xref">PSA_ALG_KEY_AGREEMENT_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_KEY_DERIVATION_MASK"><code class="xref">PSA_ALG_KEY_DERIVATION_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_MAC_SUBCATEGORY_MASK"><code class="xref">PSA_ALG_MAC_SUBCATEGORY_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_MAC_TRUNCATION_MASK"><code class="xref">PSA_ALG_MAC_TRUNCATION_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_MD2"><code class="xref">PSA_ALG_MD2</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_MD4"><code class="xref">PSA_ALG_MD4</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_MD5"><code class="xref">PSA_ALG_MD5</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_OFB"><code class="xref">PSA_ALG_OFB</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RIPEMD160"><code class="xref">PSA_ALG_RIPEMD160</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_OAEP"><code class="xref">PSA_ALG_RSA_OAEP</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_OAEP_BASE"><code class="xref">PSA_ALG_RSA_OAEP_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_OAEP_GET_HASH"><code class="xref">PSA_ALG_RSA_OAEP_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref">PSA_ALG_RSA_PKCS1V15_CRYPT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_BASE"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_PSS"><code class="xref">PSA_ALG_RSA_PSS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_RSA_PSS_BASE"><code class="xref">PSA_ALG_RSA_PSS_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA3_224"><code class="xref">PSA_ALG_SHA3_224</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA3_256"><code class="xref">PSA_ALG_SHA3_256</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA3_384"><code class="xref">PSA_ALG_SHA3_384</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA3_512"><code class="xref">PSA_ALG_SHA3_512</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA_1"><code class="xref">PSA_ALG_SHA_1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA_224"><code class="xref">PSA_ALG_SHA_224</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA_256"><code class="xref">PSA_ALG_SHA_256</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA_384"><code class="xref">PSA_ALG_SHA_384</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA_512"><code class="xref">PSA_ALG_SHA_512</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA_512_224"><code class="xref">PSA_ALG_SHA_512_224</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SHA_512_256"><code class="xref">PSA_ALG_SHA_512_256</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_SIGN_GET_HASH"><code class="xref">PSA_ALG_SIGN_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TLS12_PRF"><code class="xref">PSA_ALG_TLS12_PRF</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TLS12_PRF_BASE"><code class="xref">PSA_ALG_TLS12_PRF_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TLS12_PRF_GET_HASH"><code class="xref">PSA_ALG_TLS12_PRF_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_BASE"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_TRUNCATED_MAC"><code class="xref">PSA_ALG_TRUNCATED_MAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_VENDOR_FLAG"><code class="xref">PSA_ALG_VENDOR_FLAG</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ALG_XTS"><code class="xref">PSA_ALG_XTS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_abort"><code class="xref">psa_aead_abort</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_decrypt"><code class="xref">psa_aead_decrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_decrypt_setup"><code class="xref">psa_aead_decrypt_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_encrypt"><code class="xref">psa_aead_encrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_encrypt_setup"><code class="xref">psa_aead_encrypt_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_finish"><code class="xref">psa_aead_finish</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_generate_nonce"><code class="xref">psa_aead_generate_nonce</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_operation_init"><code class="xref">psa_aead_operation_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_operation_t"><code class="xref">psa_aead_operation_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_set_lengths"><code class="xref">psa_aead_set_lengths</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_set_nonce"><code class="xref">psa_aead_set_nonce</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_update"><code class="xref">psa_aead_update</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_update_ad"><code class="xref">psa_aead_update_ad</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_aead_verify"><code class="xref">psa_aead_verify</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_algorithm_t"><code class="xref">psa_algorithm_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_asymmetric_decrypt"><code class="xref">psa_asymmetric_decrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_asymmetric_encrypt"><code class="xref">psa_asymmetric_encrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_asymmetric_sign"><code class="xref">psa_asymmetric_sign</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_asymmetric_verify"><code class="xref">psa_asymmetric_verify</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_B"><td></td><td>
+       <strong>PSA_B</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_BITS_TO_BYTES"><code class="xref">PSA_BITS_TO_BYTES</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_BLOCK_CIPHER_BLOCK_SIZE"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_BYTES_TO_BITS"><code class="xref">PSA_BYTES_TO_BITS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_C"><td></td><td>
+       <strong>PSA_C</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_CIPHER_OPERATION_INIT"><code class="xref">PSA_CIPHER_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_abort"><code class="xref">psa_cipher_abort</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_decrypt"><code class="xref">psa_cipher_decrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_decrypt_setup"><code class="xref">psa_cipher_decrypt_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_encrypt"><code class="xref">psa_cipher_encrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_encrypt_setup"><code class="xref">psa_cipher_encrypt_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_finish"><code class="xref">psa_cipher_finish</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_generate_iv"><code class="xref">psa_cipher_generate_iv</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_operation_init"><code class="xref">psa_cipher_operation_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_operation_t"><code class="xref">psa_cipher_operation_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_set_iv"><code class="xref">psa_cipher_set_iv</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_cipher_update"><code class="xref">psa_cipher_update</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_close_key"><code class="xref">psa_close_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_copy_key"><code class="xref">psa_copy_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_crypto_init"><code class="xref">psa_crypto_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_D"><td></td><td>
+       <strong>PSA_D</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE2048"><code class="xref">PSA_DH_GROUP_FFDHE2048</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE3072"><code class="xref">PSA_DH_GROUP_FFDHE3072</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE4096"><code class="xref">PSA_DH_GROUP_FFDHE4096</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE6144"><code class="xref">PSA_DH_GROUP_FFDHE6144</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE8192"><code class="xref">PSA_DH_GROUP_FFDHE8192</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_destroy_key"><code class="xref">psa_destroy_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_dh_group_t"><code class="xref">psa_dh_group_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_E"><td></td><td>
+       <strong>PSA_E</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_BITS"><code class="xref">PSA_ECC_CURVE_BITS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P256R1"><code class="xref">PSA_ECC_CURVE_BRAINPOOL_P256R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P384R1"><code class="xref">PSA_ECC_CURVE_BRAINPOOL_P384R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P512R1"><code class="xref">PSA_ECC_CURVE_BRAINPOOL_P512R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_CURVE25519"><code class="xref">PSA_ECC_CURVE_CURVE25519</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_CURVE448"><code class="xref">PSA_ECC_CURVE_CURVE448</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP160K1"><code class="xref">PSA_ECC_CURVE_SECP160K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP160R1"><code class="xref">PSA_ECC_CURVE_SECP160R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP160R2"><code class="xref">PSA_ECC_CURVE_SECP160R2</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP192K1"><code class="xref">PSA_ECC_CURVE_SECP192K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP192R1"><code class="xref">PSA_ECC_CURVE_SECP192R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP224K1"><code class="xref">PSA_ECC_CURVE_SECP224K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP224R1"><code class="xref">PSA_ECC_CURVE_SECP224R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP256K1"><code class="xref">PSA_ECC_CURVE_SECP256K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP256R1"><code class="xref">PSA_ECC_CURVE_SECP256R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP384R1"><code class="xref">PSA_ECC_CURVE_SECP384R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP521R1"><code class="xref">PSA_ECC_CURVE_SECP521R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT163K1"><code class="xref">PSA_ECC_CURVE_SECT163K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT163R1"><code class="xref">PSA_ECC_CURVE_SECT163R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT163R2"><code class="xref">PSA_ECC_CURVE_SECT163R2</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT193R1"><code class="xref">PSA_ECC_CURVE_SECT193R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT193R2"><code class="xref">PSA_ECC_CURVE_SECT193R2</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT233K1"><code class="xref">PSA_ECC_CURVE_SECT233K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT233R1"><code class="xref">PSA_ECC_CURVE_SECT233R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT239K1"><code class="xref">PSA_ECC_CURVE_SECT239K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT283K1"><code class="xref">PSA_ECC_CURVE_SECT283K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT283R1"><code class="xref">PSA_ECC_CURVE_SECT283R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT409K1"><code class="xref">PSA_ECC_CURVE_SECT409K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT409R1"><code class="xref">PSA_ECC_CURVE_SECT409R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT571K1"><code class="xref">PSA_ECC_CURVE_SECT571K1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT571R1"><code class="xref">PSA_ECC_CURVE_SECT571R1</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ECDSA_SIGNATURE_SIZE"><code class="xref">PSA_ECDSA_SIGNATURE_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_ALREADY_EXISTS"><code class="xref">PSA_ERROR_ALREADY_EXISTS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_BAD_STATE"><code class="xref">PSA_ERROR_BAD_STATE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref">PSA_ERROR_BUFFER_TOO_SMALL</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref">PSA_ERROR_COMMUNICATION_FAILURE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="xref">PSA_ERROR_CORRUPTION_DETECTED</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_DOES_NOT_EXIST"><code class="xref">PSA_ERROR_DOES_NOT_EXIST</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_GENERIC_ERROR"><code class="xref">PSA_ERROR_GENERIC_ERROR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_HARDWARE_FAILURE"><code class="xref">PSA_ERROR_HARDWARE_FAILURE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="xref">PSA_ERROR_INSUFFICIENT_DATA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref">PSA_ERROR_INSUFFICIENT_ENTROPY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="xref">PSA_ERROR_INSUFFICIENT_MEMORY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref">PSA_ERROR_INSUFFICIENT_STORAGE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INVALID_ARGUMENT"><code class="xref">PSA_ERROR_INVALID_ARGUMENT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INVALID_HANDLE"><code class="xref">PSA_ERROR_INVALID_HANDLE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INVALID_PADDING"><code class="xref">PSA_ERROR_INVALID_PADDING</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_INVALID_SIGNATURE"><code class="xref">PSA_ERROR_INVALID_SIGNATURE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_NOT_PERMITTED"><code class="xref">PSA_ERROR_NOT_PERMITTED</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_NOT_SUPPORTED"><code class="xref">PSA_ERROR_NOT_SUPPORTED</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ERROR_STORAGE_FAILURE"><code class="xref">PSA_ERROR_STORAGE_FAILURE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_ecc_curve_t"><code class="xref">psa_ecc_curve_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_export_key"><code class="xref">psa_export_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_export_public_key"><code class="xref">psa_export_public_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_G"><td></td><td>
+       <strong>PSA_G</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_generate_key"><code class="xref">psa_generate_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_generate_random"><code class="xref">psa_generate_random</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_get_key_algorithm"><code class="xref">psa_get_key_algorithm</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_get_key_attributes"><code class="xref">psa_get_key_attributes</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_get_key_bits"><code class="xref">psa_get_key_bits</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_get_key_id"><code class="xref">psa_get_key_id</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_get_key_lifetime"><code class="xref">psa_get_key_lifetime</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_get_key_type"><code class="xref">psa_get_key_type</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_get_key_usage_flags"><code class="xref">psa_get_key_usage_flags</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_H"><td></td><td>
+       <strong>PSA_H</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_HASH_MAX_SIZE"><code class="xref">PSA_HASH_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_HASH_OPERATION_INIT"><code class="xref">PSA_HASH_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_HASH_SIZE"><code class="xref">PSA_HASH_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_HMAC_MAX_HASH_BLOCK_SIZE"><code class="xref">PSA_HMAC_MAX_HASH_BLOCK_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_abort"><code class="xref">psa_hash_abort</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_clone"><code class="xref">psa_hash_clone</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_compare"><code class="xref">psa_hash_compare</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_compute"><code class="xref">psa_hash_compute</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_finish"><code class="xref">psa_hash_finish</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_operation_init"><code class="xref">psa_hash_operation_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_operation_t"><code class="xref">psa_hash_operation_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_setup"><code class="xref">psa_hash_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_update"><code class="xref">psa_hash_update</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_hash_verify"><code class="xref">psa_hash_verify</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_I"><td></td><td>
+       <strong>PSA_I</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_import_key"><code class="xref">psa_import_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_K"><td></td><td>
+       <strong>PSA_K</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_ATTRIBUTES_INIT"><code class="xref">PSA_KEY_ATTRIBUTES_INIT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref">PSA_KEY_DERIVATION_INPUT_INFO</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref">PSA_KEY_DERIVATION_INPUT_LABEL</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref">PSA_KEY_DERIVATION_INPUT_SALT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref">PSA_KEY_DERIVATION_INPUT_SECRET</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref">PSA_KEY_DERIVATION_INPUT_SEED</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref">PSA_KEY_DERIVATION_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_ID_USER_MAX"><code class="xref">PSA_KEY_ID_USER_MAX</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_ID_USER_MIN"><code class="xref">PSA_KEY_ID_USER_MIN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_ID_VENDOR_MAX"><code class="xref">PSA_KEY_ID_VENDOR_MAX</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_ID_VENDOR_MIN"><code class="xref">PSA_KEY_ID_VENDOR_MIN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="xref">PSA_KEY_LIFETIME_PERSISTENT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_LIFETIME_VOLATILE"><code class="xref">PSA_KEY_LIFETIME_VOLATILE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_AES"><code class="xref">PSA_KEY_TYPE_AES</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_ARC4"><code class="xref">PSA_KEY_TYPE_ARC4</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CAMELLIA"><code class="xref">PSA_KEY_TYPE_CAMELLIA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"><code class="xref">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_MASK"><code class="xref">PSA_KEY_TYPE_CATEGORY_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_RAW"><code class="xref">PSA_KEY_TYPE_CATEGORY_RAW</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_SYMMETRIC"><code class="xref">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_CHACHA20"><code class="xref">PSA_KEY_TYPE_CHACHA20</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_DERIVE"><code class="xref">PSA_KEY_TYPE_DERIVE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_DES"><code class="xref">PSA_KEY_TYPE_DES</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_GROUP_MASK"><code class="xref">PSA_KEY_TYPE_DH_GROUP_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR_BASE"><code class="xref">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"><code class="xref">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_CURVE_MASK"><code class="xref">PSA_KEY_TYPE_ECC_CURVE_MASK</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"><code class="xref">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"><code class="xref">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_GET_CURVE"><code class="xref">PSA_KEY_TYPE_GET_CURVE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_GET_GROUP"><code class="xref">PSA_KEY_TYPE_GET_GROUP</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_HMAC"><code class="xref">PSA_KEY_TYPE_HMAC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="xref">PSA_KEY_TYPE_IS_ASYMMETRIC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_DH"><code class="xref">PSA_KEY_TYPE_IS_DH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC"><code class="xref">PSA_KEY_TYPE_IS_ECC</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_RSA"><code class="xref">PSA_KEY_TYPE_IS_RSA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="xref">PSA_KEY_TYPE_IS_UNSTRUCTURED</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_VENDOR_DEFINED"><code class="xref">PSA_KEY_TYPE_IS_VENDOR_DEFINED</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_NONE"><code class="xref">PSA_KEY_TYPE_NONE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_RAW_DATA"><code class="xref">PSA_KEY_TYPE_RAW_DATA</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_RSA_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_RSA_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_TYPE_VENDOR_FLAG"><code class="xref">PSA_KEY_TYPE_VENDOR_FLAG</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_USAGE_COPY"><code class="xref">PSA_KEY_USAGE_COPY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_USAGE_DECRYPT"><code class="xref">PSA_KEY_USAGE_DECRYPT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_USAGE_DERIVE"><code class="xref">PSA_KEY_USAGE_DERIVE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_USAGE_ENCRYPT"><code class="xref">PSA_KEY_USAGE_ENCRYPT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_USAGE_EXPORT"><code class="xref">PSA_KEY_USAGE_EXPORT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_USAGE_SIGN"><code class="xref">PSA_KEY_USAGE_SIGN</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_KEY_USAGE_VERIFY"><code class="xref">PSA_KEY_USAGE_VERIFY</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_attributes_init"><code class="xref">psa_key_attributes_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_attributes_t"><code class="xref">psa_key_attributes_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_abort"><code class="xref">psa_key_derivation_abort</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_get_capacity"><code class="xref">psa_key_derivation_get_capacity</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_input_bytes"><code class="xref">psa_key_derivation_input_bytes</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_input_key"><code class="xref">psa_key_derivation_input_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_key_agreement"><code class="xref">psa_key_derivation_key_agreement</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_operation_init"><code class="xref">psa_key_derivation_operation_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_operation_t"><code class="xref">psa_key_derivation_operation_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_output_bytes"><code class="xref">psa_key_derivation_output_bytes</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_output_key"><code class="xref">psa_key_derivation_output_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_set_capacity"><code class="xref">psa_key_derivation_set_capacity</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_setup"><code class="xref">psa_key_derivation_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_derivation_step_t"><code class="xref">psa_key_derivation_step_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_handle_t"><code class="xref">psa_key_handle_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_id_t"><code class="xref">psa_key_id_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_lifetime_t"><code class="xref">psa_key_lifetime_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_type_t"><code class="xref">psa_key_type_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_key_usage_t"><code class="xref">psa_key_usage_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_M"><td></td><td>
+       <strong>PSA_M</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_MAC_FINAL_SIZE"><code class="xref">PSA_MAC_FINAL_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_MAC_MAX_SIZE"><code class="xref">PSA_MAC_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_MAC_OPERATION_INIT"><code class="xref">PSA_MAC_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_MAC_TRUNCATED_LENGTH"><code class="xref">PSA_MAC_TRUNCATED_LENGTH</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_MAC_TRUNCATION_OFFSET"><code class="xref">PSA_MAC_TRUNCATION_OFFSET</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"><code class="xref">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_abort"><code class="xref">psa_mac_abort</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_compute"><code class="xref">psa_mac_compute</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_operation_init"><code class="xref">psa_mac_operation_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_operation_t"><code class="xref">psa_mac_operation_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_sign_finish"><code class="xref">psa_mac_sign_finish</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_sign_setup"><code class="xref">psa_mac_sign_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_update"><code class="xref">psa_mac_update</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_verify"><code class="xref">psa_mac_verify</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_verify_finish"><code class="xref">psa_mac_verify_finish</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_mac_verify_setup"><code class="xref">psa_mac_verify_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_O"><td></td><td>
+       <strong>PSA_O</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_open_key"><code class="xref">psa_open_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_R"><td></td><td>
+       <strong>PSA_R</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_ROUND_UP_TO_MULTIPLE"><code class="xref">PSA_ROUND_UP_TO_MULTIPLE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_RSA_MINIMUM_PADDING_SIZE"><code class="xref">PSA_RSA_MINIMUM_PADDING_SIZE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_raw_key_agreement"><code class="xref">psa_raw_key_agreement</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_reset_key_attributes"><code class="xref">psa_reset_key_attributes</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_S"><td></td><td>
+       <strong>PSA_S</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_SUCCESS"><code class="xref">PSA_SUCCESS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_set_key_algorithm"><code class="xref">psa_set_key_algorithm</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_set_key_bits"><code class="xref">psa_set_key_bits</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_set_key_id"><code class="xref">psa_set_key_id</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_set_key_lifetime"><code class="xref">psa_set_key_lifetime</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_set_key_type"><code class="xref">psa_set_key_type</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_set_key_usage_flags"><code class="xref">psa_set_key_usage_flags</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#psa_status_t"><code class="xref">psa_status_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_V"><td></td><td>
+       <strong>PSA_V</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_VENDOR_ECC_MAX_CURVE_BITS"><code class="xref">PSA_VENDOR_ECC_MAX_CURVE_BITS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA_VENDOR_RSA_MAX_KEY_BITS"><code class="xref">PSA_VENDOR_RSA_MAX_KEY_BITS</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA__"><td></td><td>
+       <strong>PSA__</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="from_doxygen.html#PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"><code class="xref">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</code></a> <em>(macro)</em></td><td>
+       <em></em></td></tr>
+   </table>
+
+
+          </div>
+          
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
+
+
+
+
+
+
+
+
+<h3>Navigation</h3>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
+</ul>
+
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="index.html">Documentation overview</a><ul>
+  </ul></li>
+</ul>
+</div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <div class="searchformwrapper">
+    <form class="search" action="search.html" method="get">
+      <input type="text" name="q" />
+      <input type="submit" value="Go" />
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+    </div>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+
+
+
+
+
+
+
+
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy;2019, Arm.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/search.html b/docs/html/search.html
new file mode 100644
index 0000000..266bde5
--- /dev/null
+++ b/docs/html/search.html
@@ -0,0 +1,144 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Search &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    
+    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript" src="_static/jquery.js"></script>
+    <script type="text/javascript" src="_static/underscore.js"></script>
+    <script type="text/javascript" src="_static/doctools.js"></script>
+    <script type="text/javascript" src="_static/language_data.js"></script>
+    <script type="text/javascript" src="_static/searchtools.js"></script>
+    <link rel="index" title="Index" href="genindex.html" />
+    <link rel="search" title="Search" href="#" />
+  <script type="text/javascript">
+    jQuery(function() { Search.loadIndex("searchindex.js"); });
+  </script>
+  
+  <script type="text/javascript" id="searchindexloader"></script>
+  
+   
+  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
+  
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+
+  </head><body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          
+
+          <div class="body" role="main">
+            
+  <h1 id="search-documentation">Search</h1>
+  <div id="fallback" class="admonition warning">
+  <script type="text/javascript">$('#fallback').hide();</script>
+  <p>
+    Please activate JavaScript to enable the search
+    functionality.
+  </p>
+  </div>
+  <p>
+    From here you can search these documents. Enter your search
+    words into the box below and click "search". Note that the search
+    function will automatically search for all of the words. Pages
+    containing fewer words won't appear in the result list.
+  </p>
+  <form action="" method="get">
+    <input type="text" name="q" value="" />
+    <input type="submit" value="search" />
+    <span id="search-progress" style="padding-left: 10px"></span>
+  </form>
+  
+  <div id="search-results">
+  
+  </div>
+
+          </div>
+          
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
+
+
+
+
+
+
+
+
+<h3>Navigation</h3>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
+</ul>
+
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="index.html">Documentation overview</a><ul>
+  </ul></li>
+</ul>
+</div>
+
+
+
+
+
+
+
+
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy;2019, Arm.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/search/all_0.html b/docs/html/search/all_0.html
deleted file mode 100644
index d54e0bd..0000000
--- a/docs/html/search/all_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_0.js b/docs/html/search/all_0.js
deleted file mode 100644
index 9e9cdcb..0000000
--- a/docs/html/search/all_0.js
+++ /dev/null
@@ -1,5 +0,0 @@
-var searchData=
-[
-  ['authenticated_20encryption_20with_20associated_20data_20_28aead_29',['Authenticated encryption with associated data (AEAD)',['../group__aead.html',1,'']]],
-  ['asymmetric_20cryptography',['Asymmetric cryptography',['../group__asymmetric.html',1,'']]]
-];
diff --git a/docs/html/search/all_1.html b/docs/html/search/all_1.html
deleted file mode 100644
index 8cc6a1d..0000000
--- a/docs/html/search/all_1.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_1.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_1.js b/docs/html/search/all_1.js
deleted file mode 100644
index 1f9a5bb..0000000
--- a/docs/html/search/all_1.js
+++ /dev/null
@@ -1,7 +0,0 @@
-var searchData=
-[
-  ['crypto_2eh',['crypto.h',['../crypto_8h.html',1,'']]],
-  ['crypto_5fsizes_2eh',['crypto_sizes.h',['../crypto__sizes_8h.html',1,'']]],
-  ['crypto_5ftypes_2eh',['crypto_types.h',['../crypto__types_8h.html',1,'']]],
-  ['crypto_5fvalues_2eh',['crypto_values.h',['../crypto__values_8h.html',1,'']]]
-];
diff --git a/docs/html/search/all_2.html b/docs/html/search/all_2.html
deleted file mode 100644
index d15ac65..0000000
--- a/docs/html/search/all_2.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_2.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_2.js b/docs/html/search/all_2.js
deleted file mode 100644
index da175df..0000000
--- a/docs/html/search/all_2.js
+++ /dev/null
@@ -1,5 +0,0 @@
-var searchData=
-[
-  ['e',['e',['../structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d',1,'psa_generate_key_extra_rsa']]],
-  ['error_20codes',['Error codes',['../group__error.html',1,'']]]
-];
diff --git a/docs/html/search/all_3.html b/docs/html/search/all_3.html
deleted file mode 100644
index 9f526c6..0000000
--- a/docs/html/search/all_3.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_3.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_3.js b/docs/html/search/all_3.js
deleted file mode 100644
index bb51584..0000000
--- a/docs/html/search/all_3.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['generators',['Generators',['../group__generators.html',1,'']]]
-];
diff --git a/docs/html/search/all_4.html b/docs/html/search/all_4.html
deleted file mode 100644
index 7b814aa..0000000
--- a/docs/html/search/all_4.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_4.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_4.js b/docs/html/search/all_4.js
deleted file mode 100644
index f48be25..0000000
--- a/docs/html/search/all_4.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['implementation_2dspecific_20definitions',['Implementation-specific definitions',['../group__platform.html',1,'']]]
-];
diff --git a/docs/html/search/all_5.html b/docs/html/search/all_5.html
deleted file mode 100644
index d8de556..0000000
--- a/docs/html/search/all_5.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_5.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_5.js b/docs/html/search/all_5.js
deleted file mode 100644
index 489c5ec..0000000
--- a/docs/html/search/all_5.js
+++ /dev/null
@@ -1,9 +0,0 @@
-var searchData=
-[
-  ['key_20and_20algorithm_20types',['Key and algorithm types',['../group__crypto__types.html',1,'']]],
-  ['key_20derivation',['Key derivation',['../group__derivation.html',1,'']]],
-  ['key_20import_20and_20export',['Key import and export',['../group__import__export.html',1,'']]],
-  ['key_20lifetimes',['Key lifetimes',['../group__key__lifetimes.html',1,'']]],
-  ['key_20management',['Key management',['../group__key__management.html',1,'']]],
-  ['key_20policies',['Key policies',['../group__policy.html',1,'']]]
-];
diff --git a/docs/html/search/all_6.html b/docs/html/search/all_6.html
deleted file mode 100644
index 9ba0cc2..0000000
--- a/docs/html/search/all_6.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_6.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_6.js b/docs/html/search/all_6.js
deleted file mode 100644
index c72a68d..0000000
--- a/docs/html/search/all_6.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['library_20initialization',['Library initialization',['../group__initialization.html',1,'']]]
-];
diff --git a/docs/html/search/all_7.html b/docs/html/search/all_7.html
deleted file mode 100644
index 9384ec9..0000000
--- a/docs/html/search/all_7.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_7.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_7.js b/docs/html/search/all_7.js
deleted file mode 100644
index 6efdddb..0000000
--- a/docs/html/search/all_7.js
+++ /dev/null
@@ -1,5 +0,0 @@
-var searchData=
-[
-  ['message_20digests',['Message digests',['../group__hash.html',1,'']]],
-  ['message_20authentication_20codes',['Message authentication codes',['../group__MAC.html',1,'']]]
-];
diff --git a/docs/html/search/all_8.html b/docs/html/search/all_8.html
deleted file mode 100644
index 37566c5..0000000
--- a/docs/html/search/all_8.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_8.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_8.js b/docs/html/search/all_8.js
deleted file mode 100644
index c99c08b..0000000
--- a/docs/html/search/all_8.js
+++ /dev/null
@@ -1,238 +0,0 @@
-var searchData=
-[
-  ['psa_5faead_5fabort',['psa_aead_abort',['../group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0',1,'crypto.h']]],
-  ['psa_5faead_5fdecrypt',['psa_aead_decrypt',['../group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b',1,'crypto.h']]],
-  ['psa_5faead_5fdecrypt_5foutput_5fsize',['PSA_AEAD_DECRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a1d057796166c16eb673ad1997e48a60b',1,'crypto_sizes.h']]],
-  ['psa_5faead_5fdecrypt_5fsetup',['psa_aead_decrypt_setup',['../group__aead.html#ga439896519d4a367ec86b47f201884152',1,'crypto.h']]],
-  ['psa_5faead_5fencrypt',['psa_aead_encrypt',['../group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d',1,'crypto.h']]],
-  ['psa_5faead_5fencrypt_5foutput_5fsize',['PSA_AEAD_ENCRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a85667d47a7aa6c7b99a80e5273671266',1,'crypto_sizes.h']]],
-  ['psa_5faead_5fencrypt_5fsetup',['psa_aead_encrypt_setup',['../group__aead.html#ga47265dc4852f1476f852752218fd12b2',1,'crypto.h']]],
-  ['psa_5faead_5ffinish',['psa_aead_finish',['../group__aead.html#ga759791bbe1763b377c3b5447641f1fc8',1,'crypto.h']]],
-  ['psa_5faead_5ffinish_5foutput_5fsize',['PSA_AEAD_FINISH_OUTPUT_SIZE',['../crypto__sizes_8h.html#ab097f6e054f1a73e975d597ade9029a6',1,'crypto_sizes.h']]],
-  ['psa_5faead_5fgenerate_5fnonce',['psa_aead_generate_nonce',['../group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2',1,'crypto.h']]],
-  ['psa_5faead_5foperation_5finit',['PSA_AEAD_OPERATION_INIT',['../group__aead.html#gaf52e036794c0dc6fbadd93a2b990f366',1,'crypto.h']]],
-  ['psa_5faead_5foperation_5ft',['psa_aead_operation_t',['../group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed',1,'crypto.h']]],
-  ['psa_5faead_5fset_5flengths',['psa_aead_set_lengths',['../group__aead.html#gad3431e28d05002c2a7b0760610176050',1,'crypto.h']]],
-  ['psa_5faead_5fset_5fnonce',['psa_aead_set_nonce',['../group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46',1,'crypto.h']]],
-  ['psa_5faead_5ftag_5flength',['PSA_AEAD_TAG_LENGTH',['../crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49',1,'crypto_sizes.h']]],
-  ['psa_5faead_5fupdate',['psa_aead_update',['../group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c',1,'crypto.h']]],
-  ['psa_5faead_5fupdate_5fad',['psa_aead_update_ad',['../group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569',1,'crypto.h']]],
-  ['psa_5faead_5fverify',['psa_aead_verify',['../group__aead.html#gaaed211fc61977c859d6ff07f39f59219',1,'crypto.h']]],
-  ['psa_5falg_5faead_5fwith_5fdefault_5ftag_5flength',['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',['../group__crypto__types.html#gaddea507e062250cda8a29407a9480d2b',1,'crypto_values.h']]],
-  ['psa_5falg_5faead_5fwith_5ftag_5flength',['PSA_ALG_AEAD_WITH_TAG_LENGTH',['../group__crypto__types.html#gaa63c520b62ab001d54d28801742fc9db',1,'crypto_values.h']]],
-  ['psa_5falg_5fany_5fhash',['PSA_ALG_ANY_HASH',['../group__crypto__types.html#gaa1288ea8bd397a8a3f5e19e94110f2e4',1,'crypto_values.h']]],
-  ['psa_5falg_5farc4',['PSA_ALG_ARC4',['../group__crypto__types.html#gab6a5284decb0e5e1b5b8740a41ef3c5e',1,'crypto_values.h']]],
-  ['psa_5falg_5fcbc_5fno_5fpadding',['PSA_ALG_CBC_NO_PADDING',['../group__crypto__types.html#gacb332d72716958880ee7f97d8365ae66',1,'crypto_values.h']]],
-  ['psa_5falg_5fcbc_5fpkcs7',['PSA_ALG_CBC_PKCS7',['../group__crypto__types.html#gaef50d2e9716eb6d476046608e4e0c78c',1,'crypto_values.h']]],
-  ['psa_5falg_5fccm',['PSA_ALG_CCM',['../group__crypto__types.html#gac2c0e7d21f1b2df5e76bcb4a8f84273c',1,'crypto_values.h']]],
-  ['psa_5falg_5fctr',['PSA_ALG_CTR',['../group__crypto__types.html#gad318309706a769cffdc64e4c7e06b2e9',1,'crypto_values.h']]],
-  ['psa_5falg_5fdeterministic_5fdsa',['PSA_ALG_DETERMINISTIC_DSA',['../group__crypto__types.html#gab8eb98fb6d2e094e47f3b44dfe128f94',1,'crypto_values.h']]],
-  ['psa_5falg_5fdeterministic_5fecdsa',['PSA_ALG_DETERMINISTIC_ECDSA',['../group__crypto__types.html#ga11da566bcd341661c8de921e2ca5ed03',1,'crypto_values.h']]],
-  ['psa_5falg_5fdsa',['PSA_ALG_DSA',['../group__crypto__types.html#ga9a68efdddff5ae95f104a1416b12742e',1,'crypto_values.h']]],
-  ['psa_5falg_5fecdh',['PSA_ALG_ECDH',['../group__crypto__types.html#gab2dbcf71b63785e7dd7b54a100edee43',1,'crypto_values.h']]],
-  ['psa_5falg_5fecdsa',['PSA_ALG_ECDSA',['../group__crypto__types.html#ga7e3ce9f514a227d5ba5d8318870452e3',1,'crypto_values.h']]],
-  ['psa_5falg_5fecdsa_5fany',['PSA_ALG_ECDSA_ANY',['../group__crypto__types.html#ga51d6b6044a62e33cae0cf64bfc3b22a4',1,'crypto_values.h']]],
-  ['psa_5falg_5fffdh',['PSA_ALG_FFDH',['../group__crypto__types.html#ga0ebbb6f93a05b6511e6f108ffd2d1eb4',1,'crypto_values.h']]],
-  ['psa_5falg_5ffull_5flength_5fmac',['PSA_ALG_FULL_LENGTH_MAC',['../group__crypto__types.html#gaa05a8d99634f3350597ac9284fb70cb1',1,'crypto_values.h']]],
-  ['psa_5falg_5fgcm',['PSA_ALG_GCM',['../group__crypto__types.html#ga0d7d02b15aaae490d38277d99f1c637c',1,'crypto_values.h']]],
-  ['psa_5falg_5fhkdf',['PSA_ALG_HKDF',['../group__crypto__types.html#ga32a888fb360e6e25cab8a343772c4a82',1,'crypto_values.h']]],
-  ['psa_5falg_5fhmac',['PSA_ALG_HMAC',['../group__crypto__types.html#ga70f397425684b3efcde1e0e34c28261f',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5faead',['PSA_ALG_IS_AEAD',['../group__crypto__types.html#ga1d44829d60065eaa4ac9a703e7d6abc8',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fasymmetric_5fencryption',['PSA_ALG_IS_ASYMMETRIC_ENCRYPTION',['../group__crypto__types.html#ga41d2ee937d54efd76bd54a97b2ebc08a',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fblock_5fcipher_5fmac',['PSA_ALG_IS_BLOCK_CIPHER_MAC',['../group__crypto__types.html#gae49d1eb601125d65a5c5b252aa45479e',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fcipher',['PSA_ALG_IS_CIPHER',['../group__crypto__types.html#ga1d1a5a402ad89a2e68f12bfb535490eb',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fecdh',['PSA_ALG_IS_ECDH',['../group__crypto__types.html#ga9d9b6533d2a6bea7bac7ae01facb820d',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fffdh',['PSA_ALG_IS_FFDH',['../group__crypto__types.html#gaa3cf76164cd9375af4fb8a291078a19e',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fhash',['PSA_ALG_IS_HASH',['../group__crypto__types.html#gac9280662bb482590b4b33d1dcd32930f',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fhash_5fand_5fsign',['PSA_ALG_IS_HASH_AND_SIGN',['../group__crypto__types.html#gad8a8ea0536975363b66410cdeafe38b6',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fhkdf',['PSA_ALG_IS_HKDF',['../group__crypto__types.html#ga1979d0a76fcee6164cf2e65960f38db2',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fhmac',['PSA_ALG_IS_HMAC',['../group__crypto__types.html#ga4a050c3c3cbc6eb96418f18847601c8a',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fkey_5fagreement',['PSA_ALG_IS_KEY_AGREEMENT',['../group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fkey_5fderivation',['PSA_ALG_IS_KEY_DERIVATION',['../group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fmac',['PSA_ALG_IS_MAC',['../group__crypto__types.html#gaca7aee4c9dde316b3b1a150a26eab776',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fraw_5fkey_5fagreement',['PSA_ALG_IS_RAW_KEY_AGREEMENT',['../group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fsign',['PSA_ALG_IS_SIGN',['../group__crypto__types.html#ga6d490d0904e0698f6c1268a89d72ff31',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fstream_5fcipher',['PSA_ALG_IS_STREAM_CIPHER',['../group__crypto__types.html#gacfec68e0c6175e02e1b2ebc97df383c0',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5ftls12_5fprf',['PSA_ALG_IS_TLS12_PRF',['../group__crypto__types.html#gaa3c18890c50222e5219f40ade8927e66',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5ftls12_5fpsk_5fto_5fms',['PSA_ALG_IS_TLS12_PSK_TO_MS',['../group__crypto__types.html#gab25ecc074a93fd11069bedfbba5a287b',1,'crypto_values.h']]],
-  ['psa_5falg_5fis_5fwildcard',['PSA_ALG_IS_WILDCARD',['../group__crypto__types.html#gacf83d7430e82b97cecb8b26ca6fa1426',1,'crypto_values.h']]],
-  ['psa_5falg_5fkey_5fagreement',['PSA_ALG_KEY_AGREEMENT',['../group__crypto__types.html#ga78bb81cffb87a635c247725eeb2a2682',1,'crypto_values.h']]],
-  ['psa_5falg_5frsa_5foaep',['PSA_ALG_RSA_OAEP',['../group__crypto__types.html#gaa1235dc3fdd9839c6c1b1a9857344c76',1,'crypto_values.h']]],
-  ['psa_5falg_5frsa_5fpkcs1v15_5fcrypt',['PSA_ALG_RSA_PKCS1V15_CRYPT',['../group__crypto__types.html#ga4c540d3abe43fb9abcb94f2bc51acef9',1,'crypto_values.h']]],
-  ['psa_5falg_5frsa_5fpkcs1v15_5fsign',['PSA_ALG_RSA_PKCS1V15_SIGN',['../group__crypto__types.html#ga702ff75385a6ae7d4247033f479439af',1,'crypto_values.h']]],
-  ['psa_5falg_5frsa_5fpkcs1v15_5fsign_5fraw',['PSA_ALG_RSA_PKCS1V15_SIGN_RAW',['../group__crypto__types.html#ga4215e2a78dcf834e9a625927faa2a817',1,'crypto_values.h']]],
-  ['psa_5falg_5frsa_5fpss',['PSA_ALG_RSA_PSS',['../group__crypto__types.html#ga62152bf4cb4bf6aace5e1be8f143564d',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha3_5f224',['PSA_ALG_SHA3_224',['../group__crypto__types.html#ga16f5fe34ccce68c2fada1224c054a999',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha3_5f256',['PSA_ALG_SHA3_256',['../group__crypto__types.html#gaace70d9515489bbe3c5e7ac1b7d9155b',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha3_5f384',['PSA_ALG_SHA3_384',['../group__crypto__types.html#gab0f079257ea75e2acfe2fc3b38c78cd8',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha3_5f512',['PSA_ALG_SHA3_512',['../group__crypto__types.html#ga37e5dbe936dddb155e76f2997de27188',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha_5f224',['PSA_ALG_SHA_224',['../group__crypto__types.html#ga25d6a3244d10a7148fe6b026d1979f7b',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha_5f256',['PSA_ALG_SHA_256',['../group__crypto__types.html#ga619471f978e13cdd0a1e37145e4bf341',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha_5f384',['PSA_ALG_SHA_384',['../group__crypto__types.html#ga58af64dd9a86a287e8da9ed7739eead4',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha_5f512',['PSA_ALG_SHA_512',['../group__crypto__types.html#gafba3ae409f46d3dd7f37a0910660c3e9',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha_5f512_5f224',['PSA_ALG_SHA_512_224',['../group__crypto__types.html#ga3fe2d7c3c80e3186ca78d16a35d5d931',1,'crypto_values.h']]],
-  ['psa_5falg_5fsha_5f512_5f256',['PSA_ALG_SHA_512_256',['../group__crypto__types.html#ga5910b3964c14e9613e8643a45b09c2d4',1,'crypto_values.h']]],
-  ['psa_5falg_5fsign_5fget_5fhash',['PSA_ALG_SIGN_GET_HASH',['../group__crypto__types.html#ga24cf6d7bcd2b9aeeeff86f07b6c674e3',1,'crypto_values.h']]],
-  ['psa_5falg_5ftls12_5fprf',['PSA_ALG_TLS12_PRF',['../group__crypto__types.html#ga6d5623c2ccda1d4a84e34351af8382d5',1,'crypto_values.h']]],
-  ['psa_5falg_5ftls12_5fpsk_5fto_5fms',['PSA_ALG_TLS12_PSK_TO_MS',['../group__crypto__types.html#ga039ec797f15d1635d9b2e09a611f8a68',1,'crypto_values.h']]],
-  ['psa_5falg_5ftls12_5fpsk_5fto_5fms_5fmax_5fpsk_5flen',['PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN',['../crypto__sizes_8h.html#ab589ea3b86f2bfa18880459299c58f8a',1,'crypto_sizes.h']]],
-  ['psa_5falg_5ftruncated_5fmac',['PSA_ALG_TRUNCATED_MAC',['../group__crypto__types.html#gaf36137110baf7bb13c5028fd62c64276',1,'crypto_values.h']]],
-  ['psa_5falg_5fxts',['PSA_ALG_XTS',['../group__crypto__types.html#gaa722c0e426a797fd6d99623f59748125',1,'crypto_values.h']]],
-  ['psa_5falgorithm_5ft',['psa_algorithm_t',['../group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69',1,'crypto_types.h']]],
-  ['psa_5fallocate_5fkey',['psa_allocate_key',['../group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fdecrypt',['psa_asymmetric_decrypt',['../group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fdecrypt_5foutput_5fsize',['PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a61a246f3eac41989821d982e56fea6c1',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fencrypt',['psa_asymmetric_encrypt',['../group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fencrypt_5foutput_5fsize',['PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a66ba3bd93e5ec52870ccc3848778bad8',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fsign',['psa_asymmetric_sign',['../group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fsign_5foutput_5fsize',['PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE',['../crypto__sizes_8h.html#a77565b9b4fe6d8730fd2120f4c8378ab',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fsignature_5fmax_5fsize',['PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE',['../crypto__sizes_8h.html#ad755101764dba14589e5919ee41be7ca',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fverify',['psa_asymmetric_verify',['../group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7',1,'crypto.h']]],
-  ['psa_5fblock_5fcipher_5fblock_5fsize',['PSA_BLOCK_CIPHER_BLOCK_SIZE',['../group__crypto__types.html#gacaa366bdeb0413e63e87a667c5457b2e',1,'crypto_values.h']]],
-  ['psa_5fcipher_5fabort',['psa_cipher_abort',['../group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4',1,'crypto.h']]],
-  ['psa_5fcipher_5fdecrypt',['psa_cipher_decrypt',['../group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216',1,'crypto.h']]],
-  ['psa_5fcipher_5fdecrypt_5fsetup',['psa_cipher_decrypt_setup',['../group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44',1,'crypto.h']]],
-  ['psa_5fcipher_5fencrypt',['psa_cipher_encrypt',['../group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2',1,'crypto.h']]],
-  ['psa_5fcipher_5fencrypt_5fsetup',['psa_cipher_encrypt_setup',['../group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e',1,'crypto.h']]],
-  ['psa_5fcipher_5ffinish',['psa_cipher_finish',['../group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b',1,'crypto.h']]],
-  ['psa_5fcipher_5fgenerate_5fiv',['psa_cipher_generate_iv',['../group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa',1,'crypto.h']]],
-  ['psa_5fcipher_5foperation_5finit',['PSA_CIPHER_OPERATION_INIT',['../group__cipher.html#ga2da0541aabf9a4995cf2004e36311919',1,'crypto.h']]],
-  ['psa_5fcipher_5foperation_5ft',['psa_cipher_operation_t',['../group__cipher.html#ga1399de29db657e3737bb09927aae51fa',1,'crypto.h']]],
-  ['psa_5fcipher_5fset_5fiv',['psa_cipher_set_iv',['../group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42',1,'crypto.h']]],
-  ['psa_5fcipher_5fupdate',['psa_cipher_update',['../group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91',1,'crypto.h']]],
-  ['psa_5fclose_5fkey',['psa_close_key',['../group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb',1,'crypto.h']]],
-  ['psa_5fcopy_5fkey',['psa_copy_key',['../group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d',1,'crypto.h']]],
-  ['psa_5fcreate_5fkey',['psa_create_key',['../group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c',1,'crypto.h']]],
-  ['psa_5fcrypto_5fgenerator_5finit',['PSA_CRYPTO_GENERATOR_INIT',['../group__generators.html#ga4788b471385fc667876fbd8a0d3fe062',1,'crypto.h']]],
-  ['psa_5fcrypto_5fgenerator_5ft',['psa_crypto_generator_t',['../group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b',1,'crypto.h']]],
-  ['psa_5fcrypto_5finit',['psa_crypto_init',['../group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9',1,'crypto.h']]],
-  ['psa_5fdestroy_5fkey',['psa_destroy_key',['../group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c',1,'crypto.h']]],
-  ['psa_5fecc_5fcurve_5ft',['psa_ecc_curve_t',['../group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9',1,'crypto_types.h']]],
-  ['psa_5fecdsa_5fsignature_5fsize',['PSA_ECDSA_SIGNATURE_SIZE',['../crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11',1,'crypto_sizes.h']]],
-  ['psa_5ferror_5fbad_5fstate',['PSA_ERROR_BAD_STATE',['../group__error.html#ga933d40fa2a591004f2e93aa91e11db84',1,'crypto_values.h']]],
-  ['psa_5ferror_5fbuffer_5ftoo_5fsmall',['PSA_ERROR_BUFFER_TOO_SMALL',['../group__error.html#ga695025f4ec11249aee7ea3d0f65e01c8',1,'crypto_values.h']]],
-  ['psa_5ferror_5fcommunication_5ffailure',['PSA_ERROR_COMMUNICATION_FAILURE',['../group__error.html#ga5cdb6948371d49e916106249020ea3f7',1,'crypto_values.h']]],
-  ['psa_5ferror_5fempty_5fslot',['PSA_ERROR_EMPTY_SLOT',['../group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040',1,'crypto_values.h']]],
-  ['psa_5ferror_5fhardware_5ffailure',['PSA_ERROR_HARDWARE_FAILURE',['../group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b',1,'crypto_values.h']]],
-  ['psa_5ferror_5finsufficient_5fcapacity',['PSA_ERROR_INSUFFICIENT_CAPACITY',['../group__error.html#gaf1fa61f72e9e5b4a848c991bea495767',1,'crypto_values.h']]],
-  ['psa_5ferror_5finsufficient_5fentropy',['PSA_ERROR_INSUFFICIENT_ENTROPY',['../group__error.html#ga4deb59fec02297ec5d8b42178323f675',1,'crypto_values.h']]],
-  ['psa_5ferror_5finsufficient_5fmemory',['PSA_ERROR_INSUFFICIENT_MEMORY',['../group__error.html#ga91b2ad8a867517a2651f1b076c5216e5',1,'crypto_values.h']]],
-  ['psa_5ferror_5finsufficient_5fstorage',['PSA_ERROR_INSUFFICIENT_STORAGE',['../group__error.html#ga897a45eb206a6f6b7be7ffbe36f0d766',1,'crypto_values.h']]],
-  ['psa_5ferror_5finvalid_5fargument',['PSA_ERROR_INVALID_ARGUMENT',['../group__error.html#ga798df25a505ebf931f7bec1f80f1f85f',1,'crypto_values.h']]],
-  ['psa_5ferror_5finvalid_5fhandle',['PSA_ERROR_INVALID_HANDLE',['../group__error.html#gadf22718935657c2c3168c228204085f9',1,'crypto_values.h']]],
-  ['psa_5ferror_5finvalid_5fpadding',['PSA_ERROR_INVALID_PADDING',['../group__error.html#gabe29594edbfb152cf153975b0597ac48',1,'crypto_values.h']]],
-  ['psa_5ferror_5finvalid_5fsignature',['PSA_ERROR_INVALID_SIGNATURE',['../group__error.html#ga35927f755d232c4766de600f2c49e9f2',1,'crypto_values.h']]],
-  ['psa_5ferror_5fnot_5fpermitted',['PSA_ERROR_NOT_PERMITTED',['../group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1',1,'crypto_values.h']]],
-  ['psa_5ferror_5fnot_5fsupported',['PSA_ERROR_NOT_SUPPORTED',['../group__error.html#ga1dcc6d130633ed5db8942257581b55dd',1,'crypto_values.h']]],
-  ['psa_5ferror_5foccupied_5fslot',['PSA_ERROR_OCCUPIED_SLOT',['../group__error.html#gac2fee3a51249fbea45360aaa911f3e58',1,'crypto_values.h']]],
-  ['psa_5ferror_5fstorage_5ffailure',['PSA_ERROR_STORAGE_FAILURE',['../group__error.html#gadd169a1af2707862b95fb9df91dfc37d',1,'crypto_values.h']]],
-  ['psa_5ferror_5ftampering_5fdetected',['PSA_ERROR_TAMPERING_DETECTED',['../group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004',1,'crypto_values.h']]],
-  ['psa_5ferror_5funknown_5ferror',['PSA_ERROR_UNKNOWN_ERROR',['../group__error.html#ga24d5fdcdd759f846f79d9e581c63a83f',1,'crypto_values.h']]],
-  ['psa_5fexport_5fkey',['psa_export_key',['../group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf',1,'crypto.h']]],
-  ['psa_5fexport_5fpublic_5fkey',['psa_export_public_key',['../group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256',1,'crypto.h']]],
-  ['psa_5fgenerate_5fkey',['psa_generate_key',['../group__random.html#ga72921520494b4f007a3afb904cd9ecdd',1,'crypto.h']]],
-  ['psa_5fgenerate_5fkey_5fextra_5frsa',['psa_generate_key_extra_rsa',['../structpsa__generate__key__extra__rsa.html',1,'']]],
-  ['psa_5fgenerate_5frandom',['psa_generate_random',['../group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5',1,'crypto.h']]],
-  ['psa_5fgenerator_5fabort',['psa_generator_abort',['../group__generators.html#ga563ca64537d90368899286b36d8cf7f3',1,'crypto.h']]],
-  ['psa_5fgenerator_5fimport_5fkey',['psa_generator_import_key',['../group__generators.html#ga7fcdf07cd37279ca167db484053da894',1,'crypto.h']]],
-  ['psa_5fgenerator_5fread',['psa_generator_read',['../group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce',1,'crypto.h']]],
-  ['psa_5fgenerator_5funbridled_5fcapacity',['PSA_GENERATOR_UNBRIDLED_CAPACITY',['../group__generators.html#gac3222df9b9ecca4d33ae56a7b8fbb1c9',1,'crypto.h']]],
-  ['psa_5fget_5fgenerator_5fcapacity',['psa_get_generator_capacity',['../group__generators.html#ga7453491e3b440193be2c5dccc2040fd2',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5fdomain_5fparameters',['psa_get_key_domain_parameters',['../group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5finformation',['psa_get_key_information',['../group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5flifetime',['psa_get_key_lifetime',['../group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5fpolicy',['psa_get_key_policy',['../group__policy.html#gaed087d1386b807edee66b2e445ba9111',1,'crypto.h']]],
-  ['psa_5fhash_5fabort',['psa_hash_abort',['../group__hash.html#gab0b4d5f9912a615559497a467b532928',1,'crypto.h']]],
-  ['psa_5fhash_5fclone',['psa_hash_clone',['../group__hash.html#ga39673348f3302b4646bd780034a5aeda',1,'crypto.h']]],
-  ['psa_5fhash_5fcompare',['psa_hash_compare',['../group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc',1,'crypto.h']]],
-  ['psa_5fhash_5fcompute',['psa_hash_compute',['../group__hash.html#gac69f7f19d96a56c28cf3799d11b12156',1,'crypto.h']]],
-  ['psa_5fhash_5ffinish',['psa_hash_finish',['../group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e',1,'crypto.h']]],
-  ['psa_5fhash_5fmax_5fsize',['PSA_HASH_MAX_SIZE',['../crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29',1,'crypto_sizes.h']]],
-  ['psa_5fhash_5foperation_5finit',['PSA_HASH_OPERATION_INIT',['../group__hash.html#ga6ab7fe8d3500bc2f21be840b4f4f8d1d',1,'crypto.h']]],
-  ['psa_5fhash_5foperation_5ft',['psa_hash_operation_t',['../group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab',1,'crypto.h']]],
-  ['psa_5fhash_5fsetup',['psa_hash_setup',['../group__hash.html#ga8d72896cf70fc4d514c5c6b978912515',1,'crypto.h']]],
-  ['psa_5fhash_5fsize',['PSA_HASH_SIZE',['../crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99',1,'crypto_sizes.h']]],
-  ['psa_5fhash_5fupdate',['psa_hash_update',['../group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff',1,'crypto.h']]],
-  ['psa_5fhash_5fverify',['psa_hash_verify',['../group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0',1,'crypto.h']]],
-  ['psa_5fimport_5fkey',['psa_import_key',['../group__import__export.html#gac9f999cb4d098663d56095afe81a453a',1,'crypto.h']]],
-  ['psa_5fkdf_5fstep_5finfo',['PSA_KDF_STEP_INFO',['../group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0',1,'crypto_values.h']]],
-  ['psa_5fkdf_5fstep_5flabel',['PSA_KDF_STEP_LABEL',['../group__derivation.html#ga9f4da10191bcb690b88756ed8470b03c',1,'crypto_values.h']]],
-  ['psa_5fkdf_5fstep_5fsalt',['PSA_KDF_STEP_SALT',['../group__derivation.html#ga384777dac55791d8f3a1af72c847b327',1,'crypto_values.h']]],
-  ['psa_5fkdf_5fstep_5fsecret',['PSA_KDF_STEP_SECRET',['../group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168',1,'crypto_values.h']]],
-  ['psa_5fkey_5fagreement',['psa_key_agreement',['../group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2',1,'crypto.h']]],
-  ['psa_5fkey_5fagreement_5fraw_5fshared_5fsecret',['psa_key_agreement_raw_shared_secret',['../group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5finput_5fbytes',['psa_key_derivation_input_bytes',['../group__derivation.html#ga1b30e888db65c71f5337900848e1b03f',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5finput_5fkey',['psa_key_derivation_input_key',['../group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5fsetup',['psa_key_derivation_setup',['../group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5fstep_5ft',['psa_key_derivation_step_t',['../group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b',1,'crypto_types.h']]],
-  ['psa_5fkey_5fexport_5fmax_5fsize',['PSA_KEY_EXPORT_MAX_SIZE',['../crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3',1,'crypto_sizes.h']]],
-  ['psa_5fkey_5fhandle_5ft',['psa_key_handle_t',['../group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75',1,'crypto.h']]],
-  ['psa_5fkey_5fid_5ft',['psa_key_id_t',['../group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b',1,'crypto_types.h']]],
-  ['psa_5fkey_5flifetime_5fpersistent',['PSA_KEY_LIFETIME_PERSISTENT',['../group__key__lifetimes.html#ga3713a01c5fcd5f7eae46ff22ceaf6d02',1,'crypto_values.h']]],
-  ['psa_5fkey_5flifetime_5ft',['psa_key_lifetime_t',['../group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf',1,'crypto_types.h']]],
-  ['psa_5fkey_5flifetime_5fvolatile',['PSA_KEY_LIFETIME_VOLATILE',['../group__key__lifetimes.html#ga8b438870ba69489b685730d346455108',1,'crypto_values.h']]],
-  ['psa_5fkey_5fpolicy_5fget_5falgorithm',['psa_key_policy_get_algorithm',['../group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86',1,'crypto.h']]],
-  ['psa_5fkey_5fpolicy_5fget_5fusage',['psa_key_policy_get_usage',['../group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab',1,'crypto.h']]],
-  ['psa_5fkey_5fpolicy_5finit',['PSA_KEY_POLICY_INIT',['../group__policy.html#ga5e6bc5f550e88fdc7790f2a75e79f7c5',1,'crypto.h']]],
-  ['psa_5fkey_5fpolicy_5fset_5fusage',['psa_key_policy_set_usage',['../group__policy.html#gac16792fd6d375a5f76d372090df40607',1,'crypto.h']]],
-  ['psa_5fkey_5fpolicy_5ft',['psa_key_policy_t',['../group__policy.html#gaf553efd409845b6d09ff25ce2ba36607',1,'crypto.h']]],
-  ['psa_5fkey_5ftype_5faes',['PSA_KEY_TYPE_AES',['../group__crypto__types.html#ga6ee54579dcf278c677eda4bb1a29575e',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5farc4',['PSA_KEY_TYPE_ARC4',['../group__crypto__types.html#gae4d46e83f910dcaa126000a8ed03cde9',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fcamellia',['PSA_KEY_TYPE_CAMELLIA',['../group__crypto__types.html#gad8e5da742343fd5519f9d8a630c2ed81',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fderive',['PSA_KEY_TYPE_DERIVE',['../group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fdes',['PSA_KEY_TYPE_DES',['../group__crypto__types.html#ga577562bfbbc691c820d55ec308333138',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fdh_5fkeypair',['PSA_KEY_TYPE_DH_KEYPAIR',['../group__crypto__types.html#ga39b63c6b97a62a316c0660bf72b2fdd5',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fdh_5fpublic_5fkey',['PSA_KEY_TYPE_DH_PUBLIC_KEY',['../group__crypto__types.html#ga325a340d7c72d99d3a678eb210bf6e0a',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fdsa_5fkeypair',['PSA_KEY_TYPE_DSA_KEYPAIR',['../group__crypto__types.html#ga011010ee28c20388f3d89fb27088ed62',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fdsa_5fpublic_5fkey',['PSA_KEY_TYPE_DSA_PUBLIC_KEY',['../group__crypto__types.html#ga5e7439c2905136366c3a876e62e5ddfc',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fecc_5fkeypair',['PSA_KEY_TYPE_ECC_KEYPAIR',['../group__crypto__types.html#gadf3ad65d157bf5282849c954bf3f51af',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fecc_5fpublic_5fkey',['PSA_KEY_TYPE_ECC_PUBLIC_KEY',['../group__crypto__types.html#gad54c03d3b47020e571a72cd01d978cf2',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fget_5fcurve',['PSA_KEY_TYPE_GET_CURVE',['../group__crypto__types.html#ga0c567210e6f80aa8f2aa87efa7a3a3f9',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fhmac',['PSA_KEY_TYPE_HMAC',['../group__crypto__types.html#ga92d989f4ca64abd00f463defd773a6f8',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fasymmetric',['PSA_KEY_TYPE_IS_ASYMMETRIC',['../group__crypto__types.html#gab138ae2ebf2905dfbaf4154db2620939',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fdh',['PSA_KEY_TYPE_IS_DH',['../group__crypto__types.html#ga248ae35c0e2becaebbf479fc1c3a3b0e',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fdsa',['PSA_KEY_TYPE_IS_DSA',['../group__crypto__types.html#ga273fdfcf23eb0624f8b63d2321cf95c1',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fecc',['PSA_KEY_TYPE_IS_ECC',['../group__crypto__types.html#ga88e01fa06b585654689a99bcc06bbe66',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fecc_5fkeypair',['PSA_KEY_TYPE_IS_ECC_KEYPAIR',['../group__crypto__types.html#ga7bf101b671e8cf26f4cb08fcb679db4b',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fecc_5fpublic_5fkey',['PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY',['../group__crypto__types.html#ga5af146a173b0c84d7e737e2fb6a3c0a7',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fkeypair',['PSA_KEY_TYPE_IS_KEYPAIR',['../group__crypto__types.html#gac14c6d6e1b2b7f4a92a7b757465cff29',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fpublic_5fkey',['PSA_KEY_TYPE_IS_PUBLIC_KEY',['../group__crypto__types.html#gac674a0f059bc0cb72b47f0c517b4f45b',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5frsa',['PSA_KEY_TYPE_IS_RSA',['../group__crypto__types.html#ga0e1d8f241228e49c9cadadfb4579ef1a',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5funstructured',['PSA_KEY_TYPE_IS_UNSTRUCTURED',['../group__crypto__types.html#gaef86ce4e810e1c2c76068ac874bfef54',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fis_5fvendor_5fdefined',['PSA_KEY_TYPE_IS_VENDOR_DEFINED',['../group__crypto__types.html#gadbe4c086a6562aefe344bc79e51bdfd3',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fkeypair_5fof_5fpublic_5fkey',['PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY',['../group__crypto__types.html#gaf09f1ca1de6a7e7cff0fe516f3f6c91d',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fnone',['PSA_KEY_TYPE_NONE',['../group__crypto__types.html#gafce7ab2b54ce97ea5bff73f13a9f3e5b',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fpublic_5fkey_5fof_5fkeypair',['PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR',['../group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5fraw_5fdata',['PSA_KEY_TYPE_RAW_DATA',['../group__crypto__types.html#gaa97f92025533102616b32d571c940d80',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5frsa_5fkeypair',['PSA_KEY_TYPE_RSA_KEYPAIR',['../group__crypto__types.html#ga581f50687f5d650456925278948f2799',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5frsa_5fpublic_5fkey',['PSA_KEY_TYPE_RSA_PUBLIC_KEY',['../group__crypto__types.html#ga9ba0878f56c8bcd1995ac017a74f513b',1,'crypto_values.h']]],
-  ['psa_5fkey_5ftype_5ft',['psa_key_type_t',['../group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628',1,'crypto_types.h']]],
-  ['psa_5fkey_5ftype_5fvendor_5fflag',['PSA_KEY_TYPE_VENDOR_FLAG',['../group__crypto__types.html#ga8dbaed2fdb1ebae8aa127ad3988516f7',1,'crypto_values.h']]],
-  ['psa_5fkey_5fusage_5fdecrypt',['PSA_KEY_USAGE_DECRYPT',['../group__policy.html#gac3f2d2e5983db1edde9f142ca9bf8e6a',1,'crypto_values.h']]],
-  ['psa_5fkey_5fusage_5fderive',['PSA_KEY_USAGE_DERIVE',['../group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2',1,'crypto_values.h']]],
-  ['psa_5fkey_5fusage_5fencrypt',['PSA_KEY_USAGE_ENCRYPT',['../group__policy.html#ga75153b296d045d529d97203a6a995dad',1,'crypto_values.h']]],
-  ['psa_5fkey_5fusage_5fexport',['PSA_KEY_USAGE_EXPORT',['../group__policy.html#ga7dddccdd1303176e87a4d20c87b589ed',1,'crypto_values.h']]],
-  ['psa_5fkey_5fusage_5fsign',['PSA_KEY_USAGE_SIGN',['../group__policy.html#ga99b9f456cf59efc4b5579465407aef5a',1,'crypto_values.h']]],
-  ['psa_5fkey_5fusage_5ft',['psa_key_usage_t',['../group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25',1,'crypto_types.h']]],
-  ['psa_5fkey_5fusage_5fverify',['PSA_KEY_USAGE_VERIFY',['../group__policy.html#ga39b54ffd5958b69634607924fa53cea6',1,'crypto_values.h']]],
-  ['psa_5fmac_5fabort',['psa_mac_abort',['../group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd',1,'crypto.h']]],
-  ['psa_5fmac_5fcompute',['psa_mac_compute',['../group__MAC.html#gace78d9b51394f9d4f77952963665897a',1,'crypto.h']]],
-  ['psa_5fmac_5ffinal_5fsize',['PSA_MAC_FINAL_SIZE',['../crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee',1,'crypto_sizes.h']]],
-  ['psa_5fmac_5fmax_5fsize',['PSA_MAC_MAX_SIZE',['../crypto__sizes_8h.html#a4681cc4f6226883a2160122c562ca682',1,'crypto_sizes.h']]],
-  ['psa_5fmac_5foperation_5finit',['PSA_MAC_OPERATION_INIT',['../group__MAC.html#ga441b6efc161a4573d06465bd22d9dc2d',1,'crypto.h']]],
-  ['psa_5fmac_5foperation_5ft',['psa_mac_operation_t',['../group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37',1,'crypto.h']]],
-  ['psa_5fmac_5fsign_5ffinish',['psa_mac_sign_finish',['../group__MAC.html#gac22bc0125580c96724a09226cfbc97f2',1,'crypto.h']]],
-  ['psa_5fmac_5fsign_5fsetup',['psa_mac_sign_setup',['../group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e',1,'crypto.h']]],
-  ['psa_5fmac_5ftruncated_5flength',['PSA_MAC_TRUNCATED_LENGTH',['../group__crypto__types.html#gab03726c4476174e019a08e2a04018ce8',1,'crypto_values.h']]],
-  ['psa_5fmac_5fupdate',['psa_mac_update',['../group__MAC.html#ga5560af371497babefe03c9da4e8a1c05',1,'crypto.h']]],
-  ['psa_5fmac_5fverify',['psa_mac_verify',['../group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c',1,'crypto.h']]],
-  ['psa_5fmac_5fverify_5ffinish',['psa_mac_verify_finish',['../group__MAC.html#gac92b2930d6728e1be4d011c05d485822',1,'crypto.h']]],
-  ['psa_5fmac_5fverify_5fsetup',['psa_mac_verify_setup',['../group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027',1,'crypto.h']]],
-  ['psa_5fmax_5fblock_5fcipher_5fblock_5fsize',['PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE',['../crypto__sizes_8h.html#aa3cfcff0291d6da279fec8fe834d5dec',1,'crypto_sizes.h']]],
-  ['psa_5fopen_5fkey',['psa_open_key',['../group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50',1,'crypto.h']]],
-  ['psa_5fset_5fgenerator_5fcapacity',['psa_set_generator_capacity',['../group__generators.html#ga45676ec3c719622f95caaf926f44bb6e',1,'crypto.h']]],
-  ['psa_5fset_5fkey_5fdomain_5fparameters',['psa_set_key_domain_parameters',['../group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300',1,'crypto.h']]],
-  ['psa_5fset_5fkey_5fpolicy',['psa_set_key_policy',['../group__policy.html#ga1e2a6e50b621864f95d438222a3c640b',1,'crypto.h']]],
-  ['psa_5fstatus_5ft',['psa_status_t',['../group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9',1,'crypto_types.h']]],
-  ['psa_5fsuccess',['PSA_SUCCESS',['../group__error.html#ga4cc859e2c66ca381c7418db3527a65e1',1,'crypto_values.h']]]
-];
diff --git a/docs/html/search/all_9.html b/docs/html/search/all_9.html
deleted file mode 100644
index c8c5102..0000000
--- a/docs/html/search/all_9.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_9.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_9.js b/docs/html/search/all_9.js
deleted file mode 100644
index 2b3e593..0000000
--- a/docs/html/search/all_9.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['random_20generation',['Random generation',['../group__random.html',1,'']]]
-];
diff --git a/docs/html/search/all_a.html b/docs/html/search/all_a.html
deleted file mode 100644
index 4cb31f0..0000000
--- a/docs/html/search/all_a.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="all_a.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/all_a.js b/docs/html/search/all_a.js
deleted file mode 100644
index 5161a09..0000000
--- a/docs/html/search/all_a.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['symmetric_20ciphers',['Symmetric ciphers',['../group__cipher.html',1,'']]]
-];
diff --git a/docs/html/search/classes_0.html b/docs/html/search/classes_0.html
deleted file mode 100644
index 025587a..0000000
--- a/docs/html/search/classes_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="classes_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/classes_0.js b/docs/html/search/classes_0.js
deleted file mode 100644
index 1d78234..0000000
--- a/docs/html/search/classes_0.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['psa_5fgenerate_5fkey_5fextra_5frsa',['psa_generate_key_extra_rsa',['../structpsa__generate__key__extra__rsa.html',1,'']]]
-];
diff --git a/docs/html/search/close.png b/docs/html/search/close.png
deleted file mode 100644
index 9342d3d..0000000
--- a/docs/html/search/close.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/search/defines_0.html b/docs/html/search/defines_0.html
deleted file mode 100644
index 17cfaa2..0000000
--- a/docs/html/search/defines_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="defines_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/defines_0.js b/docs/html/search/defines_0.js
deleted file mode 100644
index 81e47ba..0000000
--- a/docs/html/search/defines_0.js
+++ /dev/null
@@ -1,19 +0,0 @@
-var searchData=
-[
-  ['psa_5faead_5fdecrypt_5foutput_5fsize',['PSA_AEAD_DECRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a1d057796166c16eb673ad1997e48a60b',1,'crypto_sizes.h']]],
-  ['psa_5faead_5fencrypt_5foutput_5fsize',['PSA_AEAD_ENCRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a85667d47a7aa6c7b99a80e5273671266',1,'crypto_sizes.h']]],
-  ['psa_5faead_5ffinish_5foutput_5fsize',['PSA_AEAD_FINISH_OUTPUT_SIZE',['../crypto__sizes_8h.html#ab097f6e054f1a73e975d597ade9029a6',1,'crypto_sizes.h']]],
-  ['psa_5faead_5ftag_5flength',['PSA_AEAD_TAG_LENGTH',['../crypto__sizes_8h.html#a8e3079b2e624cb8d32b94843cddada49',1,'crypto_sizes.h']]],
-  ['psa_5falg_5ftls12_5fpsk_5fto_5fms_5fmax_5fpsk_5flen',['PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN',['../crypto__sizes_8h.html#ab589ea3b86f2bfa18880459299c58f8a',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fdecrypt_5foutput_5fsize',['PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a61a246f3eac41989821d982e56fea6c1',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fencrypt_5foutput_5fsize',['PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE',['../crypto__sizes_8h.html#a66ba3bd93e5ec52870ccc3848778bad8',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fsign_5foutput_5fsize',['PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE',['../crypto__sizes_8h.html#a77565b9b4fe6d8730fd2120f4c8378ab',1,'crypto_sizes.h']]],
-  ['psa_5fasymmetric_5fsignature_5fmax_5fsize',['PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE',['../crypto__sizes_8h.html#ad755101764dba14589e5919ee41be7ca',1,'crypto_sizes.h']]],
-  ['psa_5fecdsa_5fsignature_5fsize',['PSA_ECDSA_SIGNATURE_SIZE',['../crypto__sizes_8h.html#a10c472a35f04051add6b20cc228ffc11',1,'crypto_sizes.h']]],
-  ['psa_5fhash_5fmax_5fsize',['PSA_HASH_MAX_SIZE',['../crypto__sizes_8h.html#a6ce1014efbbc0bcca286ef7f9a72cb29',1,'crypto_sizes.h']]],
-  ['psa_5fhash_5fsize',['PSA_HASH_SIZE',['../crypto__sizes_8h.html#aef340331ce3cba2b57e1fc5624bf1f99',1,'crypto_sizes.h']]],
-  ['psa_5fkey_5fexport_5fmax_5fsize',['PSA_KEY_EXPORT_MAX_SIZE',['../crypto__sizes_8h.html#a0aae885cc8ff92e00fb5248420b939c3',1,'crypto_sizes.h']]],
-  ['psa_5fmac_5ffinal_5fsize',['PSA_MAC_FINAL_SIZE',['../crypto__sizes_8h.html#aa84c5fb384ac7cb1bfc52adde96588ee',1,'crypto_sizes.h']]],
-  ['psa_5fmac_5fmax_5fsize',['PSA_MAC_MAX_SIZE',['../crypto__sizes_8h.html#a4681cc4f6226883a2160122c562ca682',1,'crypto_sizes.h']]],
-  ['psa_5fmax_5fblock_5fcipher_5fblock_5fsize',['PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE',['../crypto__sizes_8h.html#aa3cfcff0291d6da279fec8fe834d5dec',1,'crypto_sizes.h']]]
-];
diff --git a/docs/html/search/files_0.html b/docs/html/search/files_0.html
deleted file mode 100644
index 0b637cf..0000000
--- a/docs/html/search/files_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="files_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/files_0.js b/docs/html/search/files_0.js
deleted file mode 100644
index 1f9a5bb..0000000
--- a/docs/html/search/files_0.js
+++ /dev/null
@@ -1,7 +0,0 @@
-var searchData=
-[
-  ['crypto_2eh',['crypto.h',['../crypto_8h.html',1,'']]],
-  ['crypto_5fsizes_2eh',['crypto_sizes.h',['../crypto__sizes_8h.html',1,'']]],
-  ['crypto_5ftypes_2eh',['crypto_types.h',['../crypto__types_8h.html',1,'']]],
-  ['crypto_5fvalues_2eh',['crypto_values.h',['../crypto__values_8h.html',1,'']]]
-];
diff --git a/docs/html/search/functions_0.html b/docs/html/search/functions_0.html
deleted file mode 100644
index 6bc52b6..0000000
--- a/docs/html/search/functions_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="functions_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/functions_0.js b/docs/html/search/functions_0.js
deleted file mode 100644
index cc5b60d..0000000
--- a/docs/html/search/functions_0.js
+++ /dev/null
@@ -1,75 +0,0 @@
-var searchData=
-[
-  ['psa_5faead_5fabort',['psa_aead_abort',['../group__aead.html#gae8a5f93d92318c8f592ee9fbb9d36ba0',1,'crypto.h']]],
-  ['psa_5faead_5fdecrypt',['psa_aead_decrypt',['../group__aead.html#gaa8ce6527f2e227f1071fadbf2099793b',1,'crypto.h']]],
-  ['psa_5faead_5fdecrypt_5fsetup',['psa_aead_decrypt_setup',['../group__aead.html#ga439896519d4a367ec86b47f201884152',1,'crypto.h']]],
-  ['psa_5faead_5fencrypt',['psa_aead_encrypt',['../group__aead.html#ga44de092cf58bb6c820c5c80a6c51610d',1,'crypto.h']]],
-  ['psa_5faead_5fencrypt_5fsetup',['psa_aead_encrypt_setup',['../group__aead.html#ga47265dc4852f1476f852752218fd12b2',1,'crypto.h']]],
-  ['psa_5faead_5ffinish',['psa_aead_finish',['../group__aead.html#ga759791bbe1763b377c3b5447641f1fc8',1,'crypto.h']]],
-  ['psa_5faead_5fgenerate_5fnonce',['psa_aead_generate_nonce',['../group__aead.html#ga3eadcf2a29f662129ea4fb3454969ba2',1,'crypto.h']]],
-  ['psa_5faead_5fset_5flengths',['psa_aead_set_lengths',['../group__aead.html#gad3431e28d05002c2a7b0760610176050',1,'crypto.h']]],
-  ['psa_5faead_5fset_5fnonce',['psa_aead_set_nonce',['../group__aead.html#ga40641d0721ca7fe01bbcd9ef635fbc46',1,'crypto.h']]],
-  ['psa_5faead_5fupdate',['psa_aead_update',['../group__aead.html#ga3b105de2088cef7c3d9e2fd8048c841c',1,'crypto.h']]],
-  ['psa_5faead_5fupdate_5fad',['psa_aead_update_ad',['../group__aead.html#ga6d0eed03f832e5c9c91cb8adf2882569',1,'crypto.h']]],
-  ['psa_5faead_5fverify',['psa_aead_verify',['../group__aead.html#gaaed211fc61977c859d6ff07f39f59219',1,'crypto.h']]],
-  ['psa_5fallocate_5fkey',['psa_allocate_key',['../group__key__management.html#ga40094b77b7a42b9c8e158395113f1a35',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fdecrypt',['psa_asymmetric_decrypt',['../group__asymmetric.html#ga34b55fbaee23dba1a677186fc66a556e',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fencrypt',['psa_asymmetric_encrypt',['../group__asymmetric.html#gad429293b7b0bf2a830b9540a02552004',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fsign',['psa_asymmetric_sign',['../group__asymmetric.html#ga1b0db9d345b5048cdd39357ac2d56c07',1,'crypto.h']]],
-  ['psa_5fasymmetric_5fverify',['psa_asymmetric_verify',['../group__asymmetric.html#ga1b8e964c8d927e3d632325d762959eb7',1,'crypto.h']]],
-  ['psa_5fcipher_5fabort',['psa_cipher_abort',['../group__cipher.html#gaad482cdca2098bca0620596aaa02eaa4',1,'crypto.h']]],
-  ['psa_5fcipher_5fdecrypt',['psa_cipher_decrypt',['../group__cipher.html#ga43d5991711ec45c98af0c1d99f6e0216',1,'crypto.h']]],
-  ['psa_5fcipher_5fdecrypt_5fsetup',['psa_cipher_decrypt_setup',['../group__cipher.html#gaddf8504e5367cd0efb4415bdec004f44',1,'crypto.h']]],
-  ['psa_5fcipher_5fencrypt',['psa_cipher_encrypt',['../group__cipher.html#gac76dda492d9a1ba6b327bff610ec17b2',1,'crypto.h']]],
-  ['psa_5fcipher_5fencrypt_5fsetup',['psa_cipher_encrypt_setup',['../group__cipher.html#ga2a7fc79a9d150d42dba99f40ee3a185e',1,'crypto.h']]],
-  ['psa_5fcipher_5ffinish',['psa_cipher_finish',['../group__cipher.html#ga1dcb58b8befe23f8a4d7a1d49c99249b',1,'crypto.h']]],
-  ['psa_5fcipher_5fgenerate_5fiv',['psa_cipher_generate_iv',['../group__cipher.html#ga44857cf5e0c3d134a3c560f8ff5b50aa',1,'crypto.h']]],
-  ['psa_5fcipher_5fset_5fiv',['psa_cipher_set_iv',['../group__cipher.html#ga1359b2101f31637496ce7cc36c6e3d42',1,'crypto.h']]],
-  ['psa_5fcipher_5fupdate',['psa_cipher_update',['../group__cipher.html#gafd0caea99cf1052527e4089d37f5ab91',1,'crypto.h']]],
-  ['psa_5fclose_5fkey',['psa_close_key',['../group__key__management.html#gaa09b720d299dfe6b9f41c36e448078eb',1,'crypto.h']]],
-  ['psa_5fcopy_5fkey',['psa_copy_key',['../group__import__export.html#ga5c1c24176cfb1517a8806235b3162a9d',1,'crypto.h']]],
-  ['psa_5fcreate_5fkey',['psa_create_key',['../group__key__management.html#ga4108f255d3eaa6d23a7a14b684af8d7c',1,'crypto.h']]],
-  ['psa_5fcrypto_5finit',['psa_crypto_init',['../group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9',1,'crypto.h']]],
-  ['psa_5fdestroy_5fkey',['psa_destroy_key',['../group__import__export.html#ga165085fc1bc7a78b91792fdd94ae102c',1,'crypto.h']]],
-  ['psa_5fexport_5fkey',['psa_export_key',['../group__import__export.html#ga902b9a7a6cf34d6111668be777b05eaf',1,'crypto.h']]],
-  ['psa_5fexport_5fpublic_5fkey',['psa_export_public_key',['../group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256',1,'crypto.h']]],
-  ['psa_5fgenerate_5fkey',['psa_generate_key',['../group__random.html#ga72921520494b4f007a3afb904cd9ecdd',1,'crypto.h']]],
-  ['psa_5fgenerate_5frandom',['psa_generate_random',['../group__random.html#ga1985eae417dfbccedf50d5fff54ea8c5',1,'crypto.h']]],
-  ['psa_5fgenerator_5fabort',['psa_generator_abort',['../group__generators.html#ga563ca64537d90368899286b36d8cf7f3',1,'crypto.h']]],
-  ['psa_5fgenerator_5fimport_5fkey',['psa_generator_import_key',['../group__generators.html#ga7fcdf07cd37279ca167db484053da894',1,'crypto.h']]],
-  ['psa_5fgenerator_5fread',['psa_generator_read',['../group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce',1,'crypto.h']]],
-  ['psa_5fget_5fgenerator_5fcapacity',['psa_get_generator_capacity',['../group__generators.html#ga7453491e3b440193be2c5dccc2040fd2',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5fdomain_5fparameters',['psa_get_key_domain_parameters',['../group__import__export.html#gae260b92e32ac5d63f7dfc6ffdf6536f7',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5finformation',['psa_get_key_information',['../group__import__export.html#gae8939902d6977ea8ad13eb7b4db9a042',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5flifetime',['psa_get_key_lifetime',['../group__key__management.html#ga1e4825ab59260aeb3bdbb3ff07210022',1,'crypto.h']]],
-  ['psa_5fget_5fkey_5fpolicy',['psa_get_key_policy',['../group__policy.html#gaed087d1386b807edee66b2e445ba9111',1,'crypto.h']]],
-  ['psa_5fhash_5fabort',['psa_hash_abort',['../group__hash.html#gab0b4d5f9912a615559497a467b532928',1,'crypto.h']]],
-  ['psa_5fhash_5fclone',['psa_hash_clone',['../group__hash.html#ga39673348f3302b4646bd780034a5aeda',1,'crypto.h']]],
-  ['psa_5fhash_5fcompare',['psa_hash_compare',['../group__hash.html#ga0bb6dbd3c310648c3cf7d202413ff0bc',1,'crypto.h']]],
-  ['psa_5fhash_5fcompute',['psa_hash_compute',['../group__hash.html#gac69f7f19d96a56c28cf3799d11b12156',1,'crypto.h']]],
-  ['psa_5fhash_5ffinish',['psa_hash_finish',['../group__hash.html#ga4795fd06a0067b0adcd92e9627b8c97e',1,'crypto.h']]],
-  ['psa_5fhash_5fsetup',['psa_hash_setup',['../group__hash.html#ga8d72896cf70fc4d514c5c6b978912515',1,'crypto.h']]],
-  ['psa_5fhash_5fupdate',['psa_hash_update',['../group__hash.html#ga65b16ef97d7f650899b7db4b7d1112ff',1,'crypto.h']]],
-  ['psa_5fhash_5fverify',['psa_hash_verify',['../group__hash.html#ga7be923c5700c9c70ef77ee9b76d1a5c0',1,'crypto.h']]],
-  ['psa_5fimport_5fkey',['psa_import_key',['../group__import__export.html#gac9f999cb4d098663d56095afe81a453a',1,'crypto.h']]],
-  ['psa_5fkey_5fagreement',['psa_key_agreement',['../group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2',1,'crypto.h']]],
-  ['psa_5fkey_5fagreement_5fraw_5fshared_5fsecret',['psa_key_agreement_raw_shared_secret',['../group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5finput_5fbytes',['psa_key_derivation_input_bytes',['../group__derivation.html#ga1b30e888db65c71f5337900848e1b03f',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5finput_5fkey',['psa_key_derivation_input_key',['../group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5fsetup',['psa_key_derivation_setup',['../group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5',1,'crypto.h']]],
-  ['psa_5fkey_5fpolicy_5fget_5falgorithm',['psa_key_policy_get_algorithm',['../group__policy.html#gaadf16b89ace53e1d2cb5bcb0aef24c86',1,'crypto.h']]],
-  ['psa_5fkey_5fpolicy_5fget_5fusage',['psa_key_policy_get_usage',['../group__policy.html#ga7746662b7503e484774d0ecb5d8ac2ab',1,'crypto.h']]],
-  ['psa_5fkey_5fpolicy_5fset_5fusage',['psa_key_policy_set_usage',['../group__policy.html#gac16792fd6d375a5f76d372090df40607',1,'crypto.h']]],
-  ['psa_5fmac_5fabort',['psa_mac_abort',['../group__MAC.html#gacd8dd54855ba1bc0a03f104f252884fd',1,'crypto.h']]],
-  ['psa_5fmac_5fcompute',['psa_mac_compute',['../group__MAC.html#gace78d9b51394f9d4f77952963665897a',1,'crypto.h']]],
-  ['psa_5fmac_5fsign_5ffinish',['psa_mac_sign_finish',['../group__MAC.html#gac22bc0125580c96724a09226cfbc97f2',1,'crypto.h']]],
-  ['psa_5fmac_5fsign_5fsetup',['psa_mac_sign_setup',['../group__MAC.html#gad33f2b15119593571ca6b8e7c757ab0e',1,'crypto.h']]],
-  ['psa_5fmac_5fupdate',['psa_mac_update',['../group__MAC.html#ga5560af371497babefe03c9da4e8a1c05',1,'crypto.h']]],
-  ['psa_5fmac_5fverify',['psa_mac_verify',['../group__MAC.html#ga08e2e8c21bfe762a907266f3bdd1d07c',1,'crypto.h']]],
-  ['psa_5fmac_5fverify_5ffinish',['psa_mac_verify_finish',['../group__MAC.html#gac92b2930d6728e1be4d011c05d485822',1,'crypto.h']]],
-  ['psa_5fmac_5fverify_5fsetup',['psa_mac_verify_setup',['../group__MAC.html#gaa721a59ae6d085ec90c7dc918879a027',1,'crypto.h']]],
-  ['psa_5fopen_5fkey',['psa_open_key',['../group__key__management.html#gaa9f1c848cf78b80fe2a7b18bb7ccec50',1,'crypto.h']]],
-  ['psa_5fset_5fgenerator_5fcapacity',['psa_set_generator_capacity',['../group__generators.html#ga45676ec3c719622f95caaf926f44bb6e',1,'crypto.h']]],
-  ['psa_5fset_5fkey_5fdomain_5fparameters',['psa_set_key_domain_parameters',['../group__import__export.html#ga091da8d3d39137fd6ad59f2b10234300',1,'crypto.h']]],
-  ['psa_5fset_5fkey_5fpolicy',['psa_set_key_policy',['../group__policy.html#ga1e2a6e50b621864f95d438222a3c640b',1,'crypto.h']]]
-];
diff --git a/docs/html/search/groups_0.html b/docs/html/search/groups_0.html
deleted file mode 100644
index 95cee43..0000000
--- a/docs/html/search/groups_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_0.js b/docs/html/search/groups_0.js
deleted file mode 100644
index 9e9cdcb..0000000
--- a/docs/html/search/groups_0.js
+++ /dev/null
@@ -1,5 +0,0 @@
-var searchData=
-[
-  ['authenticated_20encryption_20with_20associated_20data_20_28aead_29',['Authenticated encryption with associated data (AEAD)',['../group__aead.html',1,'']]],
-  ['asymmetric_20cryptography',['Asymmetric cryptography',['../group__asymmetric.html',1,'']]]
-];
diff --git a/docs/html/search/groups_1.html b/docs/html/search/groups_1.html
deleted file mode 100644
index 979ea3d..0000000
--- a/docs/html/search/groups_1.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_1.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_1.js b/docs/html/search/groups_1.js
deleted file mode 100644
index 4ab58fc..0000000
--- a/docs/html/search/groups_1.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['error_20codes',['Error codes',['../group__error.html',1,'']]]
-];
diff --git a/docs/html/search/groups_2.html b/docs/html/search/groups_2.html
deleted file mode 100644
index 310ab32..0000000
--- a/docs/html/search/groups_2.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_2.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_2.js b/docs/html/search/groups_2.js
deleted file mode 100644
index bb51584..0000000
--- a/docs/html/search/groups_2.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['generators',['Generators',['../group__generators.html',1,'']]]
-];
diff --git a/docs/html/search/groups_3.html b/docs/html/search/groups_3.html
deleted file mode 100644
index c24c7bd..0000000
--- a/docs/html/search/groups_3.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_3.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_3.js b/docs/html/search/groups_3.js
deleted file mode 100644
index f48be25..0000000
--- a/docs/html/search/groups_3.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['implementation_2dspecific_20definitions',['Implementation-specific definitions',['../group__platform.html',1,'']]]
-];
diff --git a/docs/html/search/groups_4.html b/docs/html/search/groups_4.html
deleted file mode 100644
index a1f3533..0000000
--- a/docs/html/search/groups_4.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_4.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_4.js b/docs/html/search/groups_4.js
deleted file mode 100644
index 489c5ec..0000000
--- a/docs/html/search/groups_4.js
+++ /dev/null
@@ -1,9 +0,0 @@
-var searchData=
-[
-  ['key_20and_20algorithm_20types',['Key and algorithm types',['../group__crypto__types.html',1,'']]],
-  ['key_20derivation',['Key derivation',['../group__derivation.html',1,'']]],
-  ['key_20import_20and_20export',['Key import and export',['../group__import__export.html',1,'']]],
-  ['key_20lifetimes',['Key lifetimes',['../group__key__lifetimes.html',1,'']]],
-  ['key_20management',['Key management',['../group__key__management.html',1,'']]],
-  ['key_20policies',['Key policies',['../group__policy.html',1,'']]]
-];
diff --git a/docs/html/search/groups_5.html b/docs/html/search/groups_5.html
deleted file mode 100644
index 938507d..0000000
--- a/docs/html/search/groups_5.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_5.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_5.js b/docs/html/search/groups_5.js
deleted file mode 100644
index c72a68d..0000000
--- a/docs/html/search/groups_5.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['library_20initialization',['Library initialization',['../group__initialization.html',1,'']]]
-];
diff --git a/docs/html/search/groups_6.html b/docs/html/search/groups_6.html
deleted file mode 100644
index e675e85..0000000
--- a/docs/html/search/groups_6.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_6.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_6.js b/docs/html/search/groups_6.js
deleted file mode 100644
index 6efdddb..0000000
--- a/docs/html/search/groups_6.js
+++ /dev/null
@@ -1,5 +0,0 @@
-var searchData=
-[
-  ['message_20digests',['Message digests',['../group__hash.html',1,'']]],
-  ['message_20authentication_20codes',['Message authentication codes',['../group__MAC.html',1,'']]]
-];
diff --git a/docs/html/search/groups_7.html b/docs/html/search/groups_7.html
deleted file mode 100644
index c974917..0000000
--- a/docs/html/search/groups_7.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_7.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_7.js b/docs/html/search/groups_7.js
deleted file mode 100644
index 2b3e593..0000000
--- a/docs/html/search/groups_7.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['random_20generation',['Random generation',['../group__random.html',1,'']]]
-];
diff --git a/docs/html/search/groups_8.html b/docs/html/search/groups_8.html
deleted file mode 100644
index 863b2f7..0000000
--- a/docs/html/search/groups_8.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="groups_8.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/groups_8.js b/docs/html/search/groups_8.js
deleted file mode 100644
index 5161a09..0000000
--- a/docs/html/search/groups_8.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['symmetric_20ciphers',['Symmetric ciphers',['../group__cipher.html',1,'']]]
-];
diff --git a/docs/html/search/mag_sel.png b/docs/html/search/mag_sel.png
deleted file mode 100644
index 81f6040..0000000
--- a/docs/html/search/mag_sel.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/search/nomatches.html b/docs/html/search/nomatches.html
deleted file mode 100644
index b1ded27..0000000
--- a/docs/html/search/nomatches.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="NoMatches">No Matches</div>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/search.css b/docs/html/search/search.css
deleted file mode 100644
index 4d7612f..0000000
--- a/docs/html/search/search.css
+++ /dev/null
@@ -1,271 +0,0 @@
-/*---------------- Search Box */
-
-#FSearchBox {
-    float: left;
-}
-
-#MSearchBox {
-    white-space : nowrap;
-    position: absolute;
-    float: none;
-    display: inline;
-    margin-top: 8px;
-    right: 0px;
-    width: 170px;
-    z-index: 102;
-    background-color: white;
-}
-
-#MSearchBox .left
-{
-    display:block;
-    position:absolute;
-    left:10px;
-    width:20px;
-    height:19px;
-    background:url('search_l.png') no-repeat;
-    background-position:right;
-}
-
-#MSearchSelect {
-    display:block;
-    position:absolute;
-    width:20px;
-    height:19px;
-}
-
-.left #MSearchSelect {
-    left:4px;
-}
-
-.right #MSearchSelect {
-    right:5px;
-}
-
-#MSearchField {
-    display:block;
-    position:absolute;
-    height:19px;
-    background:url('search_m.png') repeat-x;
-    border:none;
-    width:111px;
-    margin-left:20px;
-    padding-left:4px;
-    color: #909090;
-    outline: none;
-    font: 9pt Arial, Verdana, sans-serif;
-}
-
-#FSearchBox #MSearchField {
-    margin-left:15px;
-}
-
-#MSearchBox .right {
-    display:block;
-    position:absolute;
-    right:10px;
-    top:0px;
-    width:20px;
-    height:19px;
-    background:url('search_r.png') no-repeat;
-    background-position:left;
-}
-
-#MSearchClose {
-    display: none;
-    position: absolute;
-    top: 4px;
-    background : none;
-    border: none;
-    margin: 0px 4px 0px 0px;
-    padding: 0px 0px;
-    outline: none;
-}
-
-.left #MSearchClose {
-    left: 6px;
-}
-
-.right #MSearchClose {
-    right: 2px;
-}
-
-.MSearchBoxActive #MSearchField {
-    color: #000000;
-}
-
-/*---------------- Search filter selection */
-
-#MSearchSelectWindow {
-    display: none;
-    position: absolute;
-    left: 0; top: 0;
-    border: 1px solid #90A5CE;
-    background-color: #F9FAFC;
-    z-index: 1;
-    padding-top: 4px;
-    padding-bottom: 4px;
-    -moz-border-radius: 4px;
-    -webkit-border-top-left-radius: 4px;
-    -webkit-border-top-right-radius: 4px;
-    -webkit-border-bottom-left-radius: 4px;
-    -webkit-border-bottom-right-radius: 4px;
-    -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
-}
-
-.SelectItem {
-    font: 8pt Arial, Verdana, sans-serif;
-    padding-left:  2px;
-    padding-right: 12px;
-    border: 0px;
-}
-
-span.SelectionMark {
-    margin-right: 4px;
-    font-family: monospace;
-    outline-style: none;
-    text-decoration: none;
-}
-
-a.SelectItem {
-    display: block;
-    outline-style: none;
-    color: #000000; 
-    text-decoration: none;
-    padding-left:   6px;
-    padding-right: 12px;
-}
-
-a.SelectItem:focus,
-a.SelectItem:active {
-    color: #000000; 
-    outline-style: none;
-    text-decoration: none;
-}
-
-a.SelectItem:hover {
-    color: #FFFFFF;
-    background-color: #3D578C;
-    outline-style: none;
-    text-decoration: none;
-    cursor: pointer;
-    display: block;
-}
-
-/*---------------- Search results window */
-
-iframe#MSearchResults {
-    width: 60ex;
-    height: 15em;
-}
-
-#MSearchResultsWindow {
-    display: none;
-    position: absolute;
-    left: 0; top: 0;
-    border: 1px solid #000;
-    background-color: #EEF1F7;
-}
-
-/* ----------------------------------- */
-
-
-#SRIndex {
-    clear:both; 
-    padding-bottom: 15px;
-}
-
-.SREntry {
-    font-size: 10pt;
-    padding-left: 1ex;
-}
-
-.SRPage .SREntry {
-    font-size: 8pt;
-    padding: 1px 5px;
-}
-
-body.SRPage {
-    margin: 5px 2px;
-}
-
-.SRChildren {
-    padding-left: 3ex; padding-bottom: .5em 
-}
-
-.SRPage .SRChildren {
-    display: none;
-}
-
-.SRSymbol {
-    font-weight: bold; 
-    color: #425E97;
-    font-family: Arial, Verdana, sans-serif;
-    text-decoration: none;
-    outline: none;
-}
-
-a.SRScope {
-    display: block;
-    color: #425E97; 
-    font-family: Arial, Verdana, sans-serif;
-    text-decoration: none;
-    outline: none;
-}
-
-a.SRSymbol:focus, a.SRSymbol:active,
-a.SRScope:focus, a.SRScope:active {
-    text-decoration: underline;
-}
-
-span.SRScope {
-    padding-left: 4px;
-}
-
-.SRPage .SRStatus {
-    padding: 2px 5px;
-    font-size: 8pt;
-    font-style: italic;
-}
-
-.SRResult {
-    display: none;
-}
-
-DIV.searchresults {
-    margin-left: 10px;
-    margin-right: 10px;
-}
-
-/*---------------- External search page results */
-
-.searchresult {
-    background-color: #F0F3F8;
-}
-
-.pages b {
-   color: white;
-   padding: 5px 5px 3px 5px;
-   background-image: url("../tab_a.png");
-   background-repeat: repeat-x;
-   text-shadow: 0 1px 1px #000000;
-}
-
-.pages {
-    line-height: 17px;
-    margin-left: 4px;
-    text-decoration: none;
-}
-
-.hl {
-    font-weight: bold;
-}
-
-#searchresults {
-    margin-bottom: 20px;
-}
-
-.searchpages {
-    margin-top: 10px;
-}
-
diff --git a/docs/html/search/search.js b/docs/html/search/search.js
deleted file mode 100644
index dedce3b..0000000
--- a/docs/html/search/search.js
+++ /dev/null
@@ -1,791 +0,0 @@
-function convertToId(search)
-{
-  var result = '';
-  for (i=0;i<search.length;i++)
-  {
-    var c = search.charAt(i);
-    var cn = c.charCodeAt(0);
-    if (c.match(/[a-z0-9\u0080-\uFFFF]/))
-    {
-      result+=c;
-    }
-    else if (cn<16)
-    {
-      result+="_0"+cn.toString(16);
-    }
-    else
-    {
-      result+="_"+cn.toString(16);
-    }
-  }
-  return result;
-}
-
-function getXPos(item)
-{
-  var x = 0;
-  if (item.offsetWidth)
-  {
-    while (item && item!=document.body)
-    {
-      x   += item.offsetLeft;
-      item = item.offsetParent;
-    }
-  }
-  return x;
-}
-
-function getYPos(item)
-{
-  var y = 0;
-  if (item.offsetWidth)
-  {
-     while (item && item!=document.body)
-     {
-       y   += item.offsetTop;
-       item = item.offsetParent;
-     }
-  }
-  return y;
-}
-
-/* A class handling everything associated with the search panel.
-
-   Parameters:
-   name - The name of the global variable that will be
-          storing this instance.  Is needed to be able to set timeouts.
-   resultPath - path to use for external files
-*/
-function SearchBox(name, resultsPath, inFrame, label)
-{
-  if (!name || !resultsPath) {  alert("Missing parameters to SearchBox."); }
-
-  // ---------- Instance variables
-  this.name                  = name;
-  this.resultsPath           = resultsPath;
-  this.keyTimeout            = 0;
-  this.keyTimeoutLength      = 500;
-  this.closeSelectionTimeout = 300;
-  this.lastSearchValue       = "";
-  this.lastResultsPage       = "";
-  this.hideTimeout           = 0;
-  this.searchIndex           = 0;
-  this.searchActive          = false;
-  this.insideFrame           = inFrame;
-  this.searchLabel           = label;
-
-  // ----------- DOM Elements
-
-  this.DOMSearchField = function()
-  {  return document.getElementById("MSearchField");  }
-
-  this.DOMSearchSelect = function()
-  {  return document.getElementById("MSearchSelect");  }
-
-  this.DOMSearchSelectWindow = function()
-  {  return document.getElementById("MSearchSelectWindow");  }
-
-  this.DOMPopupSearchResults = function()
-  {  return document.getElementById("MSearchResults");  }
-
-  this.DOMPopupSearchResultsWindow = function()
-  {  return document.getElementById("MSearchResultsWindow");  }
-
-  this.DOMSearchClose = function()
-  {  return document.getElementById("MSearchClose"); }
-
-  this.DOMSearchBox = function()
-  {  return document.getElementById("MSearchBox");  }
-
-  // ------------ Event Handlers
-
-  // Called when focus is added or removed from the search field.
-  this.OnSearchFieldFocus = function(isActive)
-  {
-    this.Activate(isActive);
-  }
-
-  this.OnSearchSelectShow = function()
-  {
-    var searchSelectWindow = this.DOMSearchSelectWindow();
-    var searchField        = this.DOMSearchSelect();
-
-    if (this.insideFrame)
-    {
-      var left = getXPos(searchField);
-      var top  = getYPos(searchField);
-      left += searchField.offsetWidth + 6;
-      top += searchField.offsetHeight;
-
-      // show search selection popup
-      searchSelectWindow.style.display='block';
-      left -= searchSelectWindow.offsetWidth;
-      searchSelectWindow.style.left =  left + 'px';
-      searchSelectWindow.style.top  =  top  + 'px';
-    }
-    else
-    {
-      var left = getXPos(searchField);
-      var top  = getYPos(searchField);
-      top += searchField.offsetHeight;
-
-      // show search selection popup
-      searchSelectWindow.style.display='block';
-      searchSelectWindow.style.left =  left + 'px';
-      searchSelectWindow.style.top  =  top  + 'px';
-    }
-
-    // stop selection hide timer
-    if (this.hideTimeout)
-    {
-      clearTimeout(this.hideTimeout);
-      this.hideTimeout=0;
-    }
-    return false; // to avoid "image drag" default event
-  }
-
-  this.OnSearchSelectHide = function()
-  {
-    this.hideTimeout = setTimeout(this.name +".CloseSelectionWindow()",
-                                  this.closeSelectionTimeout);
-  }
-
-  // Called when the content of the search field is changed.
-  this.OnSearchFieldChange = function(evt)
-  {
-    if (this.keyTimeout) // kill running timer
-    {
-      clearTimeout(this.keyTimeout);
-      this.keyTimeout = 0;
-    }
-
-    var e  = (evt) ? evt : window.event; // for IE
-    if (e.keyCode==40 || e.keyCode==13)
-    {
-      if (e.shiftKey==1)
-      {
-        this.OnSearchSelectShow();
-        var win=this.DOMSearchSelectWindow();
-        for (i=0;i<win.childNodes.length;i++)
-        {
-          var child = win.childNodes[i]; // get span within a
-          if (child.className=='SelectItem')
-          {
-            child.focus();
-            return;
-          }
-        }
-        return;
-      }
-      else if (window.frames.MSearchResults.searchResults)
-      {
-        var elem = window.frames.MSearchResults.searchResults.NavNext(0);
-        if (elem) elem.focus();
-      }
-    }
-    else if (e.keyCode==27) // Escape out of the search field
-    {
-      this.DOMSearchField().blur();
-      this.DOMPopupSearchResultsWindow().style.display = 'none';
-      this.DOMSearchClose().style.display = 'none';
-      this.lastSearchValue = '';
-      this.Activate(false);
-      return;
-    }
-
-    // strip whitespaces
-    var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
-
-    if (searchValue != this.lastSearchValue) // search value has changed
-    {
-      if (searchValue != "") // non-empty search
-      {
-        // set timer for search update
-        this.keyTimeout = setTimeout(this.name + '.Search()',
-                                     this.keyTimeoutLength);
-      }
-      else // empty search field
-      {
-        this.DOMPopupSearchResultsWindow().style.display = 'none';
-        this.DOMSearchClose().style.display = 'none';
-        this.lastSearchValue = '';
-      }
-    }
-  }
-
-  this.SelectItemCount = function(id)
-  {
-    var count=0;
-    var win=this.DOMSearchSelectWindow();
-    for (i=0;i<win.childNodes.length;i++)
-    {
-      var child = win.childNodes[i]; // get span within a
-      if (child.className=='SelectItem')
-      {
-        count++;
-      }
-    }
-    return count;
-  }
-
-  this.SelectItemSet = function(id)
-  {
-    var i,j=0;
-    var win=this.DOMSearchSelectWindow();
-    for (i=0;i<win.childNodes.length;i++)
-    {
-      var child = win.childNodes[i]; // get span within a
-      if (child.className=='SelectItem')
-      {
-        var node = child.firstChild;
-        if (j==id)
-        {
-          node.innerHTML='&#8226;';
-        }
-        else
-        {
-          node.innerHTML='&#160;';
-        }
-        j++;
-      }
-    }
-  }
-
-  // Called when an search filter selection is made.
-  // set item with index id as the active item
-  this.OnSelectItem = function(id)
-  {
-    this.searchIndex = id;
-    this.SelectItemSet(id);
-    var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
-    if (searchValue!="" && this.searchActive) // something was found -> do a search
-    {
-      this.Search();
-    }
-  }
-
-  this.OnSearchSelectKey = function(evt)
-  {
-    var e = (evt) ? evt : window.event; // for IE
-    if (e.keyCode==40 && this.searchIndex<this.SelectItemCount()) // Down
-    {
-      this.searchIndex++;
-      this.OnSelectItem(this.searchIndex);
-    }
-    else if (e.keyCode==38 && this.searchIndex>0) // Up
-    {
-      this.searchIndex--;
-      this.OnSelectItem(this.searchIndex);
-    }
-    else if (e.keyCode==13 || e.keyCode==27)
-    {
-      this.OnSelectItem(this.searchIndex);
-      this.CloseSelectionWindow();
-      this.DOMSearchField().focus();
-    }
-    return false;
-  }
-
-  // --------- Actions
-
-  // Closes the results window.
-  this.CloseResultsWindow = function()
-  {
-    this.DOMPopupSearchResultsWindow().style.display = 'none';
-    this.DOMSearchClose().style.display = 'none';
-    this.Activate(false);
-  }
-
-  this.CloseSelectionWindow = function()
-  {
-    this.DOMSearchSelectWindow().style.display = 'none';
-  }
-
-  // Performs a search.
-  this.Search = function()
-  {
-    this.keyTimeout = 0;
-
-    // strip leading whitespace
-    var searchValue = this.DOMSearchField().value.replace(/^ +/, "");
-
-    var code = searchValue.toLowerCase().charCodeAt(0);
-    var idxChar = searchValue.substr(0, 1).toLowerCase();
-    if ( 0xD800 <= code && code <= 0xDBFF && searchValue > 1) // surrogate pair
-    {
-      idxChar = searchValue.substr(0, 2);
-    }
-
-    var resultsPage;
-    var resultsPageWithSearch;
-    var hasResultsPage;
-
-    var idx = indexSectionsWithContent[this.searchIndex].indexOf(idxChar);
-    if (idx!=-1)
-    {
-       var hexCode=idx.toString(16);
-       resultsPage = this.resultsPath + '/' + indexSectionNames[this.searchIndex] + '_' + hexCode + '.html';
-       resultsPageWithSearch = resultsPage+'?'+escape(searchValue);
-       hasResultsPage = true;
-    }
-    else // nothing available for this search term
-    {
-       resultsPage = this.resultsPath + '/nomatches.html';
-       resultsPageWithSearch = resultsPage;
-       hasResultsPage = false;
-    }
-
-    window.frames.MSearchResults.location = resultsPageWithSearch;
-    var domPopupSearchResultsWindow = this.DOMPopupSearchResultsWindow();
-
-    if (domPopupSearchResultsWindow.style.display!='block')
-    {
-       var domSearchBox = this.DOMSearchBox();
-       this.DOMSearchClose().style.display = 'inline';
-       if (this.insideFrame)
-       {
-         var domPopupSearchResults = this.DOMPopupSearchResults();
-         domPopupSearchResultsWindow.style.position = 'relative';
-         domPopupSearchResultsWindow.style.display  = 'block';
-         var width = document.body.clientWidth - 8; // the -8 is for IE :-(
-         domPopupSearchResultsWindow.style.width    = width + 'px';
-         domPopupSearchResults.style.width          = width + 'px';
-       }
-       else
-       {
-         var domPopupSearchResults = this.DOMPopupSearchResults();
-         var left = getXPos(domSearchBox) + 150; // domSearchBox.offsetWidth;
-         var top  = getYPos(domSearchBox) + 20;  // domSearchBox.offsetHeight + 1;
-         domPopupSearchResultsWindow.style.display = 'block';
-         left -= domPopupSearchResults.offsetWidth;
-         domPopupSearchResultsWindow.style.top     = top  + 'px';
-         domPopupSearchResultsWindow.style.left    = left + 'px';
-       }
-    }
-
-    this.lastSearchValue = searchValue;
-    this.lastResultsPage = resultsPage;
-  }
-
-  // -------- Activation Functions
-
-  // Activates or deactivates the search panel, resetting things to
-  // their default values if necessary.
-  this.Activate = function(isActive)
-  {
-    if (isActive || // open it
-        this.DOMPopupSearchResultsWindow().style.display == 'block'
-       )
-    {
-      this.DOMSearchBox().className = 'MSearchBoxActive';
-
-      var searchField = this.DOMSearchField();
-
-      if (searchField.value == this.searchLabel) // clear "Search" term upon entry
-      {
-        searchField.value = '';
-        this.searchActive = true;
-      }
-    }
-    else if (!isActive) // directly remove the panel
-    {
-      this.DOMSearchBox().className = 'MSearchBoxInactive';
-      this.DOMSearchField().value   = this.searchLabel;
-      this.searchActive             = false;
-      this.lastSearchValue          = ''
-      this.lastResultsPage          = '';
-    }
-  }
-}
-
-// -----------------------------------------------------------------------
-
-// The class that handles everything on the search results page.
-function SearchResults(name)
-{
-    // The number of matches from the last run of <Search()>.
-    this.lastMatchCount = 0;
-    this.lastKey = 0;
-    this.repeatOn = false;
-
-    // Toggles the visibility of the passed element ID.
-    this.FindChildElement = function(id)
-    {
-      var parentElement = document.getElementById(id);
-      var element = parentElement.firstChild;
-
-      while (element && element!=parentElement)
-      {
-        if (element.nodeName == 'DIV' && element.className == 'SRChildren')
-        {
-          return element;
-        }
-
-        if (element.nodeName == 'DIV' && element.hasChildNodes())
-        {
-           element = element.firstChild;
-        }
-        else if (element.nextSibling)
-        {
-           element = element.nextSibling;
-        }
-        else
-        {
-          do
-          {
-            element = element.parentNode;
-          }
-          while (element && element!=parentElement && !element.nextSibling);
-
-          if (element && element!=parentElement)
-          {
-            element = element.nextSibling;
-          }
-        }
-      }
-    }
-
-    this.Toggle = function(id)
-    {
-      var element = this.FindChildElement(id);
-      if (element)
-      {
-        if (element.style.display == 'block')
-        {
-          element.style.display = 'none';
-        }
-        else
-        {
-          element.style.display = 'block';
-        }
-      }
-    }
-
-    // Searches for the passed string.  If there is no parameter,
-    // it takes it from the URL query.
-    //
-    // Always returns true, since other documents may try to call it
-    // and that may or may not be possible.
-    this.Search = function(search)
-    {
-      if (!search) // get search word from URL
-      {
-        search = window.location.search;
-        search = search.substring(1);  // Remove the leading '?'
-        search = unescape(search);
-      }
-
-      search = search.replace(/^ +/, ""); // strip leading spaces
-      search = search.replace(/ +$/, ""); // strip trailing spaces
-      search = search.toLowerCase();
-      search = convertToId(search);
-
-      var resultRows = document.getElementsByTagName("div");
-      var matches = 0;
-
-      var i = 0;
-      while (i < resultRows.length)
-      {
-        var row = resultRows.item(i);
-        if (row.className == "SRResult")
-        {
-          var rowMatchName = row.id.toLowerCase();
-          rowMatchName = rowMatchName.replace(/^sr\d*_/, ''); // strip 'sr123_'
-
-          if (search.length<=rowMatchName.length &&
-             rowMatchName.substr(0, search.length)==search)
-          {
-            row.style.display = 'block';
-            matches++;
-          }
-          else
-          {
-            row.style.display = 'none';
-          }
-        }
-        i++;
-      }
-      document.getElementById("Searching").style.display='none';
-      if (matches == 0) // no results
-      {
-        document.getElementById("NoMatches").style.display='block';
-      }
-      else // at least one result
-      {
-        document.getElementById("NoMatches").style.display='none';
-      }
-      this.lastMatchCount = matches;
-      return true;
-    }
-
-    // return the first item with index index or higher that is visible
-    this.NavNext = function(index)
-    {
-      var focusItem;
-      while (1)
-      {
-        var focusName = 'Item'+index;
-        focusItem = document.getElementById(focusName);
-        if (focusItem && focusItem.parentNode.parentNode.style.display=='block')
-        {
-          break;
-        }
-        else if (!focusItem) // last element
-        {
-          break;
-        }
-        focusItem=null;
-        index++;
-      }
-      return focusItem;
-    }
-
-    this.NavPrev = function(index)
-    {
-      var focusItem;
-      while (1)
-      {
-        var focusName = 'Item'+index;
-        focusItem = document.getElementById(focusName);
-        if (focusItem && focusItem.parentNode.parentNode.style.display=='block')
-        {
-          break;
-        }
-        else if (!focusItem) // last element
-        {
-          break;
-        }
-        focusItem=null;
-        index--;
-      }
-      return focusItem;
-    }
-
-    this.ProcessKeys = function(e)
-    {
-      if (e.type == "keydown")
-      {
-        this.repeatOn = false;
-        this.lastKey = e.keyCode;
-      }
-      else if (e.type == "keypress")
-      {
-        if (!this.repeatOn)
-        {
-          if (this.lastKey) this.repeatOn = true;
-          return false; // ignore first keypress after keydown
-        }
-      }
-      else if (e.type == "keyup")
-      {
-        this.lastKey = 0;
-        this.repeatOn = false;
-      }
-      return this.lastKey!=0;
-    }
-
-    this.Nav = function(evt,itemIndex)
-    {
-      var e  = (evt) ? evt : window.event; // for IE
-      if (e.keyCode==13) return true;
-      if (!this.ProcessKeys(e)) return false;
-
-      if (this.lastKey==38) // Up
-      {
-        var newIndex = itemIndex-1;
-        var focusItem = this.NavPrev(newIndex);
-        if (focusItem)
-        {
-          var child = this.FindChildElement(focusItem.parentNode.parentNode.id);
-          if (child && child.style.display == 'block') // children visible
-          {
-            var n=0;
-            var tmpElem;
-            while (1) // search for last child
-            {
-              tmpElem = document.getElementById('Item'+newIndex+'_c'+n);
-              if (tmpElem)
-              {
-                focusItem = tmpElem;
-              }
-              else // found it!
-              {
-                break;
-              }
-              n++;
-            }
-          }
-        }
-        if (focusItem)
-        {
-          focusItem.focus();
-        }
-        else // return focus to search field
-        {
-           parent.document.getElementById("MSearchField").focus();
-        }
-      }
-      else if (this.lastKey==40) // Down
-      {
-        var newIndex = itemIndex+1;
-        var focusItem;
-        var item = document.getElementById('Item'+itemIndex);
-        var elem = this.FindChildElement(item.parentNode.parentNode.id);
-        if (elem && elem.style.display == 'block') // children visible
-        {
-          focusItem = document.getElementById('Item'+itemIndex+'_c0');
-        }
-        if (!focusItem) focusItem = this.NavNext(newIndex);
-        if (focusItem)  focusItem.focus();
-      }
-      else if (this.lastKey==39) // Right
-      {
-        var item = document.getElementById('Item'+itemIndex);
-        var elem = this.FindChildElement(item.parentNode.parentNode.id);
-        if (elem) elem.style.display = 'block';
-      }
-      else if (this.lastKey==37) // Left
-      {
-        var item = document.getElementById('Item'+itemIndex);
-        var elem = this.FindChildElement(item.parentNode.parentNode.id);
-        if (elem) elem.style.display = 'none';
-      }
-      else if (this.lastKey==27) // Escape
-      {
-        parent.searchBox.CloseResultsWindow();
-        parent.document.getElementById("MSearchField").focus();
-      }
-      else if (this.lastKey==13) // Enter
-      {
-        return true;
-      }
-      return false;
-    }
-
-    this.NavChild = function(evt,itemIndex,childIndex)
-    {
-      var e  = (evt) ? evt : window.event; // for IE
-      if (e.keyCode==13) return true;
-      if (!this.ProcessKeys(e)) return false;
-
-      if (this.lastKey==38) // Up
-      {
-        if (childIndex>0)
-        {
-          var newIndex = childIndex-1;
-          document.getElementById('Item'+itemIndex+'_c'+newIndex).focus();
-        }
-        else // already at first child, jump to parent
-        {
-          document.getElementById('Item'+itemIndex).focus();
-        }
-      }
-      else if (this.lastKey==40) // Down
-      {
-        var newIndex = childIndex+1;
-        var elem = document.getElementById('Item'+itemIndex+'_c'+newIndex);
-        if (!elem) // last child, jump to parent next parent
-        {
-          elem = this.NavNext(itemIndex+1);
-        }
-        if (elem)
-        {
-          elem.focus();
-        }
-      }
-      else if (this.lastKey==27) // Escape
-      {
-        parent.searchBox.CloseResultsWindow();
-        parent.document.getElementById("MSearchField").focus();
-      }
-      else if (this.lastKey==13) // Enter
-      {
-        return true;
-      }
-      return false;
-    }
-}
-
-function setKeyActions(elem,action)
-{
-  elem.setAttribute('onkeydown',action);
-  elem.setAttribute('onkeypress',action);
-  elem.setAttribute('onkeyup',action);
-}
-
-function setClassAttr(elem,attr)
-{
-  elem.setAttribute('class',attr);
-  elem.setAttribute('className',attr);
-}
-
-function createResults()
-{
-  var results = document.getElementById("SRResults");
-  for (var e=0; e<searchData.length; e++)
-  {
-    var id = searchData[e][0];
-    var srResult = document.createElement('div');
-    srResult.setAttribute('id','SR_'+id);
-    setClassAttr(srResult,'SRResult');
-    var srEntry = document.createElement('div');
-    setClassAttr(srEntry,'SREntry');
-    var srLink = document.createElement('a');
-    srLink.setAttribute('id','Item'+e);
-    setKeyActions(srLink,'return searchResults.Nav(event,'+e+')');
-    setClassAttr(srLink,'SRSymbol');
-    srLink.innerHTML = searchData[e][1][0];
-    srEntry.appendChild(srLink);
-    if (searchData[e][1].length==2) // single result
-    {
-      srLink.setAttribute('href',searchData[e][1][1][0]);
-      if (searchData[e][1][1][1])
-      {
-       srLink.setAttribute('target','_parent');
-      }
-      var srScope = document.createElement('span');
-      setClassAttr(srScope,'SRScope');
-      srScope.innerHTML = searchData[e][1][1][2];
-      srEntry.appendChild(srScope);
-    }
-    else // multiple results
-    {
-      srLink.setAttribute('href','javascript:searchResults.Toggle("SR_'+id+'")');
-      var srChildren = document.createElement('div');
-      setClassAttr(srChildren,'SRChildren');
-      for (var c=0; c<searchData[e][1].length-1; c++)
-      {
-        var srChild = document.createElement('a');
-        srChild.setAttribute('id','Item'+e+'_c'+c);
-        setKeyActions(srChild,'return searchResults.NavChild(event,'+e+','+c+')');
-        setClassAttr(srChild,'SRScope');
-        srChild.setAttribute('href',searchData[e][1][c+1][0]);
-        if (searchData[e][1][c+1][1])
-        {
-         srChild.setAttribute('target','_parent');
-        }
-        srChild.innerHTML = searchData[e][1][c+1][2];
-        srChildren.appendChild(srChild);
-      }
-      srEntry.appendChild(srChildren);
-    }
-    srResult.appendChild(srEntry);
-    results.appendChild(srResult);
-  }
-}
-
-function init_search()
-{
-  var results = document.getElementById("MSearchSelectWindow");
-  for (var key in indexSectionLabels)
-  {
-    var link = document.createElement('a');
-    link.setAttribute('class','SelectItem');
-    link.setAttribute('onclick','searchBox.OnSelectItem('+key+')');
-    link.href='javascript:void(0)';
-    link.innerHTML='<span class="SelectionMark">&#160;</span>'+indexSectionLabels[key];
-    results.appendChild(link);
-  }
-  searchBox.OnSelectItem(0);
-}
-
diff --git a/docs/html/search/search_l.png b/docs/html/search/search_l.png
deleted file mode 100644
index c872f4d..0000000
--- a/docs/html/search/search_l.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/search/search_m.png b/docs/html/search/search_m.png
deleted file mode 100644
index b429a16..0000000
--- a/docs/html/search/search_m.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/search/search_r.png b/docs/html/search/search_r.png
deleted file mode 100644
index 97ee8b4..0000000
--- a/docs/html/search/search_r.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/search/searchdata.js b/docs/html/search/searchdata.js
deleted file mode 100644
index 8384325..0000000
--- a/docs/html/search/searchdata.js
+++ /dev/null
@@ -1,36 +0,0 @@
-var indexSectionsWithContent =
-{
-  0: "acegiklmprs",
-  1: "p",
-  2: "c",
-  3: "p",
-  4: "e",
-  5: "p",
-  6: "p",
-  7: "aegiklmrs"
-};
-
-var indexSectionNames =
-{
-  0: "all",
-  1: "classes",
-  2: "files",
-  3: "functions",
-  4: "variables",
-  5: "typedefs",
-  6: "defines",
-  7: "groups"
-};
-
-var indexSectionLabels =
-{
-  0: "All",
-  1: "Classes",
-  2: "Files",
-  3: "Functions",
-  4: "Variables",
-  5: "Typedefs",
-  6: "Macros",
-  7: "Modules"
-};
-
diff --git a/docs/html/search/typedefs_0.html b/docs/html/search/typedefs_0.html
deleted file mode 100644
index fb07195..0000000
--- a/docs/html/search/typedefs_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="typedefs_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/typedefs_0.js b/docs/html/search/typedefs_0.js
deleted file mode 100644
index 5b2f6d2..0000000
--- a/docs/html/search/typedefs_0.js
+++ /dev/null
@@ -1,18 +0,0 @@
-var searchData=
-[
-  ['psa_5faead_5foperation_5ft',['psa_aead_operation_t',['../group__aead.html#ga14f6a01afbaa8c5b3d8c5d345cbaa3ed',1,'crypto.h']]],
-  ['psa_5falgorithm_5ft',['psa_algorithm_t',['../group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69',1,'crypto_types.h']]],
-  ['psa_5fcipher_5foperation_5ft',['psa_cipher_operation_t',['../group__cipher.html#ga1399de29db657e3737bb09927aae51fa',1,'crypto.h']]],
-  ['psa_5fcrypto_5fgenerator_5ft',['psa_crypto_generator_t',['../group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b',1,'crypto.h']]],
-  ['psa_5fecc_5fcurve_5ft',['psa_ecc_curve_t',['../group__crypto__types.html#ga4e8977c145cce5077c4bce7fec890ad9',1,'crypto_types.h']]],
-  ['psa_5fhash_5foperation_5ft',['psa_hash_operation_t',['../group__hash.html#ga3c4205d2ce66c4095fc5c78c25273fab',1,'crypto.h']]],
-  ['psa_5fkey_5fderivation_5fstep_5ft',['psa_key_derivation_step_t',['../group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b',1,'crypto_types.h']]],
-  ['psa_5fkey_5fhandle_5ft',['psa_key_handle_t',['../group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75',1,'crypto.h']]],
-  ['psa_5fkey_5fid_5ft',['psa_key_id_t',['../group__key__lifetimes.html#ga11e986351c65bd3dc3c0fe2cd9926e4b',1,'crypto_types.h']]],
-  ['psa_5fkey_5flifetime_5ft',['psa_key_lifetime_t',['../group__key__lifetimes.html#ga6821ff6dd39dc2bc370ded760ad8b0cf',1,'crypto_types.h']]],
-  ['psa_5fkey_5fpolicy_5ft',['psa_key_policy_t',['../group__policy.html#gaf553efd409845b6d09ff25ce2ba36607',1,'crypto.h']]],
-  ['psa_5fkey_5ftype_5ft',['psa_key_type_t',['../group__crypto__types.html#ga578159487dfc7096cb191b0d2befe628',1,'crypto_types.h']]],
-  ['psa_5fkey_5fusage_5ft',['psa_key_usage_t',['../group__policy.html#ga7bb9de71337e0e98de843aa7f9b55f25',1,'crypto_types.h']]],
-  ['psa_5fmac_5foperation_5ft',['psa_mac_operation_t',['../group__MAC.html#ga78f0838b0c4e3db28b26355624d4bd37',1,'crypto.h']]],
-  ['psa_5fstatus_5ft',['psa_status_t',['../group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9',1,'crypto_types.h']]]
-];
diff --git a/docs/html/search/variables_0.html b/docs/html/search/variables_0.html
deleted file mode 100644
index 3835278..0000000
--- a/docs/html/search/variables_0.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><head><title></title>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<link rel="stylesheet" type="text/css" href="search.css"/>
-<script type="text/javascript" src="variables_0.js"></script>
-<script type="text/javascript" src="search.js"></script>
-</head>
-<body class="SRPage">
-<div id="SRIndex">
-<div class="SRStatus" id="Loading">Loading...</div>
-<div id="SRResults"></div>
-<script type="text/javascript"><!--
-createResults();
---></script>
-<div class="SRStatus" id="Searching">Searching...</div>
-<div class="SRStatus" id="NoMatches">No Matches</div>
-<script type="text/javascript"><!--
-document.getElementById("Loading").style.display="none";
-document.getElementById("NoMatches").style.display="none";
-var searchResults = new SearchResults("searchResults");
-searchResults.Search();
---></script>
-</div>
-</body>
-</html>
diff --git a/docs/html/search/variables_0.js b/docs/html/search/variables_0.js
deleted file mode 100644
index 9ba7121..0000000
--- a/docs/html/search/variables_0.js
+++ /dev/null
@@ -1,4 +0,0 @@
-var searchData=
-[
-  ['e',['e',['../structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d',1,'psa_generate_key_extra_rsa']]]
-];
diff --git a/docs/html/searchindex.js b/docs/html/searchindex.js
new file mode 100644
index 0000000..8f47bdc
--- /dev/null
+++ b/docs/html/searchindex.js
@@ -0,0 +1 @@
+Search.setIndex({docnames:["from_doxygen","general","index"],envversion:{"sphinx.domains.c":1,"sphinx.domains.changeset":1,"sphinx.domains.cpp":1,"sphinx.domains.javascript":1,"sphinx.domains.math":2,"sphinx.domains.python":1,"sphinx.domains.rst":1,"sphinx.domains.std":1,"sphinx.ext.intersphinx":1,sphinx:55},filenames:["from_doxygen.rst","general.rst","index.rst"],objects:{"":{PSA_AEAD_DECRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"],PSA_AEAD_FINISH_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_FINISH_OUTPUT_SIZE"],PSA_AEAD_OPERATION_INIT:[0,0,1,"c.PSA_AEAD_OPERATION_INIT"],PSA_AEAD_TAG_LENGTH:[0,0,1,"c.PSA_AEAD_TAG_LENGTH"],PSA_AEAD_TAG_LENGTH_OFFSET:[0,0,1,"c.PSA_AEAD_TAG_LENGTH_OFFSET"],PSA_AEAD_UPDATE_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_SIZE"],PSA_AEAD_VERIFY_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_SIZE"],PSA_ALG_AEAD_FROM_BLOCK_FLAG:[0,0,1,"c.PSA_ALG_AEAD_FROM_BLOCK_FLAG"],PSA_ALG_AEAD_TAG_LENGTH_MASK:[0,0,1,"c.PSA_ALG_AEAD_TAG_LENGTH_MASK"],PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH:[0,0,1,"c.PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"],PSA_ALG_AEAD_WITH_TAG_LENGTH:[0,0,1,"c.PSA_ALG_AEAD_WITH_TAG_LENGTH"],PSA_ALG_ANY_HASH:[0,0,1,"c.PSA_ALG_ANY_HASH"],PSA_ALG_ARC4:[0,0,1,"c.PSA_ALG_ARC4"],PSA_ALG_CATEGORY_AEAD:[0,0,1,"c.PSA_ALG_CATEGORY_AEAD"],PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:[0,0,1,"c.PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"],PSA_ALG_CATEGORY_CIPHER:[0,0,1,"c.PSA_ALG_CATEGORY_CIPHER"],PSA_ALG_CATEGORY_HASH:[0,0,1,"c.PSA_ALG_CATEGORY_HASH"],PSA_ALG_CATEGORY_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_CATEGORY_KEY_AGREEMENT"],PSA_ALG_CATEGORY_KEY_DERIVATION:[0,0,1,"c.PSA_ALG_CATEGORY_KEY_DERIVATION"],PSA_ALG_CATEGORY_MAC:[0,0,1,"c.PSA_ALG_CATEGORY_MAC"],PSA_ALG_CATEGORY_MASK:[0,0,1,"c.PSA_ALG_CATEGORY_MASK"],PSA_ALG_CATEGORY_SIGN:[0,0,1,"c.PSA_ALG_CATEGORY_SIGN"],PSA_ALG_CBC_MAC:[0,0,1,"c.PSA_ALG_CBC_MAC"],PSA_ALG_CBC_NO_PADDING:[0,0,1,"c.PSA_ALG_CBC_NO_PADDING"],PSA_ALG_CBC_PKCS7:[0,0,1,"c.PSA_ALG_CBC_PKCS7"],PSA_ALG_CCM:[0,0,1,"c.PSA_ALG_CCM"],PSA_ALG_CFB:[0,0,1,"c.PSA_ALG_CFB"],PSA_ALG_CHACHA20:[0,0,1,"c.PSA_ALG_CHACHA20"],PSA_ALG_CHACHA20_POLY1305:[0,0,1,"c.PSA_ALG_CHACHA20_POLY1305"],PSA_ALG_CIPHER_FROM_BLOCK_FLAG:[0,0,1,"c.PSA_ALG_CIPHER_FROM_BLOCK_FLAG"],PSA_ALG_CIPHER_MAC_BASE:[0,0,1,"c.PSA_ALG_CIPHER_MAC_BASE"],PSA_ALG_CIPHER_STREAM_FLAG:[0,0,1,"c.PSA_ALG_CIPHER_STREAM_FLAG"],PSA_ALG_CMAC:[0,0,1,"c.PSA_ALG_CMAC"],PSA_ALG_CTR:[0,0,1,"c.PSA_ALG_CTR"],PSA_ALG_DETERMINISTIC_ECDSA:[0,0,1,"c.PSA_ALG_DETERMINISTIC_ECDSA"],PSA_ALG_DETERMINISTIC_ECDSA_BASE:[0,0,1,"c.PSA_ALG_DETERMINISTIC_ECDSA_BASE"],PSA_ALG_ECDH:[0,0,1,"c.PSA_ALG_ECDH"],PSA_ALG_ECDSA:[0,0,1,"c.PSA_ALG_ECDSA"],PSA_ALG_ECDSA_ANY:[0,0,1,"c.PSA_ALG_ECDSA_ANY"],PSA_ALG_ECDSA_BASE:[0,0,1,"c.PSA_ALG_ECDSA_BASE"],PSA_ALG_ECDSA_IS_DETERMINISTIC:[0,0,1,"c.PSA_ALG_ECDSA_IS_DETERMINISTIC"],PSA_ALG_FFDH:[0,0,1,"c.PSA_ALG_FFDH"],PSA_ALG_FULL_LENGTH_MAC:[0,0,1,"c.PSA_ALG_FULL_LENGTH_MAC"],PSA_ALG_GCM:[0,0,1,"c.PSA_ALG_GCM"],PSA_ALG_GMAC:[0,0,1,"c.PSA_ALG_GMAC"],PSA_ALG_HASH_MASK:[0,0,1,"c.PSA_ALG_HASH_MASK"],PSA_ALG_HKDF:[0,0,1,"c.PSA_ALG_HKDF"],PSA_ALG_HKDF_BASE:[0,0,1,"c.PSA_ALG_HKDF_BASE"],PSA_ALG_HKDF_GET_HASH:[0,0,1,"c.PSA_ALG_HKDF_GET_HASH"],PSA_ALG_HMAC:[0,0,1,"c.PSA_ALG_HMAC"],PSA_ALG_HMAC_BASE:[0,0,1,"c.PSA_ALG_HMAC_BASE"],PSA_ALG_HMAC_GET_HASH:[0,0,1,"c.PSA_ALG_HMAC_GET_HASH"],PSA_ALG_IS_AEAD:[0,0,1,"c.PSA_ALG_IS_AEAD"],PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER:[0,0,1,"c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"],PSA_ALG_IS_ASYMMETRIC_ENCRYPTION:[0,0,1,"c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"],PSA_ALG_IS_BLOCK_CIPHER_MAC:[0,0,1,"c.PSA_ALG_IS_BLOCK_CIPHER_MAC"],PSA_ALG_IS_CIPHER:[0,0,1,"c.PSA_ALG_IS_CIPHER"],PSA_ALG_IS_DETERMINISTIC_ECDSA:[0,0,1,"c.PSA_ALG_IS_DETERMINISTIC_ECDSA"],PSA_ALG_IS_ECDH:[0,0,1,"c.PSA_ALG_IS_ECDH"],PSA_ALG_IS_ECDSA:[0,0,1,"c.PSA_ALG_IS_ECDSA"],PSA_ALG_IS_FFDH:[0,0,1,"c.PSA_ALG_IS_FFDH"],PSA_ALG_IS_HASH:[0,0,1,"c.PSA_ALG_IS_HASH"],PSA_ALG_IS_HASH_AND_SIGN:[0,0,1,"c.PSA_ALG_IS_HASH_AND_SIGN"],PSA_ALG_IS_HKDF:[0,0,1,"c.PSA_ALG_IS_HKDF"],PSA_ALG_IS_HMAC:[0,0,1,"c.PSA_ALG_IS_HMAC"],PSA_ALG_IS_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_KEY_AGREEMENT"],PSA_ALG_IS_KEY_DERIVATION:[0,0,1,"c.PSA_ALG_IS_KEY_DERIVATION"],PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"],PSA_ALG_IS_MAC:[0,0,1,"c.PSA_ALG_IS_MAC"],PSA_ALG_IS_RANDOMIZED_ECDSA:[0,0,1,"c.PSA_ALG_IS_RANDOMIZED_ECDSA"],PSA_ALG_IS_RAW_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_RAW_KEY_AGREEMENT"],PSA_ALG_IS_RSA_OAEP:[0,0,1,"c.PSA_ALG_IS_RSA_OAEP"],PSA_ALG_IS_RSA_PKCS1V15_SIGN:[0,0,1,"c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"],PSA_ALG_IS_RSA_PSS:[0,0,1,"c.PSA_ALG_IS_RSA_PSS"],PSA_ALG_IS_SIGN:[0,0,1,"c.PSA_ALG_IS_SIGN"],PSA_ALG_IS_STREAM_CIPHER:[0,0,1,"c.PSA_ALG_IS_STREAM_CIPHER"],PSA_ALG_IS_TLS12_PRF:[0,0,1,"c.PSA_ALG_IS_TLS12_PRF"],PSA_ALG_IS_TLS12_PSK_TO_MS:[0,0,1,"c.PSA_ALG_IS_TLS12_PSK_TO_MS"],PSA_ALG_IS_VENDOR_DEFINED:[0,0,1,"c.PSA_ALG_IS_VENDOR_DEFINED"],PSA_ALG_IS_WILDCARD:[0,0,1,"c.PSA_ALG_IS_WILDCARD"],PSA_ALG_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT"],PSA_ALG_KEY_AGREEMENT_GET_BASE:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_BASE"],PSA_ALG_KEY_AGREEMENT_GET_KDF:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_KDF"],PSA_ALG_KEY_AGREEMENT_MASK:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT_MASK"],PSA_ALG_KEY_DERIVATION_MASK:[0,0,1,"c.PSA_ALG_KEY_DERIVATION_MASK"],PSA_ALG_MAC_SUBCATEGORY_MASK:[0,0,1,"c.PSA_ALG_MAC_SUBCATEGORY_MASK"],PSA_ALG_MAC_TRUNCATION_MASK:[0,0,1,"c.PSA_ALG_MAC_TRUNCATION_MASK"],PSA_ALG_MD2:[0,0,1,"c.PSA_ALG_MD2"],PSA_ALG_MD4:[0,0,1,"c.PSA_ALG_MD4"],PSA_ALG_MD5:[0,0,1,"c.PSA_ALG_MD5"],PSA_ALG_OFB:[0,0,1,"c.PSA_ALG_OFB"],PSA_ALG_RIPEMD160:[0,0,1,"c.PSA_ALG_RIPEMD160"],PSA_ALG_RSA_OAEP:[0,0,1,"c.PSA_ALG_RSA_OAEP"],PSA_ALG_RSA_OAEP_BASE:[0,0,1,"c.PSA_ALG_RSA_OAEP_BASE"],PSA_ALG_RSA_OAEP_GET_HASH:[0,0,1,"c.PSA_ALG_RSA_OAEP_GET_HASH"],PSA_ALG_RSA_PKCS1V15_CRYPT:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_CRYPT"],PSA_ALG_RSA_PKCS1V15_SIGN:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN"],PSA_ALG_RSA_PKCS1V15_SIGN_BASE:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN_BASE"],PSA_ALG_RSA_PKCS1V15_SIGN_RAW:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"],PSA_ALG_RSA_PSS:[0,0,1,"c.PSA_ALG_RSA_PSS"],PSA_ALG_RSA_PSS_BASE:[0,0,1,"c.PSA_ALG_RSA_PSS_BASE"],PSA_ALG_SHA3_224:[0,0,1,"c.PSA_ALG_SHA3_224"],PSA_ALG_SHA3_256:[0,0,1,"c.PSA_ALG_SHA3_256"],PSA_ALG_SHA3_384:[0,0,1,"c.PSA_ALG_SHA3_384"],PSA_ALG_SHA3_512:[0,0,1,"c.PSA_ALG_SHA3_512"],PSA_ALG_SHA_1:[0,0,1,"c.PSA_ALG_SHA_1"],PSA_ALG_SHA_224:[0,0,1,"c.PSA_ALG_SHA_224"],PSA_ALG_SHA_256:[0,0,1,"c.PSA_ALG_SHA_256"],PSA_ALG_SHA_384:[0,0,1,"c.PSA_ALG_SHA_384"],PSA_ALG_SHA_512:[0,0,1,"c.PSA_ALG_SHA_512"],PSA_ALG_SHA_512_224:[0,0,1,"c.PSA_ALG_SHA_512_224"],PSA_ALG_SHA_512_256:[0,0,1,"c.PSA_ALG_SHA_512_256"],PSA_ALG_SIGN_GET_HASH:[0,0,1,"c.PSA_ALG_SIGN_GET_HASH"],PSA_ALG_TLS12_PRF:[0,0,1,"c.PSA_ALG_TLS12_PRF"],PSA_ALG_TLS12_PRF_BASE:[0,0,1,"c.PSA_ALG_TLS12_PRF_BASE"],PSA_ALG_TLS12_PRF_GET_HASH:[0,0,1,"c.PSA_ALG_TLS12_PRF_GET_HASH"],PSA_ALG_TLS12_PSK_TO_MS:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS"],PSA_ALG_TLS12_PSK_TO_MS_BASE:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS_BASE"],PSA_ALG_TLS12_PSK_TO_MS_GET_HASH:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"],PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"],PSA_ALG_TRUNCATED_MAC:[0,0,1,"c.PSA_ALG_TRUNCATED_MAC"],PSA_ALG_VENDOR_FLAG:[0,0,1,"c.PSA_ALG_VENDOR_FLAG"],PSA_ALG_XTS:[0,0,1,"c.PSA_ALG_XTS"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"],PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"],PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"],PSA_BITS_TO_BYTES:[0,0,1,"c.PSA_BITS_TO_BYTES"],PSA_BLOCK_CIPHER_BLOCK_SIZE:[0,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_SIZE"],PSA_BYTES_TO_BITS:[0,0,1,"c.PSA_BYTES_TO_BITS"],PSA_CIPHER_OPERATION_INIT:[0,0,1,"c.PSA_CIPHER_OPERATION_INIT"],PSA_DH_GROUP_FFDHE2048:[0,0,1,"c.PSA_DH_GROUP_FFDHE2048"],PSA_DH_GROUP_FFDHE3072:[0,0,1,"c.PSA_DH_GROUP_FFDHE3072"],PSA_DH_GROUP_FFDHE4096:[0,0,1,"c.PSA_DH_GROUP_FFDHE4096"],PSA_DH_GROUP_FFDHE6144:[0,0,1,"c.PSA_DH_GROUP_FFDHE6144"],PSA_DH_GROUP_FFDHE8192:[0,0,1,"c.PSA_DH_GROUP_FFDHE8192"],PSA_ECC_CURVE_BITS:[0,0,1,"c.PSA_ECC_CURVE_BITS"],PSA_ECC_CURVE_BRAINPOOL_P256R1:[0,0,1,"c.PSA_ECC_CURVE_BRAINPOOL_P256R1"],PSA_ECC_CURVE_BRAINPOOL_P384R1:[0,0,1,"c.PSA_ECC_CURVE_BRAINPOOL_P384R1"],PSA_ECC_CURVE_BRAINPOOL_P512R1:[0,0,1,"c.PSA_ECC_CURVE_BRAINPOOL_P512R1"],PSA_ECC_CURVE_CURVE25519:[0,0,1,"c.PSA_ECC_CURVE_CURVE25519"],PSA_ECC_CURVE_CURVE448:[0,0,1,"c.PSA_ECC_CURVE_CURVE448"],PSA_ECC_CURVE_SECP160K1:[0,0,1,"c.PSA_ECC_CURVE_SECP160K1"],PSA_ECC_CURVE_SECP160R1:[0,0,1,"c.PSA_ECC_CURVE_SECP160R1"],PSA_ECC_CURVE_SECP160R2:[0,0,1,"c.PSA_ECC_CURVE_SECP160R2"],PSA_ECC_CURVE_SECP192K1:[0,0,1,"c.PSA_ECC_CURVE_SECP192K1"],PSA_ECC_CURVE_SECP192R1:[0,0,1,"c.PSA_ECC_CURVE_SECP192R1"],PSA_ECC_CURVE_SECP224K1:[0,0,1,"c.PSA_ECC_CURVE_SECP224K1"],PSA_ECC_CURVE_SECP224R1:[0,0,1,"c.PSA_ECC_CURVE_SECP224R1"],PSA_ECC_CURVE_SECP256K1:[0,0,1,"c.PSA_ECC_CURVE_SECP256K1"],PSA_ECC_CURVE_SECP256R1:[0,0,1,"c.PSA_ECC_CURVE_SECP256R1"],PSA_ECC_CURVE_SECP384R1:[0,0,1,"c.PSA_ECC_CURVE_SECP384R1"],PSA_ECC_CURVE_SECP521R1:[0,0,1,"c.PSA_ECC_CURVE_SECP521R1"],PSA_ECC_CURVE_SECT163K1:[0,0,1,"c.PSA_ECC_CURVE_SECT163K1"],PSA_ECC_CURVE_SECT163R1:[0,0,1,"c.PSA_ECC_CURVE_SECT163R1"],PSA_ECC_CURVE_SECT163R2:[0,0,1,"c.PSA_ECC_CURVE_SECT163R2"],PSA_ECC_CURVE_SECT193R1:[0,0,1,"c.PSA_ECC_CURVE_SECT193R1"],PSA_ECC_CURVE_SECT193R2:[0,0,1,"c.PSA_ECC_CURVE_SECT193R2"],PSA_ECC_CURVE_SECT233K1:[0,0,1,"c.PSA_ECC_CURVE_SECT233K1"],PSA_ECC_CURVE_SECT233R1:[0,0,1,"c.PSA_ECC_CURVE_SECT233R1"],PSA_ECC_CURVE_SECT239K1:[0,0,1,"c.PSA_ECC_CURVE_SECT239K1"],PSA_ECC_CURVE_SECT283K1:[0,0,1,"c.PSA_ECC_CURVE_SECT283K1"],PSA_ECC_CURVE_SECT283R1:[0,0,1,"c.PSA_ECC_CURVE_SECT283R1"],PSA_ECC_CURVE_SECT409K1:[0,0,1,"c.PSA_ECC_CURVE_SECT409K1"],PSA_ECC_CURVE_SECT409R1:[0,0,1,"c.PSA_ECC_CURVE_SECT409R1"],PSA_ECC_CURVE_SECT571K1:[0,0,1,"c.PSA_ECC_CURVE_SECT571K1"],PSA_ECC_CURVE_SECT571R1:[0,0,1,"c.PSA_ECC_CURVE_SECT571R1"],PSA_ECDSA_SIGNATURE_SIZE:[0,0,1,"c.PSA_ECDSA_SIGNATURE_SIZE"],PSA_ERROR_ALREADY_EXISTS:[0,0,1,"c.PSA_ERROR_ALREADY_EXISTS"],PSA_ERROR_BAD_STATE:[0,0,1,"c.PSA_ERROR_BAD_STATE"],PSA_ERROR_BUFFER_TOO_SMALL:[0,0,1,"c.PSA_ERROR_BUFFER_TOO_SMALL"],PSA_ERROR_COMMUNICATION_FAILURE:[0,0,1,"c.PSA_ERROR_COMMUNICATION_FAILURE"],PSA_ERROR_CORRUPTION_DETECTED:[0,0,1,"c.PSA_ERROR_CORRUPTION_DETECTED"],PSA_ERROR_DOES_NOT_EXIST:[0,0,1,"c.PSA_ERROR_DOES_NOT_EXIST"],PSA_ERROR_GENERIC_ERROR:[0,0,1,"c.PSA_ERROR_GENERIC_ERROR"],PSA_ERROR_HARDWARE_FAILURE:[0,0,1,"c.PSA_ERROR_HARDWARE_FAILURE"],PSA_ERROR_INSUFFICIENT_DATA:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_DATA"],PSA_ERROR_INSUFFICIENT_ENTROPY:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_ENTROPY"],PSA_ERROR_INSUFFICIENT_MEMORY:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_MEMORY"],PSA_ERROR_INSUFFICIENT_STORAGE:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_STORAGE"],PSA_ERROR_INVALID_ARGUMENT:[0,0,1,"c.PSA_ERROR_INVALID_ARGUMENT"],PSA_ERROR_INVALID_HANDLE:[0,0,1,"c.PSA_ERROR_INVALID_HANDLE"],PSA_ERROR_INVALID_PADDING:[0,0,1,"c.PSA_ERROR_INVALID_PADDING"],PSA_ERROR_INVALID_SIGNATURE:[0,0,1,"c.PSA_ERROR_INVALID_SIGNATURE"],PSA_ERROR_NOT_PERMITTED:[0,0,1,"c.PSA_ERROR_NOT_PERMITTED"],PSA_ERROR_NOT_SUPPORTED:[0,0,1,"c.PSA_ERROR_NOT_SUPPORTED"],PSA_ERROR_STORAGE_FAILURE:[0,0,1,"c.PSA_ERROR_STORAGE_FAILURE"],PSA_HASH_MAX_SIZE:[0,0,1,"c.PSA_HASH_MAX_SIZE"],PSA_HASH_OPERATION_INIT:[0,0,1,"c.PSA_HASH_OPERATION_INIT"],PSA_HASH_SIZE:[0,0,1,"c.PSA_HASH_SIZE"],PSA_HMAC_MAX_HASH_BLOCK_SIZE:[0,0,1,"c.PSA_HMAC_MAX_HASH_BLOCK_SIZE"],PSA_KEY_ATTRIBUTES_INIT:[0,0,1,"c.PSA_KEY_ATTRIBUTES_INIT"],PSA_KEY_DERIVATION_INPUT_INFO:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_INFO"],PSA_KEY_DERIVATION_INPUT_LABEL:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_LABEL"],PSA_KEY_DERIVATION_INPUT_SALT:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_SALT"],PSA_KEY_DERIVATION_INPUT_SECRET:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_SECRET"],PSA_KEY_DERIVATION_INPUT_SEED:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_SEED"],PSA_KEY_DERIVATION_OPERATION_INIT:[0,0,1,"c.PSA_KEY_DERIVATION_OPERATION_INIT"],PSA_KEY_DERIVATION_UNLIMITED_CAPACITY:[0,0,1,"c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"],PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"],PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"],PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"],PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"],PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"],PSA_KEY_EXPORT_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_MAX_SIZE"],PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"],PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"],PSA_KEY_ID_USER_MAX:[0,0,1,"c.PSA_KEY_ID_USER_MAX"],PSA_KEY_ID_USER_MIN:[0,0,1,"c.PSA_KEY_ID_USER_MIN"],PSA_KEY_ID_VENDOR_MAX:[0,0,1,"c.PSA_KEY_ID_VENDOR_MAX"],PSA_KEY_ID_VENDOR_MIN:[0,0,1,"c.PSA_KEY_ID_VENDOR_MIN"],PSA_KEY_LIFETIME_PERSISTENT:[0,0,1,"c.PSA_KEY_LIFETIME_PERSISTENT"],PSA_KEY_LIFETIME_VOLATILE:[0,0,1,"c.PSA_KEY_LIFETIME_VOLATILE"],PSA_KEY_TYPE_AES:[0,0,1,"c.PSA_KEY_TYPE_AES"],PSA_KEY_TYPE_ARC4:[0,0,1,"c.PSA_KEY_TYPE_ARC4"],PSA_KEY_TYPE_CAMELLIA:[0,0,1,"c.PSA_KEY_TYPE_CAMELLIA"],PSA_KEY_TYPE_CATEGORY_FLAG_PAIR:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"],PSA_KEY_TYPE_CATEGORY_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_KEY_PAIR"],PSA_KEY_TYPE_CATEGORY_MASK:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_MASK"],PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"],PSA_KEY_TYPE_CATEGORY_RAW:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_RAW"],PSA_KEY_TYPE_CATEGORY_SYMMETRIC:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_SYMMETRIC"],PSA_KEY_TYPE_CHACHA20:[0,0,1,"c.PSA_KEY_TYPE_CHACHA20"],PSA_KEY_TYPE_DERIVE:[0,0,1,"c.PSA_KEY_TYPE_DERIVE"],PSA_KEY_TYPE_DES:[0,0,1,"c.PSA_KEY_TYPE_DES"],PSA_KEY_TYPE_DH_GROUP_MASK:[0,0,1,"c.PSA_KEY_TYPE_DH_GROUP_MASK"],PSA_KEY_TYPE_DH_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_DH_KEY_PAIR"],PSA_KEY_TYPE_DH_KEY_PAIR_BASE:[0,0,1,"c.PSA_KEY_TYPE_DH_KEY_PAIR_BASE"],PSA_KEY_TYPE_DH_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_DH_PUBLIC_KEY"],PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE:[0,0,1,"c.PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"],PSA_KEY_TYPE_ECC_CURVE_MASK:[0,0,1,"c.PSA_KEY_TYPE_ECC_CURVE_MASK"],PSA_KEY_TYPE_ECC_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_ECC_KEY_PAIR"],PSA_KEY_TYPE_ECC_KEY_PAIR_BASE:[0,0,1,"c.PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"],PSA_KEY_TYPE_ECC_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE:[0,0,1,"c.PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"],PSA_KEY_TYPE_GET_CURVE:[0,0,1,"c.PSA_KEY_TYPE_GET_CURVE"],PSA_KEY_TYPE_GET_GROUP:[0,0,1,"c.PSA_KEY_TYPE_GET_GROUP"],PSA_KEY_TYPE_HMAC:[0,0,1,"c.PSA_KEY_TYPE_HMAC"],PSA_KEY_TYPE_IS_ASYMMETRIC:[0,0,1,"c.PSA_KEY_TYPE_IS_ASYMMETRIC"],PSA_KEY_TYPE_IS_DH:[0,0,1,"c.PSA_KEY_TYPE_IS_DH"],PSA_KEY_TYPE_IS_DH_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"],PSA_KEY_TYPE_IS_DH_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"],PSA_KEY_TYPE_IS_ECC:[0,0,1,"c.PSA_KEY_TYPE_IS_ECC"],PSA_KEY_TYPE_IS_ECC_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"],PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_IS_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_IS_KEY_PAIR"],PSA_KEY_TYPE_IS_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_IS_PUBLIC_KEY"],PSA_KEY_TYPE_IS_RSA:[0,0,1,"c.PSA_KEY_TYPE_IS_RSA"],PSA_KEY_TYPE_IS_UNSTRUCTURED:[0,0,1,"c.PSA_KEY_TYPE_IS_UNSTRUCTURED"],PSA_KEY_TYPE_IS_VENDOR_DEFINED:[0,0,1,"c.PSA_KEY_TYPE_IS_VENDOR_DEFINED"],PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"],PSA_KEY_TYPE_NONE:[0,0,1,"c.PSA_KEY_TYPE_NONE"],PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"],PSA_KEY_TYPE_RAW_DATA:[0,0,1,"c.PSA_KEY_TYPE_RAW_DATA"],PSA_KEY_TYPE_RSA_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_RSA_KEY_PAIR"],PSA_KEY_TYPE_RSA_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"],PSA_KEY_TYPE_VENDOR_FLAG:[0,0,1,"c.PSA_KEY_TYPE_VENDOR_FLAG"],PSA_KEY_USAGE_COPY:[0,0,1,"c.PSA_KEY_USAGE_COPY"],PSA_KEY_USAGE_DECRYPT:[0,0,1,"c.PSA_KEY_USAGE_DECRYPT"],PSA_KEY_USAGE_DERIVE:[0,0,1,"c.PSA_KEY_USAGE_DERIVE"],PSA_KEY_USAGE_ENCRYPT:[0,0,1,"c.PSA_KEY_USAGE_ENCRYPT"],PSA_KEY_USAGE_EXPORT:[0,0,1,"c.PSA_KEY_USAGE_EXPORT"],PSA_KEY_USAGE_SIGN:[0,0,1,"c.PSA_KEY_USAGE_SIGN"],PSA_KEY_USAGE_VERIFY:[0,0,1,"c.PSA_KEY_USAGE_VERIFY"],PSA_MAC_FINAL_SIZE:[0,0,1,"c.PSA_MAC_FINAL_SIZE"],PSA_MAC_MAX_SIZE:[0,0,1,"c.PSA_MAC_MAX_SIZE"],PSA_MAC_OPERATION_INIT:[0,0,1,"c.PSA_MAC_OPERATION_INIT"],PSA_MAC_TRUNCATED_LENGTH:[0,0,1,"c.PSA_MAC_TRUNCATED_LENGTH"],PSA_MAC_TRUNCATION_OFFSET:[0,0,1,"c.PSA_MAC_TRUNCATION_OFFSET"],PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE:[0,0,1,"c.PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"],PSA_ROUND_UP_TO_MULTIPLE:[0,0,1,"c.PSA_ROUND_UP_TO_MULTIPLE"],PSA_RSA_MINIMUM_PADDING_SIZE:[0,0,1,"c.PSA_RSA_MINIMUM_PADDING_SIZE"],PSA_SUCCESS:[0,0,1,"c.PSA_SUCCESS"],PSA_VENDOR_ECC_MAX_CURVE_BITS:[0,0,1,"c.PSA_VENDOR_ECC_MAX_CURVE_BITS"],PSA_VENDOR_RSA_MAX_KEY_BITS:[0,0,1,"c.PSA_VENDOR_RSA_MAX_KEY_BITS"],PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE:[0,0,1,"c.PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"],psa_aead_abort:[0,1,1,"c.psa_aead_abort"],psa_aead_decrypt:[0,1,1,"c.psa_aead_decrypt"],psa_aead_decrypt_setup:[0,1,1,"c.psa_aead_decrypt_setup"],psa_aead_encrypt:[0,1,1,"c.psa_aead_encrypt"],psa_aead_encrypt_setup:[0,1,1,"c.psa_aead_encrypt_setup"],psa_aead_finish:[0,1,1,"c.psa_aead_finish"],psa_aead_generate_nonce:[0,1,1,"c.psa_aead_generate_nonce"],psa_aead_operation_init:[0,1,1,"c.psa_aead_operation_init"],psa_aead_operation_t:[0,2,1,"c.psa_aead_operation_t"],psa_aead_set_lengths:[0,1,1,"c.psa_aead_set_lengths"],psa_aead_set_nonce:[0,1,1,"c.psa_aead_set_nonce"],psa_aead_update:[0,1,1,"c.psa_aead_update"],psa_aead_update_ad:[0,1,1,"c.psa_aead_update_ad"],psa_aead_verify:[0,1,1,"c.psa_aead_verify"],psa_algorithm_t:[0,2,1,"c.psa_algorithm_t"],psa_asymmetric_decrypt:[0,1,1,"c.psa_asymmetric_decrypt"],psa_asymmetric_encrypt:[0,1,1,"c.psa_asymmetric_encrypt"],psa_asymmetric_sign:[0,1,1,"c.psa_asymmetric_sign"],psa_asymmetric_verify:[0,1,1,"c.psa_asymmetric_verify"],psa_cipher_abort:[0,1,1,"c.psa_cipher_abort"],psa_cipher_decrypt:[0,1,1,"c.psa_cipher_decrypt"],psa_cipher_decrypt_setup:[0,1,1,"c.psa_cipher_decrypt_setup"],psa_cipher_encrypt:[0,1,1,"c.psa_cipher_encrypt"],psa_cipher_encrypt_setup:[0,1,1,"c.psa_cipher_encrypt_setup"],psa_cipher_finish:[0,1,1,"c.psa_cipher_finish"],psa_cipher_generate_iv:[0,1,1,"c.psa_cipher_generate_iv"],psa_cipher_operation_init:[0,1,1,"c.psa_cipher_operation_init"],psa_cipher_operation_t:[0,2,1,"c.psa_cipher_operation_t"],psa_cipher_set_iv:[0,1,1,"c.psa_cipher_set_iv"],psa_cipher_update:[0,1,1,"c.psa_cipher_update"],psa_close_key:[0,1,1,"c.psa_close_key"],psa_copy_key:[0,1,1,"c.psa_copy_key"],psa_crypto_init:[0,1,1,"c.psa_crypto_init"],psa_destroy_key:[0,1,1,"c.psa_destroy_key"],psa_dh_group_t:[0,2,1,"c.psa_dh_group_t"],psa_ecc_curve_t:[0,2,1,"c.psa_ecc_curve_t"],psa_export_key:[0,1,1,"c.psa_export_key"],psa_export_public_key:[0,1,1,"c.psa_export_public_key"],psa_generate_key:[0,1,1,"c.psa_generate_key"],psa_generate_random:[0,1,1,"c.psa_generate_random"],psa_get_key_algorithm:[0,1,1,"c.psa_get_key_algorithm"],psa_get_key_attributes:[0,1,1,"c.psa_get_key_attributes"],psa_get_key_bits:[0,1,1,"c.psa_get_key_bits"],psa_get_key_id:[0,1,1,"c.psa_get_key_id"],psa_get_key_lifetime:[0,1,1,"c.psa_get_key_lifetime"],psa_get_key_type:[0,1,1,"c.psa_get_key_type"],psa_get_key_usage_flags:[0,1,1,"c.psa_get_key_usage_flags"],psa_hash_abort:[0,1,1,"c.psa_hash_abort"],psa_hash_clone:[0,1,1,"c.psa_hash_clone"],psa_hash_compare:[0,1,1,"c.psa_hash_compare"],psa_hash_compute:[0,1,1,"c.psa_hash_compute"],psa_hash_finish:[0,1,1,"c.psa_hash_finish"],psa_hash_operation_init:[0,1,1,"c.psa_hash_operation_init"],psa_hash_operation_t:[0,2,1,"c.psa_hash_operation_t"],psa_hash_setup:[0,1,1,"c.psa_hash_setup"],psa_hash_update:[0,1,1,"c.psa_hash_update"],psa_hash_verify:[0,1,1,"c.psa_hash_verify"],psa_import_key:[0,1,1,"c.psa_import_key"],psa_key_attributes_init:[0,1,1,"c.psa_key_attributes_init"],psa_key_attributes_t:[0,2,1,"c.psa_key_attributes_t"],psa_key_derivation_abort:[0,1,1,"c.psa_key_derivation_abort"],psa_key_derivation_get_capacity:[0,1,1,"c.psa_key_derivation_get_capacity"],psa_key_derivation_input_bytes:[0,1,1,"c.psa_key_derivation_input_bytes"],psa_key_derivation_input_key:[0,1,1,"c.psa_key_derivation_input_key"],psa_key_derivation_key_agreement:[0,1,1,"c.psa_key_derivation_key_agreement"],psa_key_derivation_operation_init:[0,1,1,"c.psa_key_derivation_operation_init"],psa_key_derivation_operation_t:[0,2,1,"c.psa_key_derivation_operation_t"],psa_key_derivation_output_bytes:[0,1,1,"c.psa_key_derivation_output_bytes"],psa_key_derivation_output_key:[0,1,1,"c.psa_key_derivation_output_key"],psa_key_derivation_set_capacity:[0,1,1,"c.psa_key_derivation_set_capacity"],psa_key_derivation_setup:[0,1,1,"c.psa_key_derivation_setup"],psa_key_derivation_step_t:[0,2,1,"c.psa_key_derivation_step_t"],psa_key_handle_t:[0,2,1,"c.psa_key_handle_t"],psa_key_id_t:[0,2,1,"c.psa_key_id_t"],psa_key_lifetime_t:[0,2,1,"c.psa_key_lifetime_t"],psa_key_type_t:[0,2,1,"c.psa_key_type_t"],psa_key_usage_t:[0,2,1,"c.psa_key_usage_t"],psa_mac_abort:[0,1,1,"c.psa_mac_abort"],psa_mac_compute:[0,1,1,"c.psa_mac_compute"],psa_mac_operation_init:[0,1,1,"c.psa_mac_operation_init"],psa_mac_operation_t:[0,2,1,"c.psa_mac_operation_t"],psa_mac_sign_finish:[0,1,1,"c.psa_mac_sign_finish"],psa_mac_sign_setup:[0,1,1,"c.psa_mac_sign_setup"],psa_mac_update:[0,1,1,"c.psa_mac_update"],psa_mac_verify:[0,1,1,"c.psa_mac_verify"],psa_mac_verify_finish:[0,1,1,"c.psa_mac_verify_finish"],psa_mac_verify_setup:[0,1,1,"c.psa_mac_verify_setup"],psa_open_key:[0,1,1,"c.psa_open_key"],psa_raw_key_agreement:[0,1,1,"c.psa_raw_key_agreement"],psa_reset_key_attributes:[0,1,1,"c.psa_reset_key_attributes"],psa_set_key_algorithm:[0,1,1,"c.psa_set_key_algorithm"],psa_set_key_bits:[0,1,1,"c.psa_set_key_bits"],psa_set_key_id:[0,1,1,"c.psa_set_key_id"],psa_set_key_lifetime:[0,1,1,"c.psa_set_key_lifetime"],psa_set_key_type:[0,1,1,"c.psa_set_key_type"],psa_set_key_usage_flags:[0,1,1,"c.psa_set_key_usage_flags"],psa_status_t:[0,2,1,"c.psa_status_t"]}},objnames:{"0":["c","macro","C macro"],"1":["c","function","C function"],"2":["c","type","C type"]},objtypes:{"0":"c:macro","1":"c:function","2":"c:type"},terms:{"0x04":0,"3de":0,"56a":0,"byte":[0,1],"case":[0,2],"char":0,"const":[0,1],"default":[0,1],"export":[1,2],"function":2,"import":[1,2],"long":[0,1,2],"new":[0,1,2],"null":[0,1],"public":[0,1],"return":[0,2],"short":[0,1],"static":[0,1],"transient":0,"true":[0,1],"try":1,"void":[0,1],"while":[0,1,2],AES:[0,1],DES:0,For:[0,1],Its:0,NOT:0,Such:[0,1],TLS:[0,2],That:[0,1],The:[0,1,2],Then:0,There:[0,1],These:1,Use:[0,2],Using:1,XTS:0,_unsigned_integral_type_:0,abil:1,abl:[0,1],abort:[0,1],about:[0,1],abov:1,acceler:1,accept:0,access:[0,1,2],accessor:1,accident:0,accord:[0,1],accordingli:[0,1],account:[0,1],across:0,act:1,action:[0,1],activ:[0,1],actual:0,ad_length:0,add:[0,2],addit:[0,2],addition:1,additional_data:0,additional_data_length:0,adequ:1,adversari:0,aead:[1,2],aead_alg:0,affect:[0,1,2],aforement:1,after:[0,2],again:[0,1],against:[0,1],agil:1,agreement:[0,2],alarm:0,alg:[0,2],algorithm:2,align:[0,2],all:[0,1],alloc:[0,1,2],allow:[0,1,2],almost:1,alreadi:[0,1],also:[0,1,2],altern:1,although:0,altogeth:1,alwai:[0,2],among:1,amount:[0,1],analys:1,analysi:1,ani:[0,1],anoth:[0,1],ansi:0,anywher:0,apart:1,api:1,append:0,appli:[0,1],applic:[0,2],approach:1,appropri:[0,1],arbitrari:[0,1],arc4:0,architectur:[0,2],area:[0,1],argument:[0,1,2],arm:1,around:1,arrai:[0,1],ask:0,aspect:2,assembl:1,asset:1,assign:[0,1],associ:[1,2],assum:1,assumpt:[0,2],asymmetr:2,atom:1,attack:[0,2],attempt:[0,1],attest:2,attibut:1,attribut:[1,2],authent:2,author:1,automat:0,auxiliari:[0,2],avail:[0,1],avoid:[0,1,2],awar:[0,1],back:1,backend:1,bad:1,base:[0,1],becaus:[0,1],becom:[0,1],been:[0,1],befor:[0,1,2],begin:0,behav:1,behavior:[0,2],being:[0,1],below:1,benefit:0,bernstein:0,best:[0,1],beta:2,between:[0,2],bewar:0,beyond:[0,1],bias:[0,1],big:0,binari:0,bit:[0,1],bitmask:1,bitwis:0,block:[0,1,2],block_siz:0,bluetooth:1,bodi:1,boot:2,both:[0,1,2],bound:[0,1],boundari:[0,1],branch:1,breach:0,breakdown:0,broken:1,buffer:[0,2],buffer_length:0,buffer_s:0,build:[0,1,2],built:[0,1],burnt:1,bypass:0,c89:1,c99:1,cach:1,calcul:[0,1,2],call:[0,2],caller:[0,1],camellia:0,can:[0,1],candid:0,cannot:[0,1],capabl:1,capac:[0,1],care:[0,1],carefulli:1,carri:[0,1],categori:1,caus:[0,1],cbc:0,ccm:[0,1],ceil:0,certain:[0,1,2],chacha20:0,chacha20_poly1305:0,chain:0,chanc:1,chang:[0,1],channel:1,characterist:1,check:[0,2],chip:1,choic:[0,2],choos:[0,1],chosen:0,chunk:1,cipher:[1,2],ciphersuit:0,ciphertext:0,ciphertext_length:0,ciphertext_s:0,circumst:1,clarif:2,clarifi:2,clariti:2,clean:[0,2],cleanup:2,clear:1,clearli:0,cleartext:1,client:2,clienthello:0,clone:0,close:[0,1],code:[1,2],coeffici:0,collect:1,combin:[0,1],common:[0,1],commonli:1,commun:[0,1],compact:0,companion:1,compar:[0,1],comparison:0,compat:0,compil:[0,1],complet:[0,1],complex:1,complianc:0,compliant:1,compon:1,compos:[0,1],compris:0,compromis:[0,1],comput:[0,1],concaten:0,concatent:0,conceptu:1,concern:[0,1],concurr:2,condit:[0,1,2],confidenti:[0,1],conflict:1,conform:[0,1],connect:1,consequ:[0,1],consequenti:1,conserv:[0,1],consid:[0,1],consider:[0,2],consist:[0,1,2],constant:[0,1],constrain:2,constraint:[0,1],construct:[0,1],consum:0,consumpt:1,contain:[0,1,2],content:[0,1],context:1,continu:0,control:[0,1],convei:1,convent:2,convers:1,convert:[0,2],coordin:0,copi:[0,1],copyabl:1,corner:2,correct:[0,1,2],correctli:[0,1],correspond:[0,1],corrupt:[0,1],could:[0,1],counter:[0,1],countermeasur:0,cover:1,creat:[0,1,2],creation:[0,2],credenti:2,crypto:1,crypto_platform:1,crypto_struct:1,cryptograph:[0,2],cryptoprocessor:[0,2],csprng:1,ctr:0,current:[0,1,2],curv:[0,2],curve25519:0,curve448:0,curve_bit:0,custom:[0,1],d_a:0,d_b:0,danger:1,data:[1,2],data_length:0,data_s:0,date:2,debug:1,declar:[0,1,2],decreas:0,decrypt:[0,1],defend:1,defin:[0,1,2],definit:[1,2],delai:0,deliveri:1,deni:0,depend:[0,1],deploi:1,deprec:0,der:0,derefer:1,deriv:2,describ:[0,1],descript:[0,1,2],design:[0,2],desir:[0,1],destroi:[0,1,2],destruct:[0,1],detail:[0,1],detect:[0,2],detector:0,determin:[0,1],determinist:[0,1],develop:1,devic:[0,2],diagnos:1,did:1,dies:0,differ:[0,1],diffi:[0,1],difficult:1,digest:[1,2],digestinfo:0,direct:[0,1],directli:[0,1,2],discard:0,disclosur:1,discoveri:1,dispatch:1,distinguish:0,document:[0,1],doe:[0,1,2],doesn:0,domain:0,don:1,done:1,down:[0,1],draft:1,draw:0,drawn:0,driver:1,dsa:0,due:[0,1],dure:[0,1],dynam:1,each:[0,1],eas:2,easi:1,ecc:0,ecdh:0,ecdsa:0,eci:1,ecpoint:0,ecprivatekei:0,ed448:0,eddsa:1,edit:1,effect:0,effort:0,either:[0,1],element:[0,1,2],ellipt:0,emiss:1,empti:0,enabl:1,encod:[0,1],encompass:0,encourag:[0,1],encrypt:2,end:[0,1],endian:0,enforc:[0,1],english:2,enough:[0,1],ensur:[0,1],enter:0,enterpris:1,entir:1,entri:0,entropi:[0,1],enumer:[0,1],environ:1,equal:0,equival:[0,1],eras:0,err:0,erron:0,error:2,especi:1,essenti:0,establish:1,etc:[0,1],evalu:0,even:[0,1],event:0,eventu:0,everi:1,everyth:1,exactli:[0,1],exampl:[0,2],except:[0,1],exchang:[0,1],exclus:[0,1],execut:[0,1],exhaust:1,exist:[0,1,2],expand:[0,1],expans:[0,1],expect:[0,1],explain:1,explicitli:[0,1],expon:0,exponent1:0,exponent2:0,expos:[0,1],express:1,extend:0,extens:[0,1],extent:1,extern:[0,1],extract:[0,1],f_p:0,f_q:0,facilit:1,fact:0,factori:[0,2],fail:[0,1],failur:[0,1],fals:0,famili:[0,1],far:[0,1],fashion:1,favor:1,featur:1,few:1,fewer:0,field:[0,1],file:1,fill:2,finish:[0,1],finit:[0,1],fip:0,firmwar:1,first:[0,1,2],fit:0,flag:[0,1],flaw:1,flow:1,follow:[0,1,2],foo:1,foo_length:1,foo_siz:1,forbid:2,forbidden:0,forc:0,forcibl:0,form:[0,1],format:[0,1,2],forward:0,fragment:0,free:[0,1,2],freed:1,freedom:1,freeli:0,freshli:0,friendli:1,from:[0,1],frontend:1,full:[0,1],fulli:1,further:1,furthermor:0,futur:[0,2],gcm:[0,1],gener:2,get:0,give:[0,1,2],given:[0,1,2],glitch:1,global:0,goal:[0,2],goldilock:0,good:1,group:0,guarante:[0,1],guess:0,habitu:1,had:[0,1],half:2,halt:1,hamburg:0,handl:[0,2],handle_error:0,handshak:0,happen:[0,1],harder:1,hardwar:[0,2],has:[0,1],hash:[0,2],hash_alg:0,hash_length:0,hash_siz:0,have:[0,1,2],header:1,heap:1,hellman:[0,1],here:[0,1,2],high:1,higher:1,highest:1,highli:[0,1],hkdf:0,hkdf_alg:0,hmac:[0,1],hmac_alg:0,hold:[0,1],holist:1,host:0,how:[0,1,2],howev:[0,1],hsm:1,hybrid:1,ident:[0,1],identifi:[0,1,2],illustr:0,immedi:1,impact:1,implement:2,implic:0,imposs:[0,1],improp:0,improv:2,inact:[0,1],includ:[0,1],incompat:0,incorrect:0,independ:[0,1],index:2,indic:[0,1,2],indiffer:0,indirect:0,indirectli:1,indistinguish:0,individu:[0,1],industri:1,inescap:1,info:0,inform:[0,1],initi:[1,2],input:[0,2],input_length:0,insecur:1,insid:[0,1],instanc:1,instanti:1,instead:[0,1,2],insuffici:[0,1],int32_t:0,integ:[0,1],integr:[0,1],intend:0,interchang:1,interest:0,interfac:[0,2],intermedi:[0,1],intern:1,interoper:1,interpret:0,interrupt:1,introduct:2,invalid:[0,1],invers:0,involv:[0,1],iot:1,isn:1,isol:[0,2],issu:1,item:0,its:[0,1,2],itself:0,iv_length:0,iv_siz:0,just:0,ka_alg:0,kdf:2,kdf_alg:0,keep:[0,1],kei:2,kept:1,kernel:1,key_bit:0,key_typ:0,keystor:[0,2],kind:[0,1],known:1,label:0,lack:[0,1],land:1,languag:[1,2],larg:0,larger:[0,1],last:[0,1],later:0,latest:1,latter:0,layer:1,lead:0,leak:[0,1],leakag:1,least:[0,1],leav:1,led:0,left:0,legaci:[0,1],length:[0,1,2],less:0,let:0,level:1,librari:2,lifecycl:1,lifetim:[1,2],like:0,limit:1,link:1,linkag:0,list:[0,1,2],literatur:1,littl:[0,1],lnc:0,local:1,locat:[0,1],log:[0,1],log_2:0,logic:[0,1],longer:[0,1,2],loss:0,low:1,lowest:1,mac:[0,1],mac_alg:0,mac_length:0,mac_siz:0,machin:1,macro:2,made:0,mai:[0,1,2],main:1,major:1,make:[0,1,2],malici:1,malloc:0,manag:2,mandat:2,mandatori:[0,1],mani:[0,1,2],manipul:1,manner:1,manufactur:1,marker:0,mask:0,master:[0,1],mastersecret:0,match:0,materi:[0,1,2],maximum:[0,1,2],mean:[0,1],meant:1,mechan:[0,1],media:0,meet:[1,2],memcmp:0,memori:[0,2],memset:0,mention:1,mere:[0,1],messag:[1,2],metadata:[0,1,2],method:[0,1,2],mgf1:0,microcontrol:1,middl:0,might:0,mind:0,minim:[0,1],minimum:[0,2],miss:2,mistak:1,misus:1,mod:0,mode:[0,1],model:1,modern:1,modifi:[0,1],modul:0,modular:1,modulu:0,montgomeri:[0,2],more:[0,1,2],most:[0,1,2],much:[0,1],multi:2,multipart:[0,2],multipl:[0,1,2],multiprocess:1,multistep:2,multitask:1,multithread:1,must:[0,1],mutual:1,name:[0,1,2],nearest:0,necessari:[0,1],need:[0,1],neg:0,neither:0,network:2,never:[0,1],newli:0,next:[0,1],nfc:1,nist:0,non:[0,1],nonc:[0,1,2],nonce_length:0,nonce_s:0,none:0,nonvolatil:1,nonzero:0,nor:[0,1],norm:1,normal:[0,1],note:[0,1],now:[0,1,2],number:[0,1,2],oaep:0,obei:1,object:[0,1,2],observ:[0,1],obsolet:2,obtain:1,occur:[0,1],octet:[0,1],offer:[0,1],offset:1,often:1,omit:[0,1],onc:[0,1],one:[0,1],ones:1,ongo:0,onli:[0,1],onward:0,opaqu:[0,1],open:[0,1,2],oper:[0,2],opposit:1,optim:1,option:[0,2],oracl:0,order:[0,1],origin:[0,1],other:2,otherwis:[0,1],out:[0,1],outcom:1,output:[0,2],output_length:0,output_s:0,outsid:[0,1],over:[0,1],overal:1,overflow:0,overlap:2,overview:2,overwrit:0,own:[0,1],ownership:1,pad:0,pai:1,pair:[0,2],paramet:[0,2],parametr:[0,1],pariti:0,part:[0,1,2],parti:[0,1],partial:1,particular:[0,1],partit:2,pass:[0,1,2],past:1,pattern:[0,1],peer:[0,1],peer_kei:0,peer_key_length:0,per:0,perfom:0,perform:[0,1],period:1,perman:0,permiss:[0,1],permit:[0,1,2],persist:[0,2],phase:[0,1],philosophi:2,physic:[0,1],pkc:0,pkcs1:0,place:[0,1],plain:0,plaintext:[0,1],plaintext_length:[0,2],plaintext_s:0,plan:1,platform:2,pleas:1,plu:1,point:[0,1],pointer:[0,2],polici:2,poly1305:0,popul:[0,1],port:2,possibl:[0,1],potenti:1,power:[0,1],practic:[0,1],pre:[0,1],preced:0,precis:[0,1],predefin:1,predict:1,prefer:0,prepar:0,prepend:0,present:[0,1],preserv:0,presharedkei:0,prevent:1,previou:[0,1,2],previous:0,prf:0,primari:1,primarili:0,prime1:0,prime2:0,prime:0,primit:1,privat:[0,1],private_kei:0,privateexpon:0,privatekei:0,privileg:1,prng:0,probabilist:0,procedur:1,process:[0,1],processor:2,produc:[0,1],product:0,profil:2,programm:1,proper:0,properli:1,proprietari:[0,1],protect:[0,1],protocol:[0,1],prove:1,provid:[0,1],provis:[0,2],psa:[0,1],psa__alg_aead_with_default_tag_length__cas:2,psa_abort_xxx:1,psa_aead_abort:2,psa_aead_decrypt:[1,2],psa_aead_decrypt_output_s:2,psa_aead_decrypt_setup:[1,2],psa_aead_encrypt:[1,2],psa_aead_encrypt_output_s:2,psa_aead_encrypt_setup:[1,2],psa_aead_finish:[1,2],psa_aead_finish_output_s:2,psa_aead_generate_iv:1,psa_aead_generate_nonc:[1,2],psa_aead_operation_:0,psa_aead_operation_init:2,psa_aead_operation_t:2,psa_aead_set_length:[1,2],psa_aead_set_nonc:[1,2],psa_aead_tag_length:2,psa_aead_tag_length_offset:2,psa_aead_upd:[1,2],psa_aead_update_ad:[1,2],psa_aead_update_output_s:2,psa_aead_verifi:[1,2],psa_aead_verify_output_s:2,psa_aead_xxx:0,psa_alg_aead_from_block_flag:2,psa_alg_aead_tag_length_mask:2,psa_alg_aead_with_default_tag_length:2,psa_alg_aead_with_tag_length:2,psa_alg_any_hash:2,psa_alg_arc4:2,psa_alg_category_aead:2,psa_alg_category_asymmetric_encrypt:2,psa_alg_category_ciph:2,psa_alg_category_hash:2,psa_alg_category_key_agr:2,psa_alg_category_key_deriv:2,psa_alg_category_mac:2,psa_alg_category_mask:2,psa_alg_category_sign:2,psa_alg_cbc_mac:2,psa_alg_cbc_no_pad:2,psa_alg_cbc_pkcs7:2,psa_alg_ccm:2,psa_alg_cfb:2,psa_alg_chacha20:2,psa_alg_chacha20_poly1305:2,psa_alg_cipher_from_block_flag:2,psa_alg_cipher_mac_bas:2,psa_alg_cipher_stream_flag:2,psa_alg_cmac:2,psa_alg_ctr:2,psa_alg_deterministic_ecdsa:2,psa_alg_deterministic_ecdsa_bas:2,psa_alg_dsa_deterministic_flag:0,psa_alg_ecdh:2,psa_alg_ecdsa:2,psa_alg_ecdsa_ani:2,psa_alg_ecdsa_bas:2,psa_alg_ecdsa_is_determinist:2,psa_alg_ffdh:2,psa_alg_full_length_mac:2,psa_alg_gcm:[1,2],psa_alg_gmac:2,psa_alg_hash_mask:2,psa_alg_hkdf:[1,2],psa_alg_hkdf_bas:2,psa_alg_hkdf_get_hash:2,psa_alg_hmac:2,psa_alg_hmac_bas:2,psa_alg_hmac_get_hash:2,psa_alg_is_aead:2,psa_alg_is_aead_on_block_ciph:2,psa_alg_is_asymmetric_encrypt:2,psa_alg_is_block_cipher_mac:2,psa_alg_is_ciph:2,psa_alg_is_deterministic_ecdsa:2,psa_alg_is_ecdh:2,psa_alg_is_ecdsa:2,psa_alg_is_ffdh:2,psa_alg_is_hash:2,psa_alg_is_hash_and_sign:2,psa_alg_is_hkdf:2,psa_alg_is_hmac:2,psa_alg_is_key_agr:2,psa_alg_is_key_deriv:2,psa_alg_is_key_derivation_or_agr:2,psa_alg_is_key_select:2,psa_alg_is_mac:2,psa_alg_is_randomized_ecdsa:2,psa_alg_is_raw_key_agr:2,psa_alg_is_rsa_oaep:2,psa_alg_is_rsa_pkcs1v15_sign:2,psa_alg_is_rsa_pss:2,psa_alg_is_sign:2,psa_alg_is_stream_ciph:2,psa_alg_is_tls12_prf:2,psa_alg_is_tls12_psk_to_m:2,psa_alg_is_vendor_defin:2,psa_alg_is_wildcard:2,psa_alg_key_agr:2,psa_alg_key_agreement_get_bas:2,psa_alg_key_agreement_get_kdf:2,psa_alg_key_agreement_mask:2,psa_alg_key_derivation_mask:2,psa_alg_mac_subcategory_mask:2,psa_alg_mac_truncation_mask:2,psa_alg_md2:2,psa_alg_md4:2,psa_alg_md5:2,psa_alg_ofb:2,psa_alg_ripemd160:2,psa_alg_rsa_oaep:2,psa_alg_rsa_oaep_bas:2,psa_alg_rsa_oaep_get_hash:2,psa_alg_rsa_pkcs1v15_crypt:2,psa_alg_rsa_pkcs1v15_sign:2,psa_alg_rsa_pkcs1v15_sign_bas:2,psa_alg_rsa_pkcs1v15_sign_raw:2,psa_alg_rsa_pss:2,psa_alg_rsa_pss_bas:2,psa_alg_sha256:0,psa_alg_sha3_224:2,psa_alg_sha3_256:2,psa_alg_sha3_384:2,psa_alg_sha3_512:2,psa_alg_sha_1:2,psa_alg_sha_224:2,psa_alg_sha_256:2,psa_alg_sha_384:2,psa_alg_sha_512:2,psa_alg_sha_512_224:2,psa_alg_sha_512_256:2,psa_alg_sign_get_hash:[1,2],psa_alg_tls12_prf:2,psa_alg_tls12_prf_bas:2,psa_alg_tls12_prf_get_hash:2,psa_alg_tls12_psk_to_m:2,psa_alg_tls12_psk_to_ms_bas:2,psa_alg_tls12_psk_to_ms_get_hash:2,psa_alg_tls12_psk_to_ms_max_psk_len:2,psa_alg_truncated_mac:2,psa_alg_vendor_flag:2,psa_alg_xt:2,psa_alg_xxx:0,psa_algorithm_t:[1,2],psa_asymmetric_decrypt:[1,2],psa_asymmetric_decrypt_output_s:2,psa_asymmetric_encrypt:[1,2],psa_asymmetric_encrypt_output_s:2,psa_asymmetric_sign:[1,2],psa_asymmetric_sign_output_s:2,psa_asymmetric_signature_max_s:2,psa_asymmetric_verifi:[1,2],psa_bits_to_byt:2,psa_block_cipher_block_s:2,psa_bytes_to_bit:2,psa_cipher_abort:2,psa_cipher_decrypt:[1,2],psa_cipher_decrypt_setup:[1,2],psa_cipher_encrypt:[1,2],psa_cipher_encrypt_setup:[1,2],psa_cipher_finish:[1,2],psa_cipher_generate_iv:[1,2],psa_cipher_operation_:0,psa_cipher_operation_init:[1,2],psa_cipher_operation_t:[1,2],psa_cipher_set_iv:[1,2],psa_cipher_upd:[1,2],psa_cipher_xxx:0,psa_close_kei:[1,2],psa_copy_kei:[1,2],psa_create_kei:2,psa_crypto_generator_init:2,psa_crypto_generator_t:2,psa_crypto_init:[1,2],psa_destroy_kei:[1,2],psa_dh_group_ffdhe2048:2,psa_dh_group_ffdhe3072:2,psa_dh_group_ffdhe4096:2,psa_dh_group_ffdhe6144:2,psa_dh_group_ffdhe8192:2,psa_dh_group_t:2,psa_ecc_curve_bit:2,psa_ecc_curve_brainpool_p256r1:2,psa_ecc_curve_brainpool_p384r1:2,psa_ecc_curve_brainpool_p512r1:2,psa_ecc_curve_brainpool_pxxx:0,psa_ecc_curve_curve25519:2,psa_ecc_curve_curve448:2,psa_ecc_curve_curvexxx:0,psa_ecc_curve_secp160k1:2,psa_ecc_curve_secp160r1:2,psa_ecc_curve_secp160r2:2,psa_ecc_curve_secp192k1:2,psa_ecc_curve_secp192r1:2,psa_ecc_curve_secp224k1:2,psa_ecc_curve_secp224r1:2,psa_ecc_curve_secp256k1:2,psa_ecc_curve_secp256r1:2,psa_ecc_curve_secp384r1:2,psa_ecc_curve_secp521r1:2,psa_ecc_curve_secpxxx:0,psa_ecc_curve_sect163k1:2,psa_ecc_curve_sect163r1:2,psa_ecc_curve_sect163r2:2,psa_ecc_curve_sect193r1:2,psa_ecc_curve_sect193r2:2,psa_ecc_curve_sect233k1:2,psa_ecc_curve_sect233r1:2,psa_ecc_curve_sect239k1:2,psa_ecc_curve_sect283k1:2,psa_ecc_curve_sect283r1:2,psa_ecc_curve_sect409k1:2,psa_ecc_curve_sect409r1:2,psa_ecc_curve_sect571k1:2,psa_ecc_curve_sect571r1:2,psa_ecc_curve_sectxxx:0,psa_ecc_curve_t:2,psa_ecdsa_signature_s:2,psa_encrypt_generate_iv:1,psa_error_already_exist:2,psa_error_bad_st:[1,2],psa_error_buffer_too_smal:[1,2],psa_error_communication_failur:[1,2],psa_error_corruption_detect:2,psa_error_does_not_exist:2,psa_error_empty_slot:2,psa_error_generic_error:2,psa_error_hardware_failur:[1,2],psa_error_insufficient_capac:[1,2],psa_error_insufficient_data:2,psa_error_insufficient_entropi:2,psa_error_insufficient_memori:[1,2],psa_error_insufficient_storag:2,psa_error_invalid_argu:2,psa_error_invalid_handl:2,psa_error_invalid_pad:2,psa_error_invalid_signatur:2,psa_error_not_permit:2,psa_error_not_support:2,psa_error_occupied_slot:2,psa_error_storage_failur:[1,2],psa_error_tampering_detect:[1,2],psa_error_unknown_error:2,psa_error_xxx:0,psa_export_kei:[1,2],psa_export_public_kei:[1,2],psa_generate_derived_kei:2,psa_generate_kei:[1,2],psa_generate_random:[1,2],psa_generator_abort:2,psa_generator_import_kei:2,psa_generator_read:2,psa_generator_unbridled_capac:2,psa_get_generator_capac:2,psa_get_key_algorithm:2,psa_get_key_attribut:[1,2],psa_get_key_bit:2,psa_get_key_id:2,psa_get_key_inform:2,psa_get_key_lifetim:2,psa_get_key_typ:2,psa_get_key_usage_flag:2,psa_get_key_xxx:[0,1],psa_hash_abort:2,psa_hash_clon:2,psa_hash_compar:[1,2],psa_hash_comput:[1,2],psa_hash_finish:[1,2],psa_hash_max_s:2,psa_hash_operation_:0,psa_hash_operation_init:2,psa_hash_operation_t:2,psa_hash_s:2,psa_hash_setup:[1,2],psa_hash_upd:[1,2],psa_hash_verifi:[1,2],psa_hmac_max_hash_block_s:2,psa_import_kei:[1,2],psa_kdf_step_xxx:2,psa_key_agr:2,psa_key_agreement_raw_shared_secret:2,psa_key_attributes_:0,psa_key_attributes_init:2,psa_key_attributes_t:[1,2],psa_key_derivation_:0,psa_key_derivation_abort:[1,2],psa_key_derivation_get_capac:2,psa_key_derivation_input_byt:[1,2],psa_key_derivation_input_info:[1,2],psa_key_derivation_input_kei:[1,2],psa_key_derivation_input_label:2,psa_key_derivation_input_salt:2,psa_key_derivation_input_se:2,psa_key_derivation_input_secret:[1,2],psa_key_derivation_input_xxx:2,psa_key_derivation_key_agr:[1,2],psa_key_derivation_operaiton_init:1,psa_key_derivation_operation_init:[1,2],psa_key_derivation_operation_t:[1,2],psa_key_derivation_output_byt:[1,2],psa_key_derivation_output_kei:[1,2],psa_key_derivation_set_capac:2,psa_key_derivation_setup:[1,2],psa_key_derivation_step_t:2,psa_key_derivation_unlimited_capac:2,psa_key_export_asn1_integer_max_s:2,psa_key_export_dsa_key_pair_max_s:2,psa_key_export_dsa_public_key_max_s:2,psa_key_export_ecc_key_pair_max_s:2,psa_key_export_ecc_public_key_max_s:2,psa_key_export_max_s:2,psa_key_export_rsa_key_pair_max_s:2,psa_key_export_rsa_public_key_max_s:2,psa_key_handle_t:[1,2],psa_key_id_t:2,psa_key_id_user_max:2,psa_key_id_user_min:2,psa_key_id_vendor_max:2,psa_key_id_vendor_min:2,psa_key_lifetime_persist:[1,2],psa_key_lifetime_t:2,psa_key_lifetime_volatil:[1,2],psa_key_policy_t:2,psa_key_type_a:[1,2],psa_key_type_arc4:2,psa_key_type_camellia:2,psa_key_type_category_flag_pair:2,psa_key_type_category_key_pair:2,psa_key_type_category_mask:2,psa_key_type_category_public_kei:2,psa_key_type_category_raw:2,psa_key_type_category_symmetr:2,psa_key_type_chacha20:2,psa_key_type_d:2,psa_key_type_der:2,psa_key_type_dh_group_mask:2,psa_key_type_dh_key_pair:2,psa_key_type_dh_key_pair_bas:2,psa_key_type_dh_public_kei:2,psa_key_type_dh_public_key_bas:2,psa_key_type_dsa_key_pair:0,psa_key_type_dsa_public_kei:0,psa_key_type_ecc_curve_mask:2,psa_key_type_ecc_key_pair:2,psa_key_type_ecc_key_pair_bas:2,psa_key_type_ecc_public_kei:2,psa_key_type_ecc_public_key_bas:2,psa_key_type_get_curv:2,psa_key_type_get_group:2,psa_key_type_hmac:2,psa_key_type_is_asymmetr:2,psa_key_type_is_dh:2,psa_key_type_is_dh_key_pair:2,psa_key_type_is_dh_public_kei:2,psa_key_type_is_ecc:2,psa_key_type_is_ecc_key_pair:2,psa_key_type_is_ecc_public_kei:2,psa_key_type_is_key_pair:2,psa_key_type_is_public_kei:2,psa_key_type_is_rsa:2,psa_key_type_is_unstructur:2,psa_key_type_is_vendor_defin:2,psa_key_type_key_pair_of_public_kei:2,psa_key_type_non:2,psa_key_type_public_key_of_key_pair:2,psa_key_type_raw_data:2,psa_key_type_rsa_key_pair:2,psa_key_type_rsa_public_kei:2,psa_key_type_t:[1,2],psa_key_type_vendor_flag:2,psa_key_usage_copi:[1,2],psa_key_usage_decrypt:2,psa_key_usage_der:2,psa_key_usage_encrypt:[1,2],psa_key_usage_export:[1,2],psa_key_usage_sign:[1,2],psa_key_usage_t:[1,2],psa_key_usage_verifi:2,psa_mac_abort:2,psa_mac_comput:[1,2],psa_mac_final_s:2,psa_mac_max_s:2,psa_mac_operation_:0,psa_mac_operation_init:2,psa_mac_operation_t:2,psa_mac_sign_finish:[1,2],psa_mac_sign_setup:[1,2],psa_mac_truncated_length:2,psa_mac_truncation_offset:2,psa_mac_upd:[1,2],psa_mac_verifi:[1,2],psa_mac_verify_finish:[1,2],psa_mac_verify_setup:[1,2],psa_max_block_cipher_block_s:2,psa_open_kei:[1,2],psa_raw_key_agr:[1,2],psa_reset_key_attribut:2,psa_round_up_to_multipl:2,psa_rsa_minimum_padding_s:2,psa_set_generator_capac:2,psa_set_key_algorithm:2,psa_set_key_bit:2,psa_set_key_id:2,psa_set_key_lifetim:2,psa_set_key_polici:2,psa_set_key_typ:2,psa_set_key_usage_flag:2,psa_set_key_xxx:0,psa_status_t:[1,2],psa_success:[1,2],psa_vendor_ecc_max_curve_bit:2,psa_vendor_rsa_max_key_bit:2,psa_xxx_abort:1,psa_xxx_init:1,psa_xxx_key_pair:2,psa_xxx_keypair:2,psa_xxx_signatur:0,psa_xxx_siz:0,pseudo:1,pseudorandom:[1,2],psk:0,pss:0,public_key_typ:0,publicexpon:0,pure:0,purpos:[0,1],q_a:0,q_b:0,qualiti:1,queri:[0,1],quot:0,radio:1,rais:1,ram:1,random:2,randomli:0,rang:[0,1,2],rate:1,rather:[0,1],rational:1,raw:0,rc4:0,reach:1,read:[0,1],readabl:[0,1],reader:1,readi:0,realiz:1,realm:0,reason:1,receiv:[0,1],recip:1,recogn:0,recommend:[0,2],record:0,recov:[0,1],recover:0,reduc:[0,1],ref:0,refer:[0,1],refurbish:0,regard:2,regardless:0,regul:1,reject:0,relat:[1,2],releas:[0,1,2],relev:1,remain:0,remot:1,remov:[1,2],renam:2,repeat:0,replac:2,report:[0,1],repres:[0,1],represent:[0,1],request:[0,1],requir:[0,2],research:1,reseed:[0,1],reserv:0,reset:[0,1],resid:1,resist:2,resort:0,resourc:[0,2],respect:[0,1],rest:0,restart:0,restrict:[0,1],result:[0,1],retain:1,retent:1,retriev:[0,1,2],reus:0,reveal:[0,1],rewound:1,rfc:[0,1],risk:[0,1],riski:0,robust:1,roll:1,round:0,rsa:0,rsae:0,rsaprivatekei:0,rsapublickei:0,rsassa:0,run:1,runtim:0,safe:[0,2],safeti:0,said:0,salt:[0,1],salt_length:0,same:[0,1,2],sampl:2,save:0,scalabl:1,schedul:0,scheme:0,scope:1,search:2,sec1:0,secret:[0,1],sect:0,section:[0,1],secur:[0,2],see:0,seed:[0,1],segment:1,select:[0,1],sens:2,sensibl:0,sensit:1,separ:[0,1,2],sequenc:[0,1],seri:1,serv:1,server:1,serverhello:0,servic:1,session:1,set:[0,1,2],setup:[0,1],sever:[1,2],sha2:0,sha3:0,sha:0,shall:0,share:[0,2],shorten:0,shot:1,should:[0,1],shouldn:1,side:[0,1],sign:[0,2],signatur:[0,1],signature_length:0,signature_s:0,signific:0,similar:[0,1],simpl:0,simpler:1,simpli:1,simultan:1,sinc:[0,1],singl:[0,2],siv:1,size:[0,2],size_t:[0,1],sizeof:0,skip:0,small:0,smaller:0,smartcard:1,softwar:1,some:[0,1,2],sometim:1,soon:1,sourc:[0,1],source_handl:0,source_oper:0,space:[0,1],special:[0,1],specifi:[0,1,2],speed:0,split:1,spuriou:2,stabil:2,stack:1,stage:0,stakehold:1,standalon:1,standard:[0,2],start:[0,1],state:[0,1,2],statu:[0,2],status:1,stdint:1,step:[0,1],steup:0,still:[0,1],storag:[0,2],store:[0,1],strategi:1,stream:[0,1],string:0,strip:0,strive:[0,1],strongli:[0,1],struct:[0,1],structur:[0,2],style:1,subject:0,subprim:0,subsequ:0,subset:[0,1],subtl:1,succe:0,succeed:0,success:[0,1],successfulli:[0,1],suffici:[0,1],suitabl:[0,2],summari:[1,2],suppli:1,support:[0,2],suppos:0,symmetr:2,synonym:1,system:[0,1],systemat:1,tag:[0,1],tag_length:0,tag_siz:0,take:[0,1,2],taken:0,tamper:0,target:[0,1],target_handl:0,target_oper:0,task:1,technolog:1,temporari:1,tend:1,tent:0,term:1,termin:[0,1],terminolog:2,test:[0,1],than:[0,1],thei:[0,1],them:[0,1,2],themselv:1,theoret:1,therebi:0,therefor:[0,1],thi:[0,1,2],thin:1,those:[0,1],though:1,thread:1,threat:1,three:[0,1],through:[0,1],thu:[0,1],time:[0,1,2],titl:0,tls1:2,token:2,too:0,took:0,top:[0,1],total:0,trail:0,translat:1,treat:0,tripl:0,trng:1,truncat:0,trust:1,turn:0,twice:0,two:[0,1],type:2,typedef:0,typic:[0,1],uint16_t:[0,1],uint32_t:[0,1],uint8_t:[0,1],unambigu:0,unauthent:[0,1],unbound:1,unchang:[0,1],uncompress:0,undefin:[0,1],under:[0,1],underli:[0,1],undetermin:[0,1],undo:0,undon:0,unexpect:0,uninstal:0,uniqu:1,unless:[0,1],unlik:1,unlock:1,unmodifi:1,unsign:[0,1],unspecifi:[0,1],unstructur:0,unsupport:[0,1],unsur:0,until:[0,1],untrunc:0,untrust:0,untrustworthi:1,unusu:2,updat:1,upon:1,usabl:1,usag:[0,2],usage_flag:0,use:[0,2],used:[0,1,2],useful:[0,1,2],user:1,uses:[0,1],using:[0,1],usual:[0,1],v1_5:0,valid:[0,1],valu:[0,1,2],variabl:0,variant:1,variou:[1,2],vast:1,vector:[0,1],vendor:[0,1],veri:1,verif:[0,1],verifi:[0,1],versa:1,version:[0,1],via:[0,1],vice:1,view:0,violat:1,virtual:1,visibl:1,volatil:[0,2],wai:[0,1,2],want:0,warn:1,weak:[0,1],weierstrass:0,well:[0,1],were:1,what:[0,1],when:[0,1,2],whenev:0,whenver:0,where:[0,1,2],whether:[0,1,2],which:[0,1],who:[0,1],whole:[0,1],whose:[0,1],wide:1,wildcard:0,wipe:[0,1],wireless:1,wish:1,within:1,without:[0,1],word:[0,1],work:1,workflow:0,workshop:0,world:1,would:[0,1],wrap:[0,1],writabl:1,write:[0,1],writer:[0,1],written:[0,1],wrong:0,wrote:1,x00000000:0,x00000001:0,x00000002:0,x000000ff:0,x00000100:0,x00000200:0,x00000400:0,x00000800:0,x00001000:0,x00003f00:0,x0000ffff:0,x0001:0,x0002:0,x0003:0,x0004:0,x0005:0,x0006:0,x0007:0,x0008:0,x0009:0,x000a:0,x000b:0,x000c:0,x000d:0,x000e:0,x000f:0,x0010:0,x0011:0,x0012:0,x0013:0,x0014:0,x0015:0,x0016:0,x0017:0,x0018:0,x0019:0,x001a:0,x001b:0,x001c:0,x001d:0,x001e:0,x00400000:0,x00800000:0,x00c00000:0,x01000000:0,x01000001:0,x01000002:0,x01000003:0,x01000004:0,x01000005:0,x01000008:0,x01000009:0,x0100000a:0,x0100000b:0,x0100000c:0,x0100000d:0,x01000010:0,x01000011:0,x01000012:0,x01000013:0,x010000ff:0,x0100:0,x0101:0,x0102:0,x0103:0,x0104:0,x02000000:0,x0201:0,x0202:0,x0203:0,x0204:0,x02800000:0,x02c00000:0,x02c00001:0,x02c00002:0,x02c00003:0,x04000000:0,x044000ff:0,x04600100:0,x04600101:0,x04800001:0,x04800005:0,x04c00001:0,x04c00002:0,x04c00003:0,x06000000:0,x06001005:0,x06401001:0,x06401002:0,x0803ffff:0,x10000000:0,x10020000:0,x10030000:0,x10060000:0,x10070000:0,x10fc0000:0,x12000000:0,x12020000:0,x12030000:0,x20000000:0,x20000100:0,x20000200:0,x20000300:0,x25519:0,x30000000:0,x30100000:0,x30200000:0,x3fffffff:0,x40000000:0,x40000001:0,x40000002:0,x40000003:0,x40000004:0,x40000005:0,x448:0,x50000000:0,x50000001:0,x51000000:0,x52000000:0,x60000000:0,x60010000:0,x60030000:0,x60040000:0,x70000000:0,x70010000:0,x70030000:0,x70040000:0,x7f000000:0,x7fffffff:0,x80000000:0,x_p:0,xor:0,y_p:0,yet:[0,1],you:[0,1],zero:[0,1,2]},titles:["Implementation-specific definitions","Introduction","PSA Cryptography API Specification"],titleterms:{"case":1,"export":0,"function":[0,1],"import":0,"return":1,TLS:1,addit:1,aead:0,after:1,agreement:1,algorithm:[0,1],alwai:1,api:2,applic:1,architectur:1,aspect:1,associ:0,assumpt:1,asymmetr:[0,1],attack:1,attest:1,attribut:0,authent:[0,1],behavior:1,between:1,boot:1,buffer:1,call:1,chang:2,check:1,choic:1,cipher:0,clean:1,cleanup:1,client:1,code:0,concurr:1,consider:1,constrain:1,convent:1,credenti:1,cryptograph:1,cryptographi:[0,1,2],cryptoprocessor:1,data:0,definit:0,deriv:[0,1],design:1,detect:1,devic:1,digest:0,document:2,eas:1,encrypt:[0,1],error:[0,1],exampl:1,factori:1,futur:1,gener:[0,1],goal:1,handl:1,hardwar:1,hash:1,histori:2,implement:[0,1],initi:0,input:1,interfac:1,introduct:1,isol:1,kei:[0,1],keystor:1,librari:[0,1],lifetim:0,macro:[0,1],manag:[0,1],memori:1,messag:0,minimum:1,multi:1,multipart:1,network:1,oper:1,option:1,other:[0,1],output:1,overlap:1,overview:1,pair:1,paramet:1,partit:1,persist:1,philosophi:1,plan:2,platform:1,pointer:1,polici:[0,1],port:1,processor:1,profil:1,provis:1,psa:2,psa__alg_aead_with_default_tag_length__cas:0,psa_aead_abort:0,psa_aead_decrypt:0,psa_aead_decrypt_output_s:0,psa_aead_decrypt_setup:0,psa_aead_encrypt:0,psa_aead_encrypt_output_s:0,psa_aead_encrypt_setup:0,psa_aead_finish:0,psa_aead_finish_output_s:0,psa_aead_generate_nonc:0,psa_aead_operation_init:0,psa_aead_operation_t:0,psa_aead_set_length:0,psa_aead_set_nonc:0,psa_aead_tag_length:0,psa_aead_tag_length_offset:0,psa_aead_upd:0,psa_aead_update_ad:0,psa_aead_update_output_s:0,psa_aead_verifi:0,psa_aead_verify_output_s:0,psa_alg_aead_from_block_flag:0,psa_alg_aead_tag_length_mask:0,psa_alg_aead_with_default_tag_length:0,psa_alg_aead_with_tag_length:0,psa_alg_any_hash:0,psa_alg_arc4:0,psa_alg_category_aead:0,psa_alg_category_asymmetric_encrypt:0,psa_alg_category_ciph:0,psa_alg_category_hash:0,psa_alg_category_key_agr:0,psa_alg_category_key_deriv:0,psa_alg_category_mac:0,psa_alg_category_mask:0,psa_alg_category_sign:0,psa_alg_cbc_mac:0,psa_alg_cbc_no_pad:0,psa_alg_cbc_pkcs7:0,psa_alg_ccm:0,psa_alg_cfb:0,psa_alg_chacha20:0,psa_alg_chacha20_poly1305:0,psa_alg_cipher_from_block_flag:0,psa_alg_cipher_mac_bas:0,psa_alg_cipher_stream_flag:0,psa_alg_cmac:0,psa_alg_ctr:0,psa_alg_deterministic_ecdsa:0,psa_alg_deterministic_ecdsa_bas:0,psa_alg_ecdh:0,psa_alg_ecdsa:0,psa_alg_ecdsa_ani:0,psa_alg_ecdsa_bas:0,psa_alg_ecdsa_is_determinist:0,psa_alg_ffdh:0,psa_alg_full_length_mac:0,psa_alg_gcm:0,psa_alg_gmac:0,psa_alg_hash_mask:0,psa_alg_hkdf:0,psa_alg_hkdf_bas:0,psa_alg_hkdf_get_hash:0,psa_alg_hmac:0,psa_alg_hmac_bas:0,psa_alg_hmac_get_hash:0,psa_alg_is_aead:0,psa_alg_is_aead_on_block_ciph:0,psa_alg_is_asymmetric_encrypt:0,psa_alg_is_block_cipher_mac:0,psa_alg_is_ciph:0,psa_alg_is_deterministic_ecdsa:0,psa_alg_is_ecdh:0,psa_alg_is_ecdsa:0,psa_alg_is_ffdh:0,psa_alg_is_hash:0,psa_alg_is_hash_and_sign:0,psa_alg_is_hkdf:0,psa_alg_is_hmac:0,psa_alg_is_key_agr:0,psa_alg_is_key_deriv:0,psa_alg_is_key_derivation_or_agr:0,psa_alg_is_mac:0,psa_alg_is_randomized_ecdsa:0,psa_alg_is_raw_key_agr:0,psa_alg_is_rsa_oaep:0,psa_alg_is_rsa_pkcs1v15_sign:0,psa_alg_is_rsa_pss:0,psa_alg_is_sign:0,psa_alg_is_stream_ciph:0,psa_alg_is_tls12_prf:0,psa_alg_is_tls12_psk_to_m:0,psa_alg_is_vendor_defin:0,psa_alg_is_wildcard:0,psa_alg_key_agr:0,psa_alg_key_agreement_get_bas:0,psa_alg_key_agreement_get_kdf:0,psa_alg_key_agreement_mask:0,psa_alg_key_derivation_mask:0,psa_alg_mac_subcategory_mask:0,psa_alg_mac_truncation_mask:0,psa_alg_md2:0,psa_alg_md4:0,psa_alg_md5:0,psa_alg_ofb:0,psa_alg_ripemd160:0,psa_alg_rsa_oaep:0,psa_alg_rsa_oaep_bas:0,psa_alg_rsa_oaep_get_hash:0,psa_alg_rsa_pkcs1v15_crypt:0,psa_alg_rsa_pkcs1v15_sign:0,psa_alg_rsa_pkcs1v15_sign_bas:0,psa_alg_rsa_pkcs1v15_sign_raw:0,psa_alg_rsa_pss:0,psa_alg_rsa_pss_bas:0,psa_alg_sha3_224:0,psa_alg_sha3_256:0,psa_alg_sha3_384:0,psa_alg_sha3_512:0,psa_alg_sha_1:0,psa_alg_sha_224:0,psa_alg_sha_256:0,psa_alg_sha_384:0,psa_alg_sha_512:0,psa_alg_sha_512_224:0,psa_alg_sha_512_256:0,psa_alg_sign_get_hash:0,psa_alg_tls12_prf:0,psa_alg_tls12_prf_bas:0,psa_alg_tls12_prf_get_hash:0,psa_alg_tls12_psk_to_m:0,psa_alg_tls12_psk_to_ms_bas:0,psa_alg_tls12_psk_to_ms_get_hash:0,psa_alg_tls12_psk_to_ms_max_psk_len:0,psa_alg_truncated_mac:0,psa_alg_vendor_flag:0,psa_alg_xt:0,psa_algorithm_t:0,psa_asymmetric_decrypt:0,psa_asymmetric_decrypt_output_s:0,psa_asymmetric_encrypt:0,psa_asymmetric_encrypt_output_s:0,psa_asymmetric_sign:0,psa_asymmetric_sign_output_s:0,psa_asymmetric_signature_max_s:0,psa_asymmetric_verifi:0,psa_bits_to_byt:0,psa_block_cipher_block_s:0,psa_bytes_to_bit:0,psa_cipher_abort:0,psa_cipher_decrypt:0,psa_cipher_decrypt_setup:0,psa_cipher_encrypt:0,psa_cipher_encrypt_setup:0,psa_cipher_finish:0,psa_cipher_generate_iv:0,psa_cipher_operation_init:0,psa_cipher_operation_t:0,psa_cipher_set_iv:0,psa_cipher_upd:0,psa_close_kei:0,psa_copy_kei:0,psa_crypto_init:0,psa_destroy_kei:0,psa_dh_group_ffdhe2048:0,psa_dh_group_ffdhe3072:0,psa_dh_group_ffdhe4096:0,psa_dh_group_ffdhe6144:0,psa_dh_group_ffdhe8192:0,psa_dh_group_t:0,psa_ecc_curve_bit:0,psa_ecc_curve_brainpool_p256r1:0,psa_ecc_curve_brainpool_p384r1:0,psa_ecc_curve_brainpool_p512r1:0,psa_ecc_curve_curve25519:0,psa_ecc_curve_curve448:0,psa_ecc_curve_secp160k1:0,psa_ecc_curve_secp160r1:0,psa_ecc_curve_secp160r2:0,psa_ecc_curve_secp192k1:0,psa_ecc_curve_secp192r1:0,psa_ecc_curve_secp224k1:0,psa_ecc_curve_secp224r1:0,psa_ecc_curve_secp256k1:0,psa_ecc_curve_secp256r1:0,psa_ecc_curve_secp384r1:0,psa_ecc_curve_secp521r1:0,psa_ecc_curve_sect163k1:0,psa_ecc_curve_sect163r1:0,psa_ecc_curve_sect163r2:0,psa_ecc_curve_sect193r1:0,psa_ecc_curve_sect193r2:0,psa_ecc_curve_sect233k1:0,psa_ecc_curve_sect233r1:0,psa_ecc_curve_sect239k1:0,psa_ecc_curve_sect283k1:0,psa_ecc_curve_sect283r1:0,psa_ecc_curve_sect409k1:0,psa_ecc_curve_sect409r1:0,psa_ecc_curve_sect571k1:0,psa_ecc_curve_sect571r1:0,psa_ecc_curve_t:0,psa_ecdsa_signature_s:0,psa_error_already_exist:0,psa_error_bad_st:0,psa_error_buffer_too_smal:0,psa_error_communication_failur:0,psa_error_corruption_detect:0,psa_error_does_not_exist:0,psa_error_generic_error:0,psa_error_hardware_failur:0,psa_error_insufficient_data:0,psa_error_insufficient_entropi:0,psa_error_insufficient_memori:0,psa_error_insufficient_storag:0,psa_error_invalid_argu:0,psa_error_invalid_handl:0,psa_error_invalid_pad:0,psa_error_invalid_signatur:0,psa_error_not_permit:0,psa_error_not_support:0,psa_error_storage_failur:0,psa_export_kei:0,psa_export_public_kei:0,psa_generate_kei:0,psa_generate_random:0,psa_get_key_algorithm:0,psa_get_key_attribut:0,psa_get_key_bit:0,psa_get_key_id:0,psa_get_key_lifetim:0,psa_get_key_typ:0,psa_get_key_usage_flag:0,psa_hash_abort:0,psa_hash_clon:0,psa_hash_compar:0,psa_hash_comput:0,psa_hash_finish:0,psa_hash_max_s:0,psa_hash_operation_init:0,psa_hash_operation_t:0,psa_hash_s:0,psa_hash_setup:0,psa_hash_upd:0,psa_hash_verifi:0,psa_hmac_max_hash_block_s:0,psa_import_kei:0,psa_key_attributes_init:0,psa_key_attributes_t:0,psa_key_derivation_abort:0,psa_key_derivation_get_capac:0,psa_key_derivation_input_byt:0,psa_key_derivation_input_info:0,psa_key_derivation_input_kei:0,psa_key_derivation_input_label:0,psa_key_derivation_input_salt:0,psa_key_derivation_input_se:0,psa_key_derivation_input_secret:0,psa_key_derivation_key_agr:0,psa_key_derivation_operation_init:0,psa_key_derivation_operation_t:0,psa_key_derivation_output_byt:0,psa_key_derivation_output_kei:0,psa_key_derivation_set_capac:0,psa_key_derivation_setup:0,psa_key_derivation_step_t:0,psa_key_derivation_unlimited_capac:0,psa_key_export_asn1_integer_max_s:0,psa_key_export_dsa_key_pair_max_s:0,psa_key_export_dsa_public_key_max_s:0,psa_key_export_ecc_key_pair_max_s:0,psa_key_export_ecc_public_key_max_s:0,psa_key_export_max_s:0,psa_key_export_rsa_key_pair_max_s:0,psa_key_export_rsa_public_key_max_s:0,psa_key_handle_t:0,psa_key_id_t:0,psa_key_id_user_max:0,psa_key_id_user_min:0,psa_key_id_vendor_max:0,psa_key_id_vendor_min:0,psa_key_lifetime_persist:0,psa_key_lifetime_t:0,psa_key_lifetime_volatil:0,psa_key_type_a:0,psa_key_type_arc4:0,psa_key_type_camellia:0,psa_key_type_category_flag_pair:0,psa_key_type_category_key_pair:0,psa_key_type_category_mask:0,psa_key_type_category_public_kei:0,psa_key_type_category_raw:0,psa_key_type_category_symmetr:0,psa_key_type_chacha20:0,psa_key_type_d:0,psa_key_type_der:0,psa_key_type_dh_group_mask:0,psa_key_type_dh_key_pair:0,psa_key_type_dh_key_pair_bas:0,psa_key_type_dh_public_kei:0,psa_key_type_dh_public_key_bas:0,psa_key_type_ecc_curve_mask:0,psa_key_type_ecc_key_pair:0,psa_key_type_ecc_key_pair_bas:0,psa_key_type_ecc_public_kei:0,psa_key_type_ecc_public_key_bas:0,psa_key_type_get_curv:0,psa_key_type_get_group:0,psa_key_type_hmac:0,psa_key_type_is_asymmetr:0,psa_key_type_is_dh:0,psa_key_type_is_dh_key_pair:0,psa_key_type_is_dh_public_kei:0,psa_key_type_is_ecc:0,psa_key_type_is_ecc_key_pair:0,psa_key_type_is_ecc_public_kei:0,psa_key_type_is_key_pair:0,psa_key_type_is_public_kei:0,psa_key_type_is_rsa:0,psa_key_type_is_unstructur:0,psa_key_type_is_vendor_defin:0,psa_key_type_key_pair_of_public_kei:0,psa_key_type_non:0,psa_key_type_public_key_of_key_pair:0,psa_key_type_raw_data:0,psa_key_type_rsa_key_pair:0,psa_key_type_rsa_public_kei:0,psa_key_type_t:0,psa_key_type_vendor_flag:0,psa_key_usage_copi:0,psa_key_usage_decrypt:0,psa_key_usage_der:0,psa_key_usage_encrypt:0,psa_key_usage_export:0,psa_key_usage_sign:0,psa_key_usage_t:0,psa_key_usage_verifi:0,psa_mac_abort:0,psa_mac_comput:0,psa_mac_final_s:0,psa_mac_max_s:0,psa_mac_operation_init:0,psa_mac_operation_t:0,psa_mac_sign_finish:0,psa_mac_sign_setup:0,psa_mac_truncated_length:0,psa_mac_truncation_offset:0,psa_mac_upd:0,psa_mac_verifi:0,psa_mac_verify_finish:0,psa_mac_verify_setup:0,psa_max_block_cipher_block_s:0,psa_open_kei:0,psa_raw_key_agr:0,psa_reset_key_attribut:0,psa_round_up_to_multipl:0,psa_rsa_minimum_padding_s:0,psa_set_key_algorithm:0,psa_set_key_bit:0,psa_set_key_id:0,psa_set_key_lifetim:0,psa_set_key_typ:0,psa_set_key_usage_flag:0,psa_status_t:0,psa_success:0,psa_vendor_ecc_max_curve_bit:0,psa_vendor_rsa_max_key_bit:0,pseudorandom:0,random:[0,1],recommend:1,requir:1,resist:1,resourc:1,safe:1,sampl:1,secur:1,share:1,sign:1,singl:1,size:1,specif:[0,1,2],stabil:1,standard:1,statu:1,storag:1,structur:1,suitabl:1,support:1,symmetr:[0,1],token:1,type:[0,1],usag:1,use:1,version:2,volatil:1}})
\ No newline at end of file
diff --git a/docs/html/splitbar.png b/docs/html/splitbar.png
deleted file mode 100644
index fe895f2..0000000
--- a/docs/html/splitbar.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/structpsa__generate__key__extra__rsa-members.html b/docs/html/structpsa__generate__key__extra__rsa-members.html
deleted file mode 100644
index f03b6de..0000000
--- a/docs/html/structpsa__generate__key__extra__rsa-members.html
+++ /dev/null
@@ -1,102 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: Member List</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li class="current"><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="annotated.html"><span>Class&#160;List</span></a></li>
-      <li><a href="classes.html"><span>Class&#160;Index</span></a></li>
-      <li><a href="functions.html"><span>Class&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-</div><!-- top -->
-<div class="header">
-  <div class="headertitle">
-<div class="title">psa_generate_key_extra_rsa Member List</div>  </div>
-</div><!--header-->
-<div class="contents">
-
-<p>This is the complete list of members for <a class="el" href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a>, including all inherited members.</p>
-<table class="directory">
-  <tr class="even"><td class="entry"><a class="el" href="structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d">e</a></td><td class="entry"><a class="el" href="structpsa__generate__key__extra__rsa.html">psa_generate_key_extra_rsa</a></td><td class="entry"></td></tr>
-</table></div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/structpsa__generate__key__extra__rsa.html b/docs/html/structpsa__generate__key__extra__rsa.html
deleted file mode 100644
index 4121301..0000000
--- a/docs/html/structpsa__generate__key__extra__rsa.html
+++ /dev/null
@@ -1,129 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=9"/>
-<meta name="generator" content="Doxygen 1.8.11"/>
-<title>Platform Security Architecture — cryptography and keystore interface: psa_generate_key_extra_rsa Struct Reference</title>
-<link href="tabs.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="jquery.js"></script>
-<script type="text/javascript" src="dynsections.js"></script>
-<link href="search/search.css" rel="stylesheet" type="text/css"/>
-<script type="text/javascript" src="search/searchdata.js"></script>
-<script type="text/javascript" src="search/search.js"></script>
-<script type="text/javascript">
-  $(document).ready(function() { init_search(); });
-</script>
-<link href="doxygen.css" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr style="height: 56px;">
-  <td id="projectalign" style="padding-left: 0.5em;">
-   <div id="projectname">Platform Security Architecture — cryptography and keystore interface
-   &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
-   </div>
-  </td>
- </tr>
- </tbody>
-</table>
-</div>
-<!-- end header part -->
-<!-- Generated by Doxygen 1.8.11 -->
-<script type="text/javascript">
-var searchBox = new SearchBox("searchBox", "search",false,'Search');
-</script>
-  <div id="navrow1" class="tabs">
-    <ul class="tablist">
-      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
-      <li><a href="modules.html"><span>Modules</span></a></li>
-      <li class="current"><a href="annotated.html"><span>Classes</span></a></li>
-      <li><a href="files.html"><span>Files</span></a></li>
-      <li>
-        <div id="MSearchBox" class="MSearchBoxInactive">
-        <span class="left">
-          <img id="MSearchSelect" src="search/mag_sel.png"
-               onmouseover="return searchBox.OnSearchSelectShow()"
-               onmouseout="return searchBox.OnSearchSelectHide()"
-               alt=""/>
-          <input type="text" id="MSearchField" value="Search" accesskey="S"
-               onfocus="searchBox.OnSearchFieldFocus(true)" 
-               onblur="searchBox.OnSearchFieldFocus(false)" 
-               onkeyup="searchBox.OnSearchFieldChange(event)"/>
-          </span><span class="right">
-            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
-          </span>
-        </div>
-      </li>
-    </ul>
-  </div>
-  <div id="navrow2" class="tabs2">
-    <ul class="tablist">
-      <li><a href="annotated.html"><span>Class&#160;List</span></a></li>
-      <li><a href="classes.html"><span>Class&#160;Index</span></a></li>
-      <li><a href="functions.html"><span>Class&#160;Members</span></a></li>
-    </ul>
-  </div>
-<!-- window showing the filter options -->
-<div id="MSearchSelectWindow"
-     onmouseover="return searchBox.OnSearchSelectShow()"
-     onmouseout="return searchBox.OnSearchSelectHide()"
-     onkeydown="return searchBox.OnSearchSelectKey(event)">
-</div>
-
-<!-- iframe showing the search results (closed by default) -->
-<div id="MSearchResultsWindow">
-<iframe src="javascript:void(0)" frameborder="0" 
-        name="MSearchResults" id="MSearchResults">
-</iframe>
-</div>
-
-</div><!-- top -->
-<div class="header">
-  <div class="summary">
-<a href="#pub-attribs">Public Attributes</a> &#124;
-<a href="structpsa__generate__key__extra__rsa-members.html">List of all members</a>  </div>
-  <div class="headertitle">
-<div class="title">psa_generate_key_extra_rsa Struct Reference<div class="ingroups"><a class="el" href="group__random.html">Random generation</a></div></div>  </div>
-</div><!--header-->
-<div class="contents">
-
-<p><code>#include &lt;<a class="el" href="crypto_8h_source.html">crypto.h</a>&gt;</code></p>
-<table class="memberdecls">
-<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pub-attribs"></a>
-Public Attributes</h2></td></tr>
-<tr class="memitem:a53ccb9e4375f3c9af6e3ecfe111ce11d"><td class="memItemLeft" align="right" valign="top">uint32_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpsa__generate__key__extra__rsa.html#a53ccb9e4375f3c9af6e3ecfe111ce11d">e</a></td></tr>
-<tr class="separator:a53ccb9e4375f3c9af6e3ecfe111ce11d"><td class="memSeparator" colspan="2">&#160;</td></tr>
-</table>
-<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<div class="textblock"><p>Extra parameters for RSA key generation.</p>
-<p>You may pass a pointer to a structure of this type as the <code>extra</code> parameter to <a class="el" href="group__random.html#ga72921520494b4f007a3afb904cd9ecdd" title="Generate a key or key pair. ">psa_generate_key()</a>. </p>
-</div><h2 class="groupheader">Member Data Documentation</h2>
-<a class="anchor" id="a53ccb9e4375f3c9af6e3ecfe111ce11d"></a>
-<div class="memitem">
-<div class="memproto">
-      <table class="memname">
-        <tr>
-          <td class="memname">uint32_t psa_generate_key_extra_rsa::e</td>
-        </tr>
-      </table>
-</div><div class="memdoc">
-<p>Public exponent value. Default: 65537. </p>
-
-</div>
-</div>
-<hr/>The documentation for this struct was generated from the following file:<ul>
-<li>psa/<a class="el" href="crypto_8h_source.html">crypto.h</a></li>
-</ul>
-</div><!-- contents -->
-<!-- start footer part -->
-<hr class="footer"/><address class="footer"><small>
-Generated by &#160;<a href="http://www.doxygen.org/index.html">
-<img class="footer" src="doxygen.png" alt="doxygen"/>
-</a> 1.8.11
-</small></address>
-</body>
-</html>
diff --git a/docs/html/sync_off.png b/docs/html/sync_off.png
deleted file mode 100644
index 3b443fc..0000000
--- a/docs/html/sync_off.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/sync_on.png b/docs/html/sync_on.png
deleted file mode 100644
index e08320f..0000000
--- a/docs/html/sync_on.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/tab_a.png b/docs/html/tab_a.png
deleted file mode 100644
index 3b725c4..0000000
--- a/docs/html/tab_a.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/tab_b.png b/docs/html/tab_b.png
deleted file mode 100644
index e2b4a86..0000000
--- a/docs/html/tab_b.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/tab_h.png b/docs/html/tab_h.png
deleted file mode 100644
index fd5cb70..0000000
--- a/docs/html/tab_h.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/tab_s.png b/docs/html/tab_s.png
deleted file mode 100644
index ab478c9..0000000
--- a/docs/html/tab_s.png
+++ /dev/null
Binary files differ
diff --git a/docs/html/tabs.css b/docs/html/tabs.css
deleted file mode 100644
index 9cf578f..0000000
--- a/docs/html/tabs.css
+++ /dev/null
@@ -1,60 +0,0 @@
-.tabs, .tabs2, .tabs3 {
-    background-image: url('tab_b.png');
-    width: 100%;
-    z-index: 101;
-    font-size: 13px;
-    font-family: 'Lucida Grande',Geneva,Helvetica,Arial,sans-serif;
-}
-
-.tabs2 {
-    font-size: 10px;
-}
-.tabs3 {
-    font-size: 9px;
-}
-
-.tablist {
-    margin: 0;
-    padding: 0;
-    display: table;
-}
-
-.tablist li {
-    float: left;
-    display: table-cell;
-    background-image: url('tab_b.png');
-    line-height: 36px;
-    list-style: none;
-}
-
-.tablist a {
-    display: block;
-    padding: 0 20px;
-    font-weight: bold;
-    background-image:url('tab_s.png');
-    background-repeat:no-repeat;
-    background-position:right;
-    color: #283A5D;
-    text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.9);
-    text-decoration: none;
-    outline: none;
-}
-
-.tabs3 .tablist a {
-    padding: 0 10px;
-}
-
-.tablist a:hover {
-    background-image: url('tab_h.png');
-    background-repeat:repeat-x;
-    color: #fff;
-    text-shadow: 0px 1px 1px rgba(0, 0, 0, 1.0);
-    text-decoration: none;
-}
-
-.tablist li.current a {
-    background-image: url('tab_a.png');
-    background-repeat:repeat-x;
-    color: #fff;
-    text-shadow: 0px 1px 1px rgba(0, 0, 0, 1.0);
-}
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 44280d2..4eff836 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.14.0 source code documentation
+ * @mainpage mbed TLS v2.17.0 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index fd22cdb..ce58d6b 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.14.0"
+PROJECT_NAME           = "mbed TLS v2.17.0"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 67c66c8..dac97f4 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -15,7 +15,8 @@
 
 endif(INSTALL_MBEDTLS_HEADERS)
 
-# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
+# Make config.h available in an out-of-source build.
 if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
     link_to_source(mbedtls)
+    link_to_source(psa)
 endif()
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index cfb20c4..94e7282 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -121,7 +121,7 @@
  *                 It must be the first API called before using
  *                 the context.
  *
- * \param ctx      The AES context to initialize.
+ * \param ctx      The AES context to initialize. This must not be \c NULL.
  */
 void mbedtls_aes_init( mbedtls_aes_context *ctx );
 
@@ -129,6 +129,8 @@
  * \brief          This function releases and clears the specified AES context.
  *
  * \param ctx      The AES context to clear.
+ *                 If this is \c NULL, this function does nothing.
+ *                 Otherwise, the context must have been at least initialized.
  */
 void mbedtls_aes_free( mbedtls_aes_context *ctx );
 
@@ -139,7 +141,7 @@
  *                 It must be the first API called before using
  *                 the context.
  *
- * \param ctx      The AES XTS context to initialize.
+ * \param ctx      The AES XTS context to initialize. This must not be \c NULL.
  */
 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
 
@@ -147,6 +149,8 @@
  * \brief          This function releases and clears the specified AES XTS context.
  *
  * \param ctx      The AES XTS context to clear.
+ *                 If this is \c NULL, this function does nothing.
+ *                 Otherwise, the context must have been at least initialized.
  */
 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
@@ -155,7 +159,9 @@
  * \brief          This function sets the encryption key.
  *
  * \param ctx      The AES context to which the key should be bound.
+ *                 It must be initialized.
  * \param key      The encryption key.
+ *                 This must be a readable buffer of size \p keybits bits.
  * \param keybits  The size of data passed in bits. Valid options are:
  *                 <ul><li>128 bits</li>
  *                 <li>192 bits</li>
@@ -171,7 +177,9 @@
  * \brief          This function sets the decryption key.
  *
  * \param ctx      The AES context to which the key should be bound.
+ *                 It must be initialized.
  * \param key      The decryption key.
+ *                 This must be a readable buffer of size \p keybits bits.
  * \param keybits  The size of data passed. Valid options are:
  *                 <ul><li>128 bits</li>
  *                 <li>192 bits</li>
@@ -189,8 +197,10 @@
  *                 sets the encryption key.
  *
  * \param ctx      The AES XTS context to which the key should be bound.
+ *                 It must be initialized.
  * \param key      The encryption key. This is comprised of the XTS key1
  *                 concatenated with the XTS key2.
+ *                 This must be a readable buffer of size \p keybits bits.
  * \param keybits  The size of \p key passed in bits. Valid options are:
  *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
  *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
@@ -207,8 +217,10 @@
  *                 sets the decryption key.
  *
  * \param ctx      The AES XTS context to which the key should be bound.
+ *                 It must be initialized.
  * \param key      The decryption key. This is comprised of the XTS key1
  *                 concatenated with the XTS key2.
+ *                 This must be a readable buffer of size \p keybits bits.
  * \param keybits  The size of \p key passed in bits. Valid options are:
  *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
  *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
@@ -234,10 +246,13 @@
  *                 call to this API with the same context.
  *
  * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
  *                 #MBEDTLS_AES_DECRYPT.
- * \param input    The 16-Byte buffer holding the input data.
- * \param output   The 16-Byte buffer holding the output data.
+ * \param input    The buffer holding the input data.
+ *                 It must be readable and at least \c 16 Bytes long.
+ * \param output   The buffer where the output data will be written.
+ *                 It must be writeable and at least \c 16 Bytes long.
 
  * \return         \c 0 on success.
  */
@@ -260,8 +275,8 @@
  *         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
  *         before the first call to this API with the same context.
  *
- * \note   This function operates on aligned blocks, that is, the input size
- *         must be a multiple of the AES block size of 16 Bytes.
+ * \note   This function operates on full blocks, that is, the input size
+ *         must be a multiple of the AES block size of \c 16 Bytes.
  *
  * \note   Upon exit, the content of the IV is updated so that you can
  *         call the same function again on the next
@@ -272,13 +287,17 @@
  *
  *
  * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
  *                 #MBEDTLS_AES_DECRYPT.
  * \param length   The length of the input data in Bytes. This must be a
- *                 multiple of the block size (16 Bytes).
+ *                 multiple of the block size (\c 16 Bytes).
  * \param iv       Initialization vector (updated after use).
+ *                 It must be a readable and writeable buffer of \c 16 Bytes.
  * \param input    The buffer holding the input data.
+ *                 It must be readable and of size \p length Bytes.
  * \param output   The buffer holding the output data.
+ *                 It must be writeable and of size \p length Bytes.
  *
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
@@ -306,9 +325,10 @@
  *             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
  *
  * \param ctx          The AES XTS context to use for AES XTS operations.
+ *                     It must be initialized and bound to a key.
  * \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
  *                     #MBEDTLS_AES_DECRYPT.
- * \param length       The length of a data unit in bytes. This can be any
+ * \param length       The length of a data unit in Bytes. This can be any
  *                     length between 16 bytes and 2^24 bytes inclusive
  *                     (between 1 and 2^20 block cipher blocks).
  * \param data_unit    The address of the data unit encoded as an array of 16
@@ -316,15 +336,15 @@
  *                     is typically the index of the block device sector that
  *                     contains the data.
  * \param input        The buffer holding the input data (which is an entire
- *                     data unit). This function reads \p length bytes from \p
+ *                     data unit). This function reads \p length Bytes from \p
  *                     input.
  * \param output       The buffer holding the output data (which is an entire
- *                     data unit). This function writes \p length bytes to \p
+ *                     data unit). This function writes \p length Bytes to \p
  *                     output.
  *
  * \return             \c 0 on success.
  * \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
- *                     smaller than an AES block in size (16 bytes) or if \p
+ *                     smaller than an AES block in size (16 Bytes) or if \p
  *                     length is larger than 2^20 blocks (16 MiB).
  */
 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
@@ -360,13 +380,18 @@
  *
  *
  * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
  *                 #MBEDTLS_AES_DECRYPT.
- * \param length   The length of the input data.
+ * \param length   The length of the input data in Bytes.
  * \param iv_off   The offset in IV (updated after use).
+ *                 It must point to a valid \c size_t.
  * \param iv       The initialization vector (updated after use).
+ *                 It must be a readable and writeable buffer of \c 16 Bytes.
  * \param input    The buffer holding the input data.
+ *                 It must be readable and of size \p length Bytes.
  * \param output   The buffer holding the output data.
+ *                 It must be writeable and of size \p length Bytes.
  *
  * \return         \c 0 on success.
  */
@@ -401,12 +426,16 @@
  *
  *
  * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
  *                 #MBEDTLS_AES_DECRYPT
  * \param length   The length of the input data.
  * \param iv       The initialization vector (updated after use).
+ *                 It must be a readable and writeable buffer of \c 16 Bytes.
  * \param input    The buffer holding the input data.
+ *                 It must be readable and of size \p length Bytes.
  * \param output   The buffer holding the output data.
+ *                 It must be writeable and of size \p length Bytes.
  *
  * \return         \c 0 on success.
  */
@@ -451,11 +480,16 @@
  *              will compromise security.
  *
  * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
  * \param length   The length of the input data.
  * \param iv_off   The offset in IV (updated after use).
+ *                 It must point to a valid \c size_t.
  * \param iv       The initialization vector (updated after use).
+ *                 It must be a readable and writeable buffer of \c 16 Bytes.
  * \param input    The buffer holding the input data.
+ *                 It must be readable and of size \p length Bytes.
  * \param output   The buffer holding the output data.
+ *                 It must be writeable and of size \p length Bytes.
  *
  * \return         \c 0 on success.
  */
@@ -527,15 +561,21 @@
  *             securely discarded as soon as it's no longer needed.
  *
  * \param ctx              The AES context to use for encryption or decryption.
+ *                         It must be initialized and bound to a key.
  * \param length           The length of the input data.
  * \param nc_off           The offset in the current \p stream_block, for
  *                         resuming within the current cipher stream. The
  *                         offset pointer should be 0 at the start of a stream.
+ *                         It must point to a valid \c size_t.
  * \param nonce_counter    The 128-bit nonce and counter.
+ *                         It must be a readable-writeable buffer of \c 16 Bytes.
  * \param stream_block     The saved stream block for resuming. This is
  *                         overwritten by the function.
+ *                         It must be a readable-writeable buffer of \c 16 Bytes.
  * \param input            The buffer holding the input data.
+ *                         It must be readable and of size \p length Bytes.
  * \param output           The buffer holding the output data.
+ *                         It must be writeable and of size \p length Bytes.
  *
  * \return                 \c 0 on success.
  */
@@ -588,7 +628,7 @@
  * \brief           Deprecated internal AES block encryption function
  *                  without return value.
  *
- * \deprecated      Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
+ * \deprecated      Superseded by mbedtls_internal_aes_encrypt()
  *
  * \param ctx       The AES context to use for encryption.
  * \param input     Plaintext block.
@@ -602,7 +642,7 @@
  * \brief           Deprecated internal AES block decryption function
  *                  without return value.
  *
- * \deprecated      Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
+ * \deprecated      Superseded by mbedtls_internal_aes_decrypt()
  *
  * \param ctx       The AES context to use for decryption.
  * \param input     Ciphertext block.
@@ -615,6 +655,8 @@
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
+
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief          Checkup routine.
  *
@@ -623,6 +665,8 @@
  */
 int mbedtls_aes_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index 746baa0..a4ca012 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -2,6 +2,9 @@
  * \file aesni.h
  *
  * \brief AES-NI for hardware AES acceleration on some Intel processors
+ *
+ * \warning These functions are only for internal use by other library
+ *          functions; you must not call them directly.
  */
 /*
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@@ -24,6 +27,12 @@
 #ifndef MBEDTLS_AESNI_H
 #define MBEDTLS_AESNI_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "aes.h"
 
 #define MBEDTLS_AESNI_AES      0x02000000u
@@ -42,7 +51,10 @@
 #endif
 
 /**
- * \brief          AES-NI features detection routine
+ * \brief          Internal function to detect the AES-NI feature in CPUs.
+ *
+ * \note           This function is only for internal use by other library
+ *                 functions; you must not call it directly.
  *
  * \param what     The feature to detect
  *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
@@ -52,7 +64,10 @@
 int mbedtls_aesni_has_support( unsigned int what );
 
 /**
- * \brief          AES-NI AES-ECB block en(de)cryption
+ * \brief          Internal AES-NI AES-ECB block encryption and decryption
+ *
+ * \note           This function is only for internal use by other library
+ *                 functions; you must not call it directly.
  *
  * \param ctx      AES context
  * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@@ -62,12 +77,15 @@
  * \return         0 on success (cannot fail)
  */
 int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                     int mode,
-                     const unsigned char input[16],
-                     unsigned char output[16] );
+                             int mode,
+                             const unsigned char input[16],
+                             unsigned char output[16] );
 
 /**
- * \brief          GCM multiplication: c = a * b in GF(2^128)
+ * \brief          Internal GCM multiplication: c = a * b in GF(2^128)
+ *
+ * \note           This function is only for internal use by other library
+ *                 functions; you must not call it directly.
  *
  * \param c        Result
  * \param a        First operand
@@ -77,21 +95,29 @@
  *                 elements of GF(2^128) as per the GCM spec.
  */
 void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                     const unsigned char a[16],
-                     const unsigned char b[16] );
+                             const unsigned char a[16],
+                             const unsigned char b[16] );
 
 /**
- * \brief           Compute decryption round keys from encryption round keys
+ * \brief           Internal round key inversion. This function computes
+ *                  decryption round keys from the encryption round keys.
+ *
+ * \note            This function is only for internal use by other library
+ *                  functions; you must not call it directly.
  *
  * \param invkey    Round keys for the equivalent inverse cipher
  * \param fwdkey    Original round keys (for encryption)
  * \param nr        Number of rounds (that is, number of round keys minus one)
  */
 void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                        const unsigned char *fwdkey, int nr );
+                                const unsigned char *fwdkey,
+                                int nr );
 
 /**
- * \brief           Perform key expansion (for encryption)
+ * \brief           Internal key expansion for encryption
+ *
+ * \note            This function is only for internal use by other library
+ *                  functions; you must not call it directly.
  *
  * \param rk        Destination buffer where the round keys are written
  * \param key       Encryption key
@@ -100,8 +126,8 @@
  * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
  */
 int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                      const unsigned char *key,
-                      size_t bits );
+                              const unsigned char *key,
+                              size_t bits );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index c43f406..fb044d5 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -123,6 +123,8 @@
 int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
                 unsigned char *output );
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -135,6 +137,8 @@
  */
 int mbedtls_arc4_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 483d4c2..1e8956e 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -39,6 +39,8 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include "platform_util.h"
+
 #define MBEDTLS_ARIA_ENCRYPT     1 /**< ARIA encryption. */
 #define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
 
@@ -46,8 +48,12 @@
 #define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
 
-#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH   -0x005C  /**< Invalid key length. */
-#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E  /**< Invalid data input length. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */
+
+#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
 
 /* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
  */
@@ -85,14 +91,16 @@
  *                 It must be the first API called before using
  *                 the context.
  *
- * \param ctx      The ARIA context to initialize.
+ * \param ctx      The ARIA context to initialize. This must not be \c NULL.
  */
 void mbedtls_aria_init( mbedtls_aria_context *ctx );
 
 /**
  * \brief          This function releases and clears the specified ARIA context.
  *
- * \param ctx      The ARIA context to clear.
+ * \param ctx      The ARIA context to clear. This may be \c NULL, in which
+ *                 case this function returns immediately. If it is not \c NULL,
+ *                 it must point to an initialized ARIA context.
  */
 void mbedtls_aria_free( mbedtls_aria_context *ctx );
 
@@ -100,14 +108,16 @@
  * \brief          This function sets the encryption key.
  *
  * \param ctx      The ARIA context to which the key should be bound.
- * \param key      The encryption key.
- * \param keybits  The size of data passed in bits. Valid options are:
+ *                 This must be initialized.
+ * \param key      The encryption key. This must be a readable buffer
+ *                 of size \p keybits Bits.
+ * \param keybits  The size of \p key in Bits. Valid options are:
  *                 <ul><li>128 bits</li>
  *                 <li>192 bits</li>
  *                 <li>256 bits</li></ul>
  *
- * \return         \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
- *                 on failure.
+ * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
                              const unsigned char *key,
@@ -117,13 +127,16 @@
  * \brief          This function sets the decryption key.
  *
  * \param ctx      The ARIA context to which the key should be bound.
- * \param key      The decryption key.
+ *                 This must be initialized.
+ * \param key      The decryption key. This must be a readable buffer
+ *                 of size \p keybits Bits.
  * \param keybits  The size of data passed. Valid options are:
  *                 <ul><li>128 bits</li>
  *                 <li>192 bits</li>
  *                 <li>256 bits</li></ul>
  *
- * \return         \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure.
+ * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
                              const unsigned char *key,
@@ -142,10 +155,12 @@
  *                 call to this API with the same context.
  *
  * \param ctx      The ARIA context to use for encryption or decryption.
+ *                 This must be initialized and bound to a key.
  * \param input    The 16-Byte buffer holding the input data.
  * \param output   The 16-Byte buffer holding the output data.
 
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
                             const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
@@ -177,16 +192,21 @@
  *
  *
  * \param ctx      The ARIA context to use for encryption or decryption.
- * \param mode     The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
- *                 #MBEDTLS_ARIA_DECRYPT.
+ *                 This must be initialized and bound to a key.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_ARIA_ENCRYPT for encryption, or
+ *                 #MBEDTLS_ARIA_DECRYPT for decryption.
  * \param length   The length of the input data in Bytes. This must be a
  *                 multiple of the block size (16 Bytes).
  * \param iv       Initialization vector (updated after use).
- * \param input    The buffer holding the input data.
- * \param output   The buffer holding the output data.
+ *                 This must be a readable buffer of size 16 Bytes.
+ * \param input    The buffer holding the input data. This must
+ *                 be a readable buffer of length \p length Bytes.
+ * \param output   The buffer holding the output data. This must
+ *                 be a writable buffer of length \p length Bytes.
  *
- * \return         \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
- *                 on failure.
+ * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
                             int mode,
@@ -221,15 +241,22 @@
  *
  *
  * \param ctx      The ARIA context to use for encryption or decryption.
- * \param mode     The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
- *                 #MBEDTLS_ARIA_DECRYPT.
- * \param length   The length of the input data.
+ *                 This must be initialized and bound to a key.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_ARIA_ENCRYPT for encryption, or
+ *                 #MBEDTLS_ARIA_DECRYPT for decryption.
+ * \param length   The length of the input data \p input in Bytes.
  * \param iv_off   The offset in IV (updated after use).
+ *                 This must not be larger than 15.
  * \param iv       The initialization vector (updated after use).
- * \param input    The buffer holding the input data.
- * \param output   The buffer holding the output data.
+ *                 This must be a readable buffer of size 16 Bytes.
+ * \param input    The buffer holding the input data. This must
+ *                 be a readable buffer of length \p length Bytes.
+ * \param output   The buffer holding the output data. This must
+ *                 be a writable buffer of length \p length Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
                                int mode,
@@ -299,17 +326,24 @@
  *             securely discarded as soon as it's no longer needed.
  *
  * \param ctx              The ARIA context to use for encryption or decryption.
- * \param length           The length of the input data.
- * \param nc_off           The offset in the current \p stream_block, for
- *                         resuming within the current cipher stream. The
- *                         offset pointer should be 0 at the start of a stream.
- * \param nonce_counter    The 128-bit nonce and counter.
- * \param stream_block     The saved stream block for resuming. This is
- *                         overwritten by the function.
- * \param input            The buffer holding the input data.
- * \param output           The buffer holding the output data.
+ *                         This must be initialized and bound to a key.
+ * \param length           The length of the input data \p input in Bytes.
+ * \param nc_off           The offset in Bytes in the current \p stream_block,
+ *                         for resuming within the current cipher stream. The
+ *                         offset pointer should be \c 0 at the start of a
+ *                         stream. This must not be larger than \c 15 Bytes.
+ * \param nonce_counter    The 128-bit nonce and counter. This must point to
+ *                         a read/write buffer of length \c 16 bytes.
+ * \param stream_block     The saved stream block for resuming. This must
+ *                         point to a read/write buffer of length \c 16 bytes.
+ *                         This is overwritten by the function.
+ * \param input            The buffer holding the input data. This must
+ *                         be a readable buffer of length \p length Bytes.
+ * \param output           The buffer holding the output data. This must
+ *                         be a writable buffer of length \p length Bytes.
  *
- * \return     \c 0 on success.
+ * \return                 \c 0 on success.
+ * \return                 A negative error code on failure.
  */
 int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
                             size_t length,
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 96c1c9a..f80acd7 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -66,7 +66,7 @@
  * - 0x02 -- tag indicating INTEGER
  * - 0x01 -- length in octets
  * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
+ * Such sequences are typically read into Mbed TLS's \c mbedtls_x509_buf.
  * \{
  */
 #define MBEDTLS_ASN1_BOOLEAN                 0x01
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 76c1780..dc81782 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_ASN1_WRITE_H
 #define MBEDTLS_ASN1_WRITE_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "asn1.h"
 
 #define MBEDTLS_ASN1_CHK_ADD(g, f)                      \
@@ -277,6 +283,28 @@
                                   const unsigned char *buf, size_t bits );
 
 /**
+ * \brief           This function writes a named bitstring tag
+ *                  (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
+ *
+ *                  As stated in RFC 5280 Appendix B, trailing zeroes are
+ *                  omitted when encoding named bitstrings in DER.
+ *
+ * \note            This function works backwards within the data buffer.
+ *
+ * \param p         The reference to the current position pointer.
+ * \param start     The start of the buffer which is used for bounds-checking.
+ * \param buf       The bitstring to write.
+ * \param bits      The total number of bits in the bitstring.
+ *
+ * \return          The number of bytes written to \p p on success.
+ * \return          A negative error code on failure.
+ */
+int mbedtls_asn1_write_named_bitstring( unsigned char **p,
+                                        unsigned char *start,
+                                        const unsigned char *buf,
+                                        size_t bits );
+
+/**
  * \brief           Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
  *                  and value in ASN.1 format.
  *
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 7a64f52..0d02416 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_BASE64_H
 #define MBEDTLS_BASE64_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include <stddef.h>
 
 #define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
@@ -75,6 +81,7 @@
 int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
                    const unsigned char *src, size_t slen );
 
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief          Checkup routine
  *
@@ -82,6 +89,8 @@
  */
 int mbedtls_base64_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 40cfab4..c4d7686 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -186,96 +186,115 @@
 mbedtls_mpi;
 
 /**
- * \brief           Initialize one MPI (make internal references valid)
- *                  This just makes it ready to be set or freed,
+ * \brief           Initialize an MPI context.
+ *
+ *                  This makes the MPI ready to be set or freed,
  *                  but does not define a value for the MPI.
  *
- * \param X         One MPI to initialize.
+ * \param X         The MPI context to initialize. This must not be \c NULL.
  */
 void mbedtls_mpi_init( mbedtls_mpi *X );
 
 /**
- * \brief          Unallocate one MPI
+ * \brief          This function frees the components of an MPI context.
  *
- * \param X        One MPI to unallocate.
+ * \param X        The MPI context to be cleared. This may be \c NULL,
+ *                 in which case this function is a no-op. If it is
+ *                 not \c NULL, it must point to an initialized MPI.
  */
 void mbedtls_mpi_free( mbedtls_mpi *X );
 
 /**
- * \brief          Enlarge to the specified number of limbs
+ * \brief          Enlarge an MPI to the specified number of limbs.
  *
- *                 This function does nothing if the MPI is already large enough.
+ * \note           This function does nothing if the MPI is
+ *                 already large enough.
  *
- * \param X        MPI to grow
- * \param nblimbs  The target number of limbs
+ * \param X        The MPI to grow. It must be initialized.
+ * \param nblimbs  The target number of limbs.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on other kinds of failure.
  */
 int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
 
 /**
- * \brief          Resize down, keeping at least the specified number of limbs
+ * \brief          This function resizes an MPI downwards, keeping at least the
+ *                 specified number of limbs.
  *
  *                 If \c X is smaller than \c nblimbs, it is resized up
  *                 instead.
  *
- * \param X        MPI to shrink
- * \param nblimbs  The minimum number of limbs to keep
+ * \param X        The MPI to shrink. This must point to an initialized MPI.
+ * \param nblimbs  The minimum number of limbs to keep.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
  *                 (this can only happen when resizing up).
+ * \return         Another negative error code on other kinds of failure.
  */
 int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
 
 /**
- * \brief          Copy the contents of Y into X
+ * \brief          Make a copy of an MPI.
  *
- * \param X        Destination MPI. It is enlarged if necessary.
- * \param Y        Source MPI.
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param Y        The source MPI. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \note           The limb-buffer in the destination MPI is enlarged
+ *                 if necessary to hold the value in the source MPI.
+ *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on other kinds of failure.
  */
 int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
 
 /**
- * \brief          Swap the contents of X and Y
+ * \brief          Swap the contents of two MPIs.
  *
- * \param X        First MPI value
- * \param Y        Second MPI value
+ * \param X        The first MPI. It must be initialized.
+ * \param Y        The second MPI. It must be initialized.
  */
 void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
 
 /**
- * \brief          Safe conditional assignement X = Y if assign is 1
+ * \brief          Perform a safe conditional copy of MPI which doesn't
+ *                 reveal whether the condition was true or not.
  *
- * \param X        MPI to conditionally assign to
- * \param Y        Value to be assigned
- * \param assign   1: perform the assignment, 0: keep X's original value
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ * \param X        The MPI to conditionally assign to. This must point
+ *                 to an initialized MPI.
+ * \param Y        The MPI to be assigned from. This must point to an
+ *                 initialized MPI.
+ * \param assign   The condition deciding whether to perform the
+ *                 assignment or not. Possible values:
+ *                 * \c 1: Perform the assignment `X = Y`.
+ *                 * \c 0: Keep the original value of \p X.
  *
  * \note           This function is equivalent to
- *                      if( assign ) mbedtls_mpi_copy( X, Y );
+ *                      `if( assign ) mbedtls_mpi_copy( X, Y );`
  *                 except that it avoids leaking any information about whether
  *                 the assignment was done or not (the above code may leak
  *                 information through branch prediction and/or memory access
  *                 patterns analysis).
+ *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on other kinds of failure.
  */
 int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
 
 /**
- * \brief          Safe conditional swap X <-> Y if swap is 1
+ * \brief          Perform a safe conditional swap which doesn't
+ *                 reveal whether the condition was true or not.
  *
- * \param X        First mbedtls_mpi value
- * \param Y        Second mbedtls_mpi value
- * \param assign   1: perform the swap, 0: keep X and Y's original values
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ * \param X        The first MPI. This must be initialized.
+ * \param Y        The second MPI. This must be initialized.
+ * \param assign   The condition deciding whether to perform
+ *                 the swap or not. Possible values:
+ *                 * \c 1: Swap the values of \p X and \p Y.
+ *                 * \c 0: Keep the original values of \p X and \p Y.
  *
  * \note           This function is equivalent to
  *                      if( assign ) mbedtls_mpi_swap( X, Y );
@@ -283,415 +302,546 @@
  *                 the assignment was done or not (the above code may leak
  *                 information through branch prediction and/or memory access
  *                 patterns analysis).
+ *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on other kinds of failure.
+ *
  */
 int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
 
 /**
- * \brief          Set value from integer
+ * \brief          Store integer value in MPI.
  *
- * \param X        MPI to set
- * \param z        Value to use
+ * \param X        The MPI to set. This must be initialized.
+ * \param z        The value to use.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on other kinds of failure.
  */
 int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
 
 /**
- * \brief          Get a specific bit from X
+ * \brief          Get a specific bit from an MPI.
  *
- * \param X        MPI to use
- * \param pos      Zero-based index of the bit in X
+ * \param X        The MPI to query. This must be initialized.
+ * \param pos      Zero-based index of the bit to query.
  *
- * \return         Either a 0 or a 1
+ * \return         \c 0 or \c 1 on success, depending on whether bit \c pos
+ *                 of \c X is unset or set.
+ * \return         A negative error code on failure.
  */
 int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
 
 /**
- * \brief          Set a bit of X to a specific value of 0 or 1
+ * \brief          Modify a specific bit in an MPI.
  *
- * \note           Will grow X if necessary to set a bit to 1 in a not yet
- *                 existing limb. Will not grow if bit should be set to 0
+ * \note           This function will grow the target MPI if necessary to set a
+ *                 bit to \c 1 in a not yet existing limb. It will not grow if
+ *                 the bit should be set to \c 0.
  *
- * \param X        MPI to use
- * \param pos      Zero-based index of the bit in X
- * \param val      The value to set the bit to (0 or 1)
+ * \param X        The MPI to modify. This must be initialized.
+ * \param pos      Zero-based index of the bit to modify.
+ * \param val      The desired value of bit \c pos: \c 0 or \c 1.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on other kinds of failure.
  */
 int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
 
 /**
- * \brief          Return the number of zero-bits before the least significant
- *                 '1' bit
+ * \brief          Return the number of bits of value \c 0 before the
+ *                 least significant bit of value \c 1.
  *
- * Note: Thus also the zero-based index of the least significant '1' bit
+ * \note           This is the same as the zero-based index of
+ *                 the least significant bit of value \c 1.
  *
- * \param X        MPI to use
+ * \param X        The MPI to query.
+ *
+ * \return         The number of bits of value \c 0 before the least significant
+ *                 bit of value \c 1 in \p X.
  */
 size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
 
 /**
  * \brief          Return the number of bits up to and including the most
- *                 significant '1' bit'
+ *                 significant bit of value \c 1.
  *
- * Note: Thus also the one-based index of the most significant '1' bit
+ * * \note         This is same as the one-based index of the most
+ *                 significant bit of value \c 1.
  *
- * \param X        MPI to use
+ * \param X        The MPI to query. This must point to an initialized MPI.
+ *
+ * \return         The number of bits up to and including the most
+ *                 significant bit of value \c 1.
  */
 size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
 
 /**
- * \brief          Return the total size in bytes
+ * \brief          Return the total size of an MPI value in bytes.
  *
- * \param X        MPI to use
+ * \param X        The MPI to use. This must point to an initialized MPI.
+ *
+ * \note           The value returned by this function may be less than
+ *                 the number of bytes used to store \p X internally.
+ *                 This happens if and only if there are trailing bytes
+ *                 of value zero.
+ *
+ * \return         The least number of bytes capable of storing
+ *                 the absolute value of \p X.
  */
 size_t mbedtls_mpi_size( const mbedtls_mpi *X );
 
 /**
- * \brief          Import from an ASCII string
+ * \brief          Import an MPI from an ASCII string.
  *
- * \param X        Destination MPI
- * \param radix    Input numeric base
- * \param s        Null-terminated string buffer
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param radix    The numeric base of the input string.
+ * \param s        Null-terminated string buffer.
  *
- * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
 
 /**
- * \brief          Export into an ASCII string
+ * \brief          Export an MPI to an ASCII string.
  *
- * \param X        Source MPI
- * \param radix    Output numeric base
- * \param buf      Buffer to write the string to
- * \param buflen   Length of buf
- * \param olen     Length of the string written, including final NUL byte
+ * \param X        The source MPI. This must point to an initialized MPI.
+ * \param radix    The numeric base of the output string.
+ * \param buf      The buffer to write the string to. This must be writable
+ *                 buffer of length \p buflen Bytes.
+ * \param buflen   The available size in Bytes of \p buf.
+ * \param olen     The address at which to store the length of the string
+ *                 written, including the  final \c NULL byte. This must
+ *                 not be \c NULL.
  *
- * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
- *                 *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
+ * \note           You can call this function with `buflen == 0` to obtain the
+ *                 minimum required buffer size in `*olen`.
  *
- * \note           Call this function with buflen = 0 to obtain the
- *                 minimum required buffer size in *olen.
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
+ *                 is too small to hold the value of \p X in the desired base.
+ *                 In this case, `*olen` is nonetheless updated to contain the
+ *                 size of \p buf required for a successful call.
+ * \return         Another negative error code on different kinds of failure.
  */
 int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
                               char *buf, size_t buflen, size_t *olen );
 
 #if defined(MBEDTLS_FS_IO)
 /**
- * \brief          Read MPI from a line in an opened file
+ * \brief          Read an MPI from a line in an opened file.
  *
- * \param X        Destination MPI
- * \param radix    Input numeric base
- * \param fin      Input file handle
- *
- * \return         0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
- *                 the file read buffer is too small or a
- *                 MBEDTLS_ERR_MPI_XXX error code
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param radix    The numeric base of the string representation used
+ *                 in the source line.
+ * \param fin      The input file handle to use. This must not be \c NULL.
  *
  * \note           On success, this function advances the file stream
  *                 to the end of the current line or to EOF.
  *
- *                 The function returns 0 on an empty line.
+ *                 The function returns \c 0 on an empty line.
  *
  *                 Leading whitespaces are ignored, as is a
- *                 '0x' prefix for radix 16.
+ *                 '0x' prefix for radix \c 16.
  *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer
+ *                 is too small.
+ * \return         Another negative error code on failure.
  */
 int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
 
 /**
- * \brief          Write X into an opened file, or stdout if fout is NULL
+ * \brief          Export an MPI into an opened file.
  *
- * \param p        Prefix, can be NULL
- * \param X        Source MPI
- * \param radix    Output numeric base
- * \param fout     Output file handle (can be NULL)
+ * \param p        A string prefix to emit prior to the MPI data.
+ *                 For example, this might be a label, or "0x" when
+ *                 printing in base \c 16. This may be \c NULL if no prefix
+ *                 is needed.
+ * \param X        The source MPI. This must point to an initialized MPI.
+ * \param radix    The numeric base to be used in the emitted string.
+ * \param fout     The output file handle. This may be \c NULL, in which case
+ *                 the output is written to \c stdout.
  *
- * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
- *
- * \note           Set fout == NULL to print X on the console.
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
+                            int radix, FILE *fout );
 #endif /* MBEDTLS_FS_IO */
 
 /**
- * \brief          Import X from unsigned binary data, big endian
+ * \brief          Import an MPI from unsigned big endian binary data.
  *
- * \param X        Destination MPI
- * \param buf      Input buffer
- * \param buflen   Input buffer size
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param buf      The input buffer. This must be a readable buffer of length
+ *                 \p buflen Bytes.
+ * \param buflen   The length of the input buffer \p p in Bytes.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
+                             size_t buflen );
+
+/**
+ * \brief          Import X from unsigned binary data, little endian
+ *
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param buf      The input buffer. This must be a readable buffer of length
+ *                 \p buflen Bytes.
+ * \param buflen   The length of the input buffer \p p in Bytes.
+ *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
+ */
+int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
+                                const unsigned char *buf, size_t buflen );
 
 /**
  * \brief          Export X into unsigned binary data, big endian.
  *                 Always fills the whole buffer, which will start with zeros
  *                 if the number is smaller.
  *
- * \param X        Source MPI
- * \param buf      Output buffer
- * \param buflen   Output buffer size
+ * \param X        The source MPI. This must point to an initialized MPI.
+ * \param buf      The output buffer. This must be a writable buffer of length
+ *                 \p buflen Bytes.
+ * \param buflen   The size of the output buffer \p buf in Bytes.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+ *                 large enough to hold the value of \p X.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
+                              size_t buflen );
 
 /**
- * \brief          Left-shift: X <<= count
+ * \brief          Export X into unsigned binary data, little endian.
+ *                 Always fills the whole buffer, which will end with zeros
+ *                 if the number is smaller.
  *
- * \param X        MPI to shift
- * \param count    Amount to shift
+ * \param X        The source MPI. This must point to an initialized MPI.
+ * \param buf      The output buffer. This must be a writable buffer of length
+ *                 \p buflen Bytes.
+ * \param buflen   The size of the output buffer \p buf in Bytes.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+ *                 large enough to hold the value of \p X.
+ * \return         Another negative error code on different kinds of failure.
+ */
+int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
+                                 unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Perform a left-shift on an MPI: X <<= count
+ *
+ * \param X        The MPI to shift. This must point to an initialized MPI.
+ * \param count    The number of bits to shift by.
+ *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
 int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
 
 /**
- * \brief          Right-shift: X >>= count
+ * \brief          Perform a right-shift on an MPI: X >>= count
  *
- * \param X        MPI to shift
- * \param count    Amount to shift
+ * \param X        The MPI to shift. This must point to an initialized MPI.
+ * \param count    The number of bits to shift by.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
 int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
 
 /**
- * \brief          Compare unsigned values
+ * \brief          Compare the absolute values of two MPIs.
  *
- * \param X        Left-hand MPI
- * \param Y        Right-hand MPI
+ * \param X        The left-hand MPI. This must point to an initialized MPI.
+ * \param Y        The right-hand MPI. This must point to an initialized MPI.
  *
- * \return         1 if |X| is greater than |Y|,
- *                -1 if |X| is lesser  than |Y| or
- *                 0 if |X| is equal to |Y|
+ * \return         \c 1 if `|X|` is greater than `|Y|`.
+ * \return         \c -1 if `|X|` is lesser than `|Y|`.
+ * \return         \c 0 if `|X|` is equal to `|Y|`.
  */
 int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 
 /**
- * \brief          Compare signed values
+ * \brief          Compare two MPIs.
  *
- * \param X        Left-hand MPI
- * \param Y        Right-hand MPI
+ * \param X        The left-hand MPI. This must point to an initialized MPI.
+ * \param Y        The right-hand MPI. This must point to an initialized MPI.
  *
- * \return         1 if X is greater than Y,
- *                -1 if X is lesser  than Y or
- *                 0 if X is equal to Y
+ * \return         \c 1 if \p X is greater than \p Y.
+ * \return         \c -1 if \p X is lesser than \p Y.
+ * \return         \c 0 if \p X is equal to \p Y.
  */
 int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 
 /**
- * \brief          Compare signed values
+ * \brief          Compare an MPI with an integer.
  *
- * \param X        Left-hand MPI
- * \param z        The integer value to compare to
+ * \param X        The left-hand MPI. This must point to an initialized MPI.
+ * \param z        The integer value to compare \p X to.
  *
- * \return         1 if X is greater than z,
- *                -1 if X is lesser  than z or
- *                 0 if X is equal to z
+ * \return         \c 1 if \p X is greater than \p z.
+ * \return         \c -1 if \p X is lesser than \p z.
+ * \return         \c 0 if \p X is equal to \p z.
  */
 int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
 
 /**
- * \brief          Unsigned addition: X = |A| + |B|
+ * \brief          Perform an unsigned addition of MPIs: X = |A| + |B|
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The first summand. This must point to an initialized MPI.
+ * \param B        The second summand. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B );
 
 /**
- * \brief          Unsigned subtraction: X = |A| - |B|
+ * \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The minuend. This must point to an initialized MPI.
+ * \param B        The subtrahend. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
+ * \return         Another negative error code on different kinds of failure.
+ *
  */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B );
 
 /**
- * \brief          Signed addition: X = A + B
+ * \brief          Perform a signed addition of MPIs: X = A + B
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The first summand. This must point to an initialized MPI.
+ * \param B        The second summand. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B );
 
 /**
- * \brief          Signed subtraction: X = A - B
+ * \brief          Perform a signed subtraction of MPIs: X = A - B
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The minuend. This must point to an initialized MPI.
+ * \param B        The subtrahend. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B );
 
 /**
- * \brief          Signed addition: X = A + b
+ * \brief          Perform a signed addition of an MPI and an integer: X = A + b
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param b        The integer value to add
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The first summand. This must point to an initialized MPI.
+ * \param b        The second summand.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         mbedtls_mpi_sint b );
 
 /**
- * \brief          Signed subtraction: X = A - b
+ * \brief          Perform a signed subtraction of an MPI and an integer:
+ *                 X = A - b
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param b        The integer value to subtract
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The minuend. This must point to an initialized MPI.
+ * \param b        The subtrahend.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         mbedtls_mpi_sint b );
 
 /**
- * \brief          Baseline multiplication: X = A * B
+ * \brief          Perform a multiplication of two MPIs: X = A * B
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The first factor. This must point to an initialized MPI.
+ * \param B        The second factor. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
+ *
  */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B );
 
 /**
- * \brief          Baseline multiplication: X = A * b
+ * \brief          Perform a multiplication of an MPI with an unsigned integer:
+ *                 X = A * b
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param b        The unsigned integer value to multiply with
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The first factor. This must point to an initialized MPI.
+ * \param b        The second factor.
  *
- * \note           b is unsigned
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
  */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         mbedtls_mpi_uint b );
 
 /**
- * \brief          Division by mbedtls_mpi: A = Q * B + R
+ * \brief          Perform a division with remainder of two MPIs:
+ *                 A = Q * B + R
  *
- * \param Q        Destination MPI for the quotient
- * \param R        Destination MPI for the rest value
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param Q        The destination MPI for the quotient.
+ *                 This may be \c NULL if the value of the
+ *                 quotient is not needed.
+ * \param R        The destination MPI for the remainder value.
+ *                 This may be \c NULL if the value of the
+ *                 remainder is not needed.
+ * \param A        The dividend. This must point to an initialized MPi.
+ * \param B        The divisor. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
- *
- * \note           Either Q or R can be NULL.
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B );
 
 /**
- * \brief          Division by int: A = Q * b + R
+ * \brief          Perform a division with remainder of an MPI by an integer:
+ *                 A = Q * b + R
  *
- * \param Q        Destination MPI for the quotient
- * \param R        Destination MPI for the rest value
- * \param A        Left-hand MPI
- * \param b        Integer to divide by
+ * \param Q        The destination MPI for the quotient.
+ *                 This may be \c NULL if the value of the
+ *                 quotient is not needed.
+ * \param R        The destination MPI for the remainder value.
+ *                 This may be \c NULL if the value of the
+ *                 remainder is not needed.
+ * \param A        The dividend. This must point to an initialized MPi.
+ * \param b        The divisor.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
- *
- * \note           Either Q or R can be NULL.
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+                         mbedtls_mpi_sint b );
 
 /**
- * \brief          Modulo: R = A mod B
+ * \brief          Perform a modular reduction. R = A mod B
  *
- * \param R        Destination MPI for the rest value
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param R        The destination MPI for the residue value.
+ *                 This must point to an initialized MPI.
+ * \param A        The MPI to compute the residue of.
+ *                 This must point to an initialized MPI.
+ * \param B        The base of the modular reduction.
+ *                 This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
- *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+ * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
+ * \return         Another negative error code on different kinds of failure.
+ *
  */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B );
 
 /**
- * \brief          Modulo: r = A mod b
+ * \brief          Perform a modular reduction with respect to an integer.
+ *                 r = A mod b
  *
- * \param r        Destination mbedtls_mpi_uint
- * \param A        Left-hand MPI
- * \param b        Integer to divide by
+ * \param r        The address at which to store the residue.
+ *                 This must not be \c NULL.
+ * \param A        The MPI to compute the residue of.
+ *                 This must point to an initialized MPi.
+ * \param b        The integer base of the modular reduction.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
- *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+ * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
+                         mbedtls_mpi_sint b );
 
 /**
- * \brief          Sliding-window exponentiation: X = A^E mod N
+ * \brief          Perform a sliding-window exponentiation: X = A^E mod N
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param E        Exponent MPI
- * \param N        Modular MPI
- * \param _RR      Speed-up MPI used for recalculations
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The base of the exponentiation.
+ *                 This must point to an initialized MPI.
+ * \param E        The exponent MPI. This must point to an initialized MPI.
+ * \param N        The base for the modular reduction. This must point to an
+ *                 initialized MPI.
+ * \param _RR      A helper MPI depending solely on \p N which can be used to
+ *                 speed-up multiple modular exponentiations for the same value
+ *                 of \p N. This may be \c NULL. If it is not \c NULL, it must
+ *                 point to an initialized MPI. If it hasn't been used after
+ *                 the call to mbedtls_mpi_init(), this function will compute
+ *                 the helper value and store it in \p _RR for reuse on
+ *                 subsequent calls to this function. Otherwise, the function
+ *                 will assume that \p _RR holds the helper value set by a
+ *                 previous call to mbedtls_mpi_exp_mod(), and reuse it.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
- *                 if E is negative
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
+ *                 even, or if \c E is negative.
+ * \return         Another negative error code on different kinds of failures.
  *
- * \note           _RR is used to avoid re-computing R*R mod N across
- *                 multiple calls, which speeds up things a bit. It can
- *                 be set to NULL if the extra performance is unneeded.
  */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *E, const mbedtls_mpi *N,
+                         mbedtls_mpi *_RR );
 
 /**
- * \brief          Fill an MPI X with size bytes of random
+ * \brief          Fill an MPI with a number of random bytes.
  *
- * \param X        Destination MPI
- * \param size     Size in bytes
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param size     The number of random bytes to generate.
+ * \param f_rng    The RNG function to use. This must not be \c NULL.
+ * \param p_rng    The RNG parameter to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng doesn't need a context argument.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on failure.
  *
- * \note           The bytes obtained from the PRNG are interpreted
+ * \note           The bytes obtained from the RNG are interpreted
  *                 as a big-endian representation of an MPI; this can
  *                 be relevant in applications like deterministic ECDSA.
  */
@@ -700,30 +850,37 @@
                      void *p_rng );
 
 /**
- * \brief          Greatest common divisor: G = gcd(A, B)
+ * \brief          Compute the greatest common divisor: G = gcd(A, B)
  *
- * \param G        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
+ * \param G        The destination MPI. This must point to an initialized MPI.
+ * \param A        The first operand. This must point to an initialized MPI.
+ * \param B        The second operand. This must point to an initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
+                     const mbedtls_mpi *B );
 
 /**
- * \brief          Modular inverse: X = A^-1 mod N
+ * \brief          Compute the modular inverse: X = A^-1 mod N
  *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param N        Right-hand MPI
+ * \param X        The destination MPI. This must point to an initialized MPI.
+ * \param A        The MPI to calculate the modular inverse of. This must point
+ *                 to an initialized MPI.
+ * \param N        The base of the modular inversion. This must point to an
+ *                 initialized MPI.
  *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is <= 1,
-                   MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N.
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
+ *                 or equal to one.
+ * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
+ *                 with respect to \p N.
  */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *N );
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -732,19 +889,23 @@
 #define MBEDTLS_DEPRECATED
 #endif
 /**
- * \brief          Miller-Rabin primality test with error probability of
- *                 2<sup>-80</sup>
+ * \brief          Perform a Miller-Rabin primality test with error
+ *                 probability of 2<sup>-80</sup>.
  *
  * \deprecated     Superseded by mbedtls_mpi_is_prime_ext() which allows
  *                 specifying the number of Miller-Rabin rounds.
  *
- * \param X        MPI to check
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
+ * \param X        The MPI to check for primality.
+ *                 This must point to an initialized MPI.
+ * \param f_rng    The RNG function to use. This must not be \c NULL.
+ * \param p_rng    The RNG parameter to be passed to \p f_rng.
+ *                 This may be \c NULL if \p f_rng doesn't use a
+ *                 context parameter.
  *
- * \return         0 if successful (probably prime),
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ * \return         \c 0 if successful, i.e. \p X is probably prime.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+ * \return         Another negative error code on other kinds of failure.
  */
 MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
                           int (*f_rng)(void *, unsigned char *, size_t),
@@ -764,16 +925,20 @@
  *                 case when mbedtls_mpi_gen_prime calls this function), then
  *                 \p rounds can be much lower.
  *
- * \param X        MPI to check
- * \param rounds   Number of bases to perform Miller-Rabin primality test for.
- *                 The probability of returning 0 on a composite is at most
- *                 2<sup>-2*\p rounds</sup>.
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
+ * \param X        The MPI to check for primality.
+ *                 This must point to an initialized MPI.
+ * \param rounds   The number of bases to perform the Miller-Rabin primality
+ *                 test for. The probability of returning 0 on a composite is
+ *                 at most 2<sup>-2*\p rounds</sup>.
+ * \param f_rng    The RNG function to use. This must not be \c NULL.
+ * \param p_rng    The RNG parameter to be passed to \p f_rng.
+ *                 This may be \c NULL if \p f_rng doesn't use
+ *                 a context parameter.
  *
- * \return         0 if successful (probably prime),
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ * \return         \c 0 if successful, i.e. \p X is probably prime.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+ * \return         Another negative error code on other kinds of failure.
  */
 int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
                               int (*f_rng)(void *, unsigned char *, size_t),
@@ -790,23 +955,30 @@
 } mbedtls_mpi_gen_prime_flag_t;
 
 /**
- * \brief          Prime number generation
+ * \brief          Generate a prime number.
  *
- * \param X        Destination MPI
- * \param nbits    Required size of X in bits
- *                 ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
- * \param flags    Mask of flags of type #mbedtls_mpi_gen_prime_flag_t
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
+ * \param X        The destination MPI to store the generated prime in.
+ *                 This must point to an initialized MPi.
+ * \param nbits    The required size of the destination MPI in bits.
+ *                 This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
+ * \param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
+ * \param f_rng    The RNG function to use. This must not be \c NULL.
+ * \param p_rng    The RNG parameter to be passed to \p f_rng.
+ *                 This may be \c NULL if \p f_rng doesn't use
+ *                 a context parameter.
  *
- * \return         0 if successful (probably prime),
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ * \return         \c 0 if successful, in which case \p X holds a
+ *                 probably prime number.
+ * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
+ *                 \c 3 and #MBEDTLS_MPI_MAX_BITS.
  */
 int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
                    int (*f_rng)(void *, unsigned char *, size_t),
                    void *p_rng );
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -814,6 +986,8 @@
  */
 int mbedtls_mpi_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index 82b772a..f01573d 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -33,6 +33,8 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include "platform_util.h"
+
 #define MBEDTLS_BLOWFISH_ENCRYPT     1
 #define MBEDTLS_BLOWFISH_DECRYPT     0
 #define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
@@ -40,14 +42,17 @@
 #define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
 #define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
 
-#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
+
+#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
 
 /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
  */
 #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED                   -0x0017  /**< Blowfish hardware accelerator failed. */
 
-#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -71,40 +76,53 @@
 #endif /* MBEDTLS_BLOWFISH_ALT */
 
 /**
- * \brief          Initialize Blowfish context
+ * \brief          Initialize a Blowfish context.
  *
- * \param ctx      Blowfish context to be initialized
+ * \param ctx      The Blowfish context to be initialized.
+ *                 This must not be \c NULL.
  */
 void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
 
 /**
- * \brief          Clear Blowfish context
+ * \brief          Clear a Blowfish context.
  *
- * \param ctx      Blowfish context to be cleared
+ * \param ctx      The Blowfish context to be cleared.
+ *                 This may be \c NULL, in which case this function
+ *                 returns immediately. If it is not \c NULL, it must
+ *                 point to an initialized Blowfish context.
  */
 void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
 
 /**
- * \brief          Blowfish key schedule
+ * \brief          Perform a Blowfish key schedule operation.
  *
- * \param ctx      Blowfish context to be initialized
- * \param key      encryption key
- * \param keybits  must be between 32 and 448 bits
+ * \param ctx      The Blowfish context to perform the key schedule on.
+ * \param key      The encryption key. This must be a readable buffer of
+ *                 length \p keybits Bits.
+ * \param keybits  The length of \p key in Bits. This must be between
+ *                 \c 32 and \c 448 and a multiple of \c 8.
  *
- * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
                      unsigned int keybits );
 
 /**
- * \brief          Blowfish-ECB block encryption/decryption
+ * \brief          Perform a Blowfish-ECB block encryption/decryption operation.
  *
- * \param ctx      Blowfish context
- * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param input    8-byte input block
- * \param output   8-byte output block
+ * \param ctx      The Blowfish context to use. This must be initialized
+ *                 and bound to a key.
+ * \param mode     The mode of operation. Possible values are
+ *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
+ *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
+ * \param input    The input block. This must be a readable buffer
+ *                 of size \c 8 Bytes.
+ * \param output   The output block. This must be a writable buffer
+ *                 of size \c 8 Bytes.
  *
- * \return         0 if successful
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
                         int mode,
@@ -113,9 +131,7 @@
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
- * \brief          Blowfish-CBC buffer encryption/decryption
- *                 Length should be a multiple of the block
- *                 size (8 bytes)
+ * \brief          Perform a Blowfish-CBC buffer encryption/decryption operation.
  *
  * \note           Upon exit, the content of the IV is updated so that you can
  *                 call the function same function again on the following
@@ -125,15 +141,22 @@
  *                 IV, you should either save it manually or use the cipher
  *                 module instead.
  *
- * \param ctx      Blowfish context
- * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
+ * \param ctx      The Blowfish context to use. This must be initialized
+ *                 and bound to a key.
+ * \param mode     The mode of operation. Possible values are
+ *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
+ *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
+ * \param length   The length of the input data in Bytes. This must be
+ *                 multiple of \c 8.
+ * \param iv       The initialization vector. This must be a read/write buffer
+ *                 of length \c 8 Bytes. It is updated by this function.
+ * \param input    The input data. This must be a readable buffer of length
+ *                 \p length Bytes.
+ * \param output   The output data. This must be a writable buffer of length
+ *                 \p length Bytes.
  *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
                         int mode,
@@ -145,7 +168,7 @@
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
 /**
- * \brief          Blowfish CFB buffer encryption/decryption.
+ * \brief          Perform a Blowfish CFB buffer encryption/decryption operation.
  *
  * \note           Upon exit, the content of the IV is updated so that you can
  *                 call the function same function again on the following
@@ -155,15 +178,25 @@
  *                 IV, you should either save it manually or use the cipher
  *                 module instead.
  *
- * \param ctx      Blowfish context
- * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param length   length of the input data
- * \param iv_off   offset in IV (updated after use)
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
+ * \param ctx      The Blowfish context to use. This must be initialized
+ *                 and bound to a key.
+ * \param mode     The mode of operation. Possible values are
+ *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
+ *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
+ * \param length   The length of the input data in Bytes.
+ * \param iv_off   The offset in the initialiation vector.
+ *                 The value pointed to must be smaller than \c 8 Bytes.
+ *                 It is updated by this function to support the aforementioned
+ *                 streaming usage.
+ * \param iv       The initialization vector. This must be a read/write buffer
+ *                 of size \c 8 Bytes. It is updated after use.
+ * \param input    The input data. This must be a readable buffer of length
+ *                 \p length Bytes.
+ * \param output   The output data. This must be a writable buffer of length
+ *                 \p length Bytes.
  *
- * \return         0 if successful
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
                           int mode,
@@ -176,7 +209,7 @@
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
 /**
- * \brief               Blowfish-CTR buffer encryption/decryption
+ * \brief      Perform a Blowfish-CTR buffer encryption/decryption operation.
  *
  * \warning    You must never reuse a nonce value with the same key. Doing so
  *             would void the encryption for the two messages encrypted with
@@ -219,18 +252,24 @@
  *             content must not be written to insecure storage and should be
  *             securely discarded as soon as it's no longer needed.
  *
- * \param ctx           Blowfish context
- * \param length        The length of the data
+ * \param ctx           The Blowfish context to use. This must be initialized
+ *                      and bound to a key.
+ * \param length        The length of the input data in Bytes.
  * \param nc_off        The offset in the current stream_block (for resuming
- *                      within current cipher stream). The offset pointer to
- *                      should be 0 at the start of a stream.
- * \param nonce_counter The 64-bit nonce and counter.
- * \param stream_block  The saved stream-block for resuming. Is overwritten
- *                      by the function.
- * \param input         The input data stream
- * \param output        The output data stream
+ *                      within current cipher stream). The offset pointer
+ *                      should be \c 0 at the start of a stream and must be
+ *                      smaller than \c 8. It is updated by this function.
+ * \param nonce_counter The 64-bit nonce and counter. This must point to a
+ *                      read/write buffer of length \c 8 Bytes.
+ * \param stream_block  The saved stream-block for resuming. This must point to
+ *                      a read/write buffer of length \c 8 Bytes.
+ * \param input         The input data. This must be a readable buffer of
+ *                      length \p length Bytes.
+ * \param output        The output data. This must be a writable buffer of
+ *                      length \p length Bytes.
  *
- * \return         0 if successful
+ * \return              \c 0 if successful.
+ * \return              A negative error code on failure.
  */
 int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
                         size_t length,
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 0af694c..c33bd8d 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -38,6 +38,12 @@
 #ifndef MBEDTLS_BN_MUL_H
 #define MBEDTLS_BN_MUL_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "bignum.h"
 
 #if defined(MBEDTLS_HAVE_ASM)
@@ -170,19 +176,19 @@
 
 #define MULADDC_INIT                        \
     asm(                                    \
-        "xorq   %%r8, %%r8          \n\t"
+        "xorq   %%r8, %%r8\n"
 
 #define MULADDC_CORE                        \
-        "movq   (%%rsi), %%rax      \n\t"   \
-        "mulq   %%rbx               \n\t"   \
-        "addq   $8,      %%rsi      \n\t"   \
-        "addq   %%rcx,   %%rax      \n\t"   \
-        "movq   %%r8,    %%rcx      \n\t"   \
-        "adcq   $0,      %%rdx      \n\t"   \
-        "nop                        \n\t"   \
-        "addq   %%rax,   (%%rdi)    \n\t"   \
-        "adcq   %%rdx,   %%rcx      \n\t"   \
-        "addq   $8,      %%rdi      \n\t"
+        "movq   (%%rsi), %%rax\n"           \
+        "mulq   %%rbx\n"                    \
+        "addq   $8, %%rsi\n"                \
+        "addq   %%rcx, %%rax\n"             \
+        "movq   %%r8, %%rcx\n"              \
+        "adcq   $0, %%rdx\n"                \
+        "nop    \n"                         \
+        "addq   %%rax, (%%rdi)\n"           \
+        "adcq   %%rdx, %%rcx\n"             \
+        "addq   $8, %%rdi\n"
 
 #define MULADDC_STOP                        \
         : "+c" (c), "+D" (d), "+S" (s)      \
@@ -750,7 +756,7 @@
         "sw     $10, %2         \n\t"   \
         : "=m" (c), "=m" (d), "=m" (s)                      \
         : "m" (s), "m" (d), "m" (c), "m" (b)                \
-        : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
+        : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \
     );
 
 #endif /* MIPS */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 1555867..3eeb663 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -33,11 +33,17 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include "platform_util.h"
+
 #define MBEDTLS_CAMELLIA_ENCRYPT     1
 #define MBEDTLS_CAMELLIA_DECRYPT     0
 
-#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
-#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */
+
+#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
 
 /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
  */
@@ -66,52 +72,68 @@
 #endif /* MBEDTLS_CAMELLIA_ALT */
 
 /**
- * \brief          Initialize CAMELLIA context
+ * \brief          Initialize a CAMELLIA context.
  *
- * \param ctx      CAMELLIA context to be initialized
+ * \param ctx      The CAMELLIA context to be initialized.
+ *                 This must not be \c NULL.
  */
 void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
 
 /**
- * \brief          Clear CAMELLIA context
+ * \brief          Clear a CAMELLIA context.
  *
- * \param ctx      CAMELLIA context to be cleared
+ * \param ctx      The CAMELLIA context to be cleared. This may be \c NULL,
+ *                 in which case this function returns immediately. If it is not
+ *                 \c NULL, it must be initialized.
  */
 void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
 
 /**
- * \brief          CAMELLIA key schedule (encryption)
+ * \brief          Perform a CAMELLIA key schedule operation for encryption.
  *
- * \param ctx      CAMELLIA context to be initialized
- * \param key      encryption key
- * \param keybits  must be 128, 192 or 256
+ * \param ctx      The CAMELLIA context to use. This must be initialized.
+ * \param key      The encryption key to use. This must be a readable buffer
+ *                 of size \p keybits Bits.
+ * \param keybits  The length of \p key in Bits. This must be either \c 128,
+ *                 \c 192 or \c 256.
  *
- * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits );
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
+                                 const unsigned char *key,
+                                 unsigned int keybits );
 
 /**
- * \brief          CAMELLIA key schedule (decryption)
+ * \brief          Perform a CAMELLIA key schedule operation for decryption.
  *
- * \param ctx      CAMELLIA context to be initialized
- * \param key      decryption key
- * \param keybits  must be 128, 192 or 256
+ * \param ctx      The CAMELLIA context to use. This must be initialized.
+ * \param key      The decryption key. This must be a readable buffer
+ *                 of size \p keybits Bits.
+ * \param keybits  The length of \p key in Bits. This must be either \c 128,
+ *                 \c 192 or \c 256.
  *
- * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits );
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
+                                 const unsigned char *key,
+                                 unsigned int keybits );
 
 /**
- * \brief          CAMELLIA-ECB block encryption/decryption
+ * \brief          Perform a CAMELLIA-ECB block encryption/decryption operation.
  *
- * \param ctx      CAMELLIA context
- * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
+ * \param ctx      The CAMELLIA context to use. This must be initialized
+ *                 and bound to a key.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
+ * \param input    The input block. This must be a readable buffer
+ *                 of size \c 16 Bytes.
+ * \param output   The output block. This must be a writable buffer
+ *                 of size \c 16 Bytes.
  *
- * \return         0 if successful
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
                     int mode,
@@ -120,9 +142,7 @@
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
- * \brief          CAMELLIA-CBC buffer encryption/decryption
- *                 Length should be a multiple of the block
- *                 size (16 bytes)
+ * \brief          Perform a CAMELLIA-CBC buffer encryption/decryption operation.
  *
  * \note           Upon exit, the content of the IV is updated so that you can
  *                 call the function same function again on the following
@@ -132,15 +152,22 @@
  *                 IV, you should either save it manually or use the cipher
  *                 module instead.
  *
- * \param ctx      CAMELLIA context
- * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
+ * \param ctx      The CAMELLIA context to use. This must be initialized
+ *                 and bound to a key.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
+ * \param length   The length in Bytes of the input data \p input.
+ *                 This must be a multiple of \c 16 Bytes.
+ * \param iv       The initialization vector. This must be a read/write buffer
+ *                 of length \c 16 Bytes. It is updated to allow streaming
+ *                 use as explained above.
+ * \param input    The buffer holding the input data. This must point to a
+ *                 readable buffer of length \p length Bytes.
+ * \param output   The buffer holding the output data. This must point to a
+ *                 writable buffer of length \p length Bytes.
  *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
                     int mode,
@@ -152,11 +179,14 @@
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
 /**
- * \brief          CAMELLIA-CFB128 buffer encryption/decryption
+ * \brief          Perform a CAMELLIA-CFB128 buffer encryption/decryption
+ *                 operation.
  *
- * Note: Due to the nature of CFB you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ * \note           Due to the nature of CFB mode, you should use the same
+ *                 key for both encryption and decryption. In particular, calls
+ *                 to this function should be preceded by a key-schedule via
+ *                 mbedtls_camellia_setkey_enc() regardless of whether \p mode
+ *                 is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
  *
  * \note           Upon exit, the content of the IV is updated so that you can
  *                 call the function same function again on the following
@@ -166,16 +196,24 @@
  *                 IV, you should either save it manually or use the cipher
  *                 module instead.
  *
- * \param ctx      CAMELLIA context
- * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param length   length of the input data
- * \param iv_off   offset in IV (updated after use)
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
+ * \param ctx      The CAMELLIA context to use. This must be initialized
+ *                 and bound to a key.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
+ * \param length   The length of the input data \p input. Any value is allowed.
+ * \param iv_off   The current offset in the IV. This must be smaller
+ *                 than \c 16 Bytes. It is updated after this call to allow
+ *                 the aforementioned streaming usage.
+ * \param iv       The initialization vector. This must be a read/write buffer
+ *                 of length \c 16 Bytes. It is updated after this call to
+ *                 allow the aforementioned streaming usage.
+ * \param input    The buffer holding the input data. This must be a readable
+ *                 buffer of size \p length Bytes.
+ * \param output   The buffer to hold the output data. This must be a writable
+ *                 buffer of length \p length Bytes.
  *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
 int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
                        int mode,
@@ -188,11 +226,13 @@
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
 /**
- * \brief               CAMELLIA-CTR buffer encryption/decryption
+ * \brief      Perform a CAMELLIA-CTR buffer encryption/decryption operation.
  *
- * Note: Due to the nature of CTR you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
+ * *note       Due to the nature of CTR mode, you should use the same
+ *             key for both encryption and decryption. In particular, calls
+ *             to this function should be preceded by a key-schedule via
+ *             mbedtls_camellia_setkey_enc() regardless of whether \p mode
+ *             is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
  *
  * \warning    You must never reuse a nonce value with the same key. Doing so
  *             would void the encryption for the two messages encrypted with
@@ -215,41 +255,49 @@
  *             per-message nonce, handled by yourself, and the second one
  *             updated by this function internally.
  *
- *             For example, you might reserve the first 12 bytes for the
- *             per-message nonce, and the last 4 bytes for internal use. In that
- *             case, before calling this function on a new message you need to
- *             set the first 12 bytes of \p nonce_counter to your chosen nonce
- *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- *             stream_block to be ignored). That way, you can encrypt at most
- *             2**96 messages of up to 2**32 blocks each with the same key.
+ *             For example, you might reserve the first \c 12 Bytes for the
+ *             per-message nonce, and the last \c 4 Bytes for internal use.
+ *             In that case, before calling this function on a new message you
+ *             need to set the first \c 12 Bytes of \p nonce_counter to your
+ *             chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
+ *             (which will cause \p stream_block to be ignored). That way, you
+ *             can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
+ *             each  with the same key.
  *
  *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be unique.
- *             The recommended way to ensure uniqueness is to use a message
- *             counter. An alternative is to generate random nonces, but this
- *             limits the number of messages that can be securely encrypted:
- *             for example, with 96-bit random nonces, you should not encrypt
- *             more than 2**32 messages with the same key.
+ *             it) needs to be communicated with the ciphertext and must be
+ *             unique. The recommended way to ensure uniqueness is to use a
+ *             message counter. An alternative is to generate random nonces,
+ *             but this limits the number of messages that can be securely
+ *             encrypted: for example, with 96-bit random nonces, you should
+ *             not encrypt more than 2**32 messages with the same key.
  *
  *             Note that for both stategies, sizes are measured in blocks and
- *             that a CAMELLIA block is 16 bytes.
+ *             that a CAMELLIA block is \c 16 Bytes.
  *
  * \warning    Upon return, \p stream_block contains sensitive data. Its
  *             content must not be written to insecure storage and should be
  *             securely discarded as soon as it's no longer needed.
  *
- * \param ctx           CAMELLIA context
- * \param length        The length of the data
- * \param nc_off        The offset in the current stream_block (for resuming
+ * \param ctx           The CAMELLIA context to use. This must be initialized
+ *                      and bound to a key.
+ * \param length        The length of the input data \p input in Bytes.
+ *                      Any value is allowed.
+ * \param nc_off        The offset in the current \p stream_block (for resuming
  *                      within current cipher stream). The offset pointer to
- *                      should be 0 at the start of a stream.
- * \param nonce_counter The 128-bit nonce and counter.
- * \param stream_block  The saved stream-block for resuming. Is overwritten
- *                      by the function.
- * \param input         The input data stream
- * \param output        The output data stream
+ *                      should be \c 0 at the start of a stream. It is updated
+ *                      at the end of this call.
+ * \param nonce_counter The 128-bit nonce and counter. This must be a read/write
+ *                      buffer of length \c 16 Bytes.
+ * \param stream_block  The saved stream-block for resuming. This must be a
+ *                      read/write buffer of length \c 16 Bytes.
+ * \param input         The input data stream. This must be a readable buffer of
+ *                      size \p length Bytes.
+ * \param output        The output data stream. This must be a writable buffer
+ *                      of size \p length Bytes.
  *
- * \return         0 if successful
+ * \return              \c 0 if successful.
+ * \return              A negative error code on failure.
  */
 int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
                        size_t length,
@@ -260,6 +308,8 @@
                        unsigned char *output );
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -267,6 +317,8 @@
  */
 int mbedtls_camellia_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index dfb1b5e..f03e3b5 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -49,6 +49,12 @@
 #ifndef MBEDTLS_CCM_H
 #define MBEDTLS_CCM_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "cipher.h"
 
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D /**< Bad input parameters to the function. */
@@ -57,7 +63,6 @@
 /* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
 
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -85,7 +90,7 @@
  *                  to make references valid, and prepare the context
  *                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
  *
- * \param ctx       The CCM context to initialize.
+ * \param ctx       The CCM context to initialize. This must not be \c NULL.
  */
 void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
 
@@ -93,9 +98,10 @@
  * \brief           This function initializes the CCM context set in the
  *                  \p ctx parameter and sets the encryption key.
  *
- * \param ctx       The CCM context to initialize.
+ * \param ctx       The CCM context to initialize. This must be an initialized
+ *                  context.
  * \param cipher    The 128-bit block cipher to use.
- * \param key       The encryption key.
+ * \param key       The encryption key. This must not be \c NULL.
  * \param keybits   The key size in bits. This must be acceptable by the cipher.
  *
  * \return          \c 0 on success.
@@ -110,7 +116,8 @@
  * \brief   This function releases and clears the specified CCM context
  *          and underlying cipher sub-context.
  *
- * \param ctx       The CCM context to clear.
+ * \param ctx       The CCM context to clear. If this is \c NULL, the function
+ *                  has no effect. Otherwise, this must be initialized.
  */
 void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
 
@@ -123,19 +130,27 @@
  *                  \p tag = \p output + \p length, and make sure that the
  *                  output buffer is at least \p length + \p tag_len wide.
  *
- * \param ctx       The CCM context to use for encryption.
+ * \param ctx       The CCM context to use for encryption. This must be
+ *                  initialized and bound to a key.
  * \param length    The length of the input data in Bytes.
- * \param iv        Initialization vector (nonce).
+ * \param iv        The initialization vector (nonce). This must be a readable
+ *                  buffer of at least \p iv_len Bytes.
  * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
  *                  or 13. The length L of the message length field is
  *                  15 - \p iv_len.
- * \param add       The additional data field.
+ * \param add       The additional data field. If \p add_len is greater than
+ *                  zero, \p add must be a readable buffer of at least that
+ *                  length.
  * \param add_len   The length of additional data in Bytes.
- *                  Must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data.
- * \param output    The buffer holding the output data.
- *                  Must be at least \p length Bytes wide.
- * \param tag       The buffer holding the authentication field.
+ *                  This must be less than `2^16 - 2^8`.
+ * \param input     The buffer holding the input data. If \p length is greater
+ *                  than zero, \p input must be a readable buffer of at least
+ *                  that length.
+ * \param output    The buffer holding the output data. If \p length is greater
+ *                  than zero, \p output must be a writable buffer of at least
+ *                  that length.
+ * \param tag       The buffer holding the authentication field. This must be a
+ *                  readable buffer of at least \p tag_len Bytes.
  * \param tag_len   The length of the authentication field to generate in Bytes:
  *                  4, 6, 8, 10, 12, 14 or 16.
  *
@@ -161,23 +176,30 @@
  *                  the tag length has to be encoded into the \p iv passed to
  *                  this function.
  *
- * \param ctx       The CCM context to use for encryption.
+ * \param ctx       The CCM context to use for encryption. This must be
+ *                  initialized and bound to a key.
  * \param length    The length of the input data in Bytes.
- * \param iv        Initialization vector (nonce).
+ * \param iv        The initialization vector (nonce). This must be a readable
+ *                  buffer of at least \p iv_len Bytes.
  * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
  *                  or 13. The length L of the message length field is
  *                  15 - \p iv_len.
- * \param add       The additional data field.
+ * \param add       The additional data field. This must be a readable buffer of
+ *                  at least \p add_len Bytes.
  * \param add_len   The length of additional data in Bytes.
- *                  Must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data.
- * \param output    The buffer holding the output data.
- *                  Must be at least \p length Bytes wide.
- * \param tag       The buffer holding the authentication field.
+ *                  This must be less than 2^16 - 2^8.
+ * \param input     The buffer holding the input data. If \p length is greater
+ *                  than zero, \p input must be a readable buffer of at least
+ *                  that length.
+ * \param output    The buffer holding the output data. If \p length is greater
+ *                  than zero, \p output must be a writable buffer of at least
+ *                  that length.
+ * \param tag       The buffer holding the authentication field. This must be a
+ *                  readable buffer of at least \p tag_len Bytes.
  * \param tag_len   The length of the authentication field to generate in Bytes:
  *                  0, 4, 6, 8, 10, 12, 14 or 16.
  *
- * \warning         Passing 0 as \p tag_len means that the message is no
+ * \warning         Passing \c 0 as \p tag_len means that the message is no
  *                  longer authenticated.
  *
  * \return          \c 0 on success.
@@ -193,20 +215,27 @@
  * \brief           This function performs a CCM authenticated decryption of a
  *                  buffer.
  *
- * \param ctx       The CCM context to use for decryption.
+ * \param ctx       The CCM context to use for decryption. This must be
+ *                  initialized and bound to a key.
  * \param length    The length of the input data in Bytes.
- * \param iv        Initialization vector (nonce).
+ * \param iv        The initialization vector (nonce). This must be a readable
+ *                  buffer of at least \p iv_len Bytes.
  * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
  *                  or 13. The length L of the message length field is
  *                  15 - \p iv_len.
- * \param add       The additional data field.
+ * \param add       The additional data field. This must be a readable buffer
+ *                  of at least that \p add_len Bytes..
  * \param add_len   The length of additional data in Bytes.
- *                  Must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data.
- * \param output    The buffer holding the output data.
- *                  Must be at least \p length Bytes wide.
- * \param tag       The buffer holding the authentication field.
- * \param tag_len   The length of the authentication field in Bytes.
+ *                  This must be less than 2^16 - 2^8.
+ * \param input     The buffer holding the input data. If \p length is greater
+ *                  than zero, \p input must be a readable buffer of at least
+ *                  that length.
+ * \param output    The buffer holding the output data. If \p length is greater
+ *                  than zero, \p output must be a writable buffer of at least
+ *                  that length.
+ * \param tag       The buffer holding the authentication field. This must be a
+ *                  readable buffer of at least \p tag_len Bytes.
+ * \param tag_len   The length of the authentication field to generate in Bytes:
  *                  4, 6, 8, 10, 12, 14 or 16.
  *
  * \return          \c 0 on success. This indicates that the message is authentic.
@@ -228,23 +257,30 @@
  *                  this function as \p tag_len. (\p tag needs to be adjusted
  *                  accordingly.)
  *
- * \param ctx       The CCM context to use for decryption.
+ * \param ctx       The CCM context to use for decryption. This must be
+ *                  initialized and bound to a key.
  * \param length    The length of the input data in Bytes.
- * \param iv        Initialization vector (nonce).
+ * \param iv        The initialization vector (nonce). This must be a readable
+ *                  buffer of at least \p iv_len Bytes.
  * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
  *                  or 13. The length L of the message length field is
  *                  15 - \p iv_len.
- * \param add       The additional data field.
+ * \param add       The additional data field. This must be a readable buffer of
+ *                  at least that \p add_len Bytes.
  * \param add_len   The length of additional data in Bytes.
- *                  Must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data.
- * \param output    The buffer holding the output data.
- *                  Must be at least \p length Bytes wide.
- * \param tag       The buffer holding the authentication field.
+ *                  This must be less than 2^16 - 2^8.
+ * \param input     The buffer holding the input data. If \p length is greater
+ *                  than zero, \p input must be a readable buffer of at least
+ *                  that length.
+ * \param output    The buffer holding the output data. If \p length is greater
+ *                  than zero, \p output must be a writable buffer of at least
+ *                  that length.
+ * \param tag       The buffer holding the authentication field. This must be a
+ *                  readable buffer of at least \p tag_len Bytes.
  * \param tag_len   The length of the authentication field in Bytes.
  *                  0, 4, 6, 8, 10, 12, 14 or 16.
  *
- * \warning         Passing 0 as \p tag_len means that the message is no
+ * \warning         Passing \c 0 as \p tag_len means that the message is nos
  *                  longer authenticated.
  *
  * \return          \c 0 on success.
diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
index 8dab7b5..b7c5708 100644
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_CERTS_H
 #define MBEDTLS_CERTS_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include <stddef.h>
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 529f22d..2ae5e6e 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -83,13 +83,18 @@
  *                  \c mbedtls_chacha20_free().
  *
  * \param ctx       The ChaCha20 context to initialize.
+ *                  This must not be \c NULL.
  */
 void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
 
 /**
- * \brief           This function releases and clears the specified ChaCha20 context.
+ * \brief           This function releases and clears the specified
+ *                  ChaCha20 context.
  *
- * \param ctx       The ChaCha20 context to clear.
+ * \param ctx       The ChaCha20 context to clear. This may be \c NULL,
+ *                  in which case this function is a no-op. If it is not
+ *                  \c NULL, it must point to an initialized context.
+ *
  */
 void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
 
@@ -102,7 +107,9 @@
  *                  \c mbedtls_chacha_update().
  *
  * \param ctx       The ChaCha20 context to which the key should be bound.
- * \param key       The encryption/decryption key. Must be 32 bytes in length.
+ *                  It must be initialized.
+ * \param key       The encryption/decryption key. This must be \c 32 Bytes
+ *                  in length.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
@@ -121,8 +128,9 @@
  *                  messages encrypted with the same nonce and key.
  *
  * \param ctx       The ChaCha20 context to which the nonce should be bound.
- * \param nonce     The nonce. Must be 12 bytes in size.
- * \param counter   The initial counter value. This is usually 0.
+ *                  It must be initialized and bound to a key.
+ * \param nonce     The nonce. This must be \c 12 Bytes in size.
+ * \param counter   The initial counter value. This is usually \c 0.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
@@ -150,16 +158,16 @@
  *                  key and nonce.
  *
  * \param ctx       The ChaCha20 context to use for encryption or decryption.
- * \param size      The length of the input data in bytes.
+ *                  It must be initialized and bound to a key and nonce.
+ * \param size      The length of the input data in Bytes.
  * \param input     The buffer holding the input data.
- *                  This pointer can be NULL if size == 0.
+ *                  This pointer can be \c NULL if `size == 0`.
  * \param output    The buffer holding the output data.
- *                  Must be able to hold \p size bytes.
- *                  This pointer can be NULL if size == 0.
+ *                  This must be able to hold \p size Bytes.
+ *                  This pointer can be \c NULL if `size == 0`.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
- *                  output pointers are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
                              size_t size,
@@ -180,19 +188,19 @@
  * \note            The \p input and \p output pointers must either be equal or
  *                  point to non-overlapping buffers.
  *
- * \param key       The encryption/decryption key. Must be 32 bytes in length.
- * \param nonce     The nonce. Must be 12 bytes in size.
- * \param counter   The initial counter value. This is usually 0.
- * \param size      The length of the input data in bytes.
+ * \param key       The encryption/decryption key.
+ *                  This must be \c 32 Bytes in length.
+ * \param nonce     The nonce. This must be \c 12 Bytes in size.
+ * \param counter   The initial counter value. This is usually \c 0.
+ * \param size      The length of the input data in Bytes.
  * \param input     The buffer holding the input data.
- *                  This pointer can be NULL if size == 0.
+ *                  This pointer can be \c NULL if `size == 0`.
  * \param output    The buffer holding the output data.
- *                  Must be able to hold \p size bytes.
- *                  This pointer can be NULL if size == 0.
+ *                  This must be able to hold \p size Bytes.
+ *                  This pointer can be \c NULL if `size == 0`.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
- *                  or output is NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_chacha20_crypt( const unsigned char key[32],
                             const unsigned char nonce[12],
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 7de6f4e..49e615d 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -115,27 +115,29 @@
  *                  all previous outputs of \c mbedtls_chachapoly_update(),
  *                  otherwise you can now safely use the plaintext.
  *
- * \param ctx       The ChachaPoly context to initialize.
+ * \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
  */
 void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
 
 /**
- * \brief           This function releases and clears the specified ChaCha20-Poly1305 context.
+ * \brief           This function releases and clears the specified
+ *                  ChaCha20-Poly1305 context.
  *
- * \param ctx       The ChachaPoly context to clear.
+ * \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
+ *                  case this function is a no-op.
  */
 void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
 
 /**
- * \brief           This function sets the ChaCha20-Poly1305 symmetric encryption key.
+ * \brief           This function sets the ChaCha20-Poly1305
+ *                  symmetric encryption key.
  *
  * \param ctx       The ChaCha20-Poly1305 context to which the key should be
- *                  bound.
- * \param key       The 256-bit (32 bytes) key.
+ *                  bound. This must be initialized.
+ * \param key       The \c 256 Bit (\c 32 Bytes) key.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if \p ctx or \p key are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
                                const unsigned char key[32] );
@@ -155,14 +157,15 @@
  * \warning         Decryption with the piecewise API is discouraged, see the
  *                  warning on \c mbedtls_chachapoly_init().
  *
- * \param ctx       The ChaCha20-Poly1305 context.
- * \param nonce     The nonce/IV to use for the message. Must be 12 bytes.
+ * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+ *                  and bound to a key.
+ * \param nonce     The nonce/IV to use for the message.
+ *                  This must be a redable buffer of length \c 12 Bytes.
  * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
  *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if \p ctx or \p mac are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
                                const unsigned char nonce[12],
@@ -193,11 +196,12 @@
  * \warning         Decryption with the piecewise API is discouraged, see the
  *                  warning on \c mbedtls_chachapoly_init().
  *
- * \param ctx       The ChaCha20-Poly1305 context to use.
- * \param aad_len   The length (in bytes) of the AAD. The length has no
+ * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+ *                  and bound to a key.
+ * \param aad_len   The length in Bytes of the AAD. The length has no
  *                  restrictions.
  * \param aad       Buffer containing the AAD.
- *                  This pointer can be NULL if aad_len == 0.
+ *                  This pointer can be \c NULL if `aad_len == 0`.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
@@ -227,20 +231,19 @@
  * \warning         Decryption with the piecewise API is discouraged, see the
  *                  warning on \c mbedtls_chachapoly_init().
  *
- * \param ctx       The ChaCha20-Poly1305 context to use.
+ * \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
  * \param len       The length (in bytes) of the data to encrypt or decrypt.
  * \param input     The buffer containing the data to encrypt or decrypt.
- *                  This pointer can be NULL if len == 0.
- * \param output    The buffer to where the encrypted or decrypted data is written.
- *                  Must be able to hold \p len bytes.
- *                  This pointer can be NULL if len == 0.
+ *                  This pointer can be \c NULL if `len == 0`.
+ * \param output    The buffer to where the encrypted or decrypted data is
+ *                  written. This must be able to hold \p len bytes.
+ *                  This pointer can be \c NULL if `len == 0`.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if \p ctx, \p input, or \p output are NULL.
  * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
  *                  if the operation has not been started or has been
  *                  finished.
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
                                size_t len,
@@ -251,18 +254,17 @@
  * \brief           This function finished the ChaCha20-Poly1305 operation and
  *                  generates the MAC (authentication tag).
  *
- * \param ctx       The ChaCha20-Poly1305 context to use.
+ * \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
  * \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
  *
  * \warning         Decryption with the piecewise API is discouraged, see the
  *                  warning on \c mbedtls_chachapoly_init().
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if \p ctx or \p mac are NULL.
  * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
  *                  if the operation has not been started or has been
  *                  finished.
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
                                unsigned char mac[16] );
@@ -280,20 +282,21 @@
  *                  and key.
  *
  * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+ *                  This must be initialized.
  * \param length    The length (in bytes) of the data to encrypt or decrypt.
  * \param nonce     The 96-bit (12 bytes) nonce/IV to use.
- * \param aad       The buffer containing the additional authenticated data (AAD).
- *                  This pointer can be NULL if aad_len == 0.
+ * \param aad       The buffer containing the additional authenticated
+ *                  data (AAD). This pointer can be \c NULL if `aad_len == 0`.
  * \param aad_len   The length (in bytes) of the AAD data to process.
  * \param input     The buffer containing the data to encrypt or decrypt.
- *                  This pointer can be NULL if ilen == 0.
- * \param output    The buffer to where the encrypted or decrypted data is written.
- *                  This pointer can be NULL if ilen == 0.
- * \param tag       The buffer to where the computed 128-bit (16 bytes) MAC is written.
+ *                  This pointer can be \c NULL if `ilen == 0`.
+ * \param output    The buffer to where the encrypted or decrypted data
+ *                  is written. This pointer can be \c NULL if `ilen == 0`.
+ * \param tag       The buffer to where the computed 128-bit (16 bytes) MAC
+ *                  is written. This must not be \c NULL.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if one or more of the required parameters are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
                                         size_t length,
@@ -312,22 +315,22 @@
  *                  \c mbedtls_chachapoly_setkey().
  *
  * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
- * \param length    The length (in bytes) of the data to decrypt.
- * \param nonce     The 96-bit (12 bytes) nonce/IV to use.
+ * \param length    The length (in Bytes) of the data to decrypt.
+ * \param nonce     The \c 96 Bit (\c 12 bytes) nonce/IV to use.
  * \param aad       The buffer containing the additional authenticated data (AAD).
- *                  This pointer can be NULL if aad_len == 0.
+ *                  This pointer can be \c NULL if `aad_len == 0`.
  * \param aad_len   The length (in bytes) of the AAD data to process.
  * \param tag       The buffer holding the authentication tag.
+ *                  This must be a readable buffer of length \c 16 Bytes.
  * \param input     The buffer containing the data to decrypt.
- *                  This pointer can be NULL if ilen == 0.
+ *                  This pointer can be \c NULL if `ilen == 0`.
  * \param output    The buffer to where the decrypted data is written.
- *                  This pointer can be NULL if ilen == 0.
+ *                  This pointer can be \c NULL if `ilen == 0`.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if one or more of the required parameters are NULL.
  * \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
  *                  if the data was not authentic.
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
                                      size_t length,
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 508c00a..0fa74f0 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -50,6 +50,11 @@
     !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
 #endif
+
+#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
+    !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+#endif
 #endif /* _WIN32 */
 
 #if defined(TARGET_LIKE_MBED) && \
@@ -109,13 +114,20 @@
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)           && \
-    ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
+    ( defined(MBEDTLS_USE_PSA_CRYPTO)          || \
+      defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
       defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)     || \
       defined(MBEDTLS_ECDSA_SIGN_ALT)          || \
       defined(MBEDTLS_ECDSA_VERIFY_ALT)        || \
       defined(MBEDTLS_ECDSA_GENKEY_ALT)        || \
+      defined(MBEDTLS_ECP_INTERNAL_ALT)        || \
       defined(MBEDTLS_ECP_ALT) )
-#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
+#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
+#endif
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
+    ! defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
 #endif
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
@@ -137,6 +149,10 @@
 #error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#endif
+
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
                                     !defined(MBEDTLS_SHA256_C))
 #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
@@ -269,6 +285,14 @@
 #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) &&        \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) &&              \
+    ( !defined(MBEDTLS_SHA256_C) &&                             \
+      !defined(MBEDTLS_SHA512_C) &&                             \
+      !defined(MBEDTLS_SHA1_C) )
+#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
+#endif
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
     ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
 #error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
@@ -506,26 +530,25 @@
 #error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
-#error "Only one of MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C can be defined"
-#endif
-
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) &&            \
-    !( defined(MBEDTLS_PSA_CRYPTO_C) &&                 \
-       ( defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) ||  \
-         defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) ) )
+    ! defined(MBEDTLS_PSA_CRYPTO_C)
 #error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) &&            \
-    !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) &&           \
-       defined(MBEDTLS_FS_IO) )
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&      \
+    !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+       defined(MBEDTLS_ENTROPY_NV_SEED) )
+#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) &&             \
-    ! defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&              \
+    !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
+#endif
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
+    !defined(MBEDTLS_FS_IO)
+#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
@@ -722,7 +745,7 @@
 /*
  * Avoid warning from -pedantic. This is a convenient place for this
  * workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
+ * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
  */
 typedef int mbedtls_iso_c_forbids_empty_translation_units;
 
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index d6ecac6..2d609db 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -36,6 +36,7 @@
 #endif
 
 #include <stddef.h>
+#include "platform_util.h"
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 #define MBEDTLS_CIPHER_MODE_AEAD
@@ -354,11 +355,12 @@
  * \brief               This function retrieves the cipher-information
  *                      structure associated with the given cipher name.
  *
- * \param cipher_name   Name of the cipher to search for.
+ * \param cipher_name   Name of the cipher to search for. This must not be
+ *                      \c NULL.
  *
  * \return              The cipher information structure associated with the
  *                      given \p cipher_name.
- * \return              NULL if the associated cipher information is not found.
+ * \return              \c NULL if the associated cipher information is not found.
  */
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
 
@@ -370,7 +372,7 @@
  *
  * \return              The cipher information structure associated with the
  *                      given \p cipher_type.
- * \return              NULL if the associated cipher information is not found.
+ * \return              \c NULL if the associated cipher information is not found.
  */
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
 
@@ -386,7 +388,7 @@
  *
  * \return              The cipher information structure associated with the
  *                      given \p cipher_id.
- * \return              NULL if the associated cipher information is not found.
+ * \return              \c NULL if the associated cipher information is not found.
  */
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
                                               int key_bitlen,
@@ -394,6 +396,8 @@
 
 /**
  * \brief               This function initializes a \p cipher_context as NONE.
+ *
+ * \param ctx           The context to be initialized. This must not be \c NULL.
  */
 void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
 
@@ -401,6 +405,10 @@
  * \brief               This function frees and clears the cipher-specific
  *                      context of \p ctx. Freeing \p ctx itself remains the
  *                      responsibility of the caller.
+ *
+ * \param ctx           The context to be freed. If this is \c NULL, the
+ *                      function has no effect, otherwise this must point to an
+ *                      initialized context.
  */
 void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
 
@@ -409,7 +417,7 @@
  * \brief               This function initializes a cipher context for
  *                      use with the given cipher primitive.
  *
- * \param ctx           The context to initialize. May not be NULL.
+ * \param ctx           The context to initialize. This must be initialized.
  * \param cipher_info   The cipher to use.
  *
  * \return              \c 0 on success.
@@ -455,15 +463,16 @@
 /**
  * \brief        This function returns the block size of the given cipher.
  *
- * \param ctx    The context of the cipher. Must be initialized.
+ * \param ctx    The context of the cipher. This must be initialized.
  *
- * \return       The size of the blocks of the cipher.
- * \return       0 if \p ctx has not been initialized.
+ * \return       The block size of the underlying cipher.
+ * \return       \c 0 if \p ctx has not been initialized.
  */
 static inline unsigned int mbedtls_cipher_get_block_size(
     const mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
+    if( ctx->cipher_info == NULL )
         return 0;
 
     return ctx->cipher_info->block_size;
@@ -473,7 +482,7 @@
  * \brief        This function returns the mode of operation for
  *               the cipher. For example, MBEDTLS_MODE_CBC.
  *
- * \param ctx    The context of the cipher. Must be initialized.
+ * \param ctx    The context of the cipher. This must be initialized.
  *
  * \return       The mode of operation.
  * \return       #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
@@ -481,7 +490,8 @@
 static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
     const mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
+    if( ctx->cipher_info == NULL )
         return MBEDTLS_MODE_NONE;
 
     return ctx->cipher_info->mode;
@@ -491,7 +501,7 @@
  * \brief       This function returns the size of the IV or nonce
  *              of the cipher, in Bytes.
  *
- * \param ctx   The context of the cipher. Must be initialized.
+ * \param ctx   The context of the cipher. This must be initialized.
  *
  * \return      The recommended IV size if no IV has been set.
  * \return      \c 0 for ciphers not using an IV or a nonce.
@@ -500,7 +510,8 @@
 static inline int mbedtls_cipher_get_iv_size(
     const mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
+    if( ctx->cipher_info == NULL )
         return 0;
 
     if( ctx->iv_size != 0 )
@@ -512,7 +523,7 @@
 /**
  * \brief               This function returns the type of the given cipher.
  *
- * \param ctx           The context of the cipher. Must be initialized.
+ * \param ctx           The context of the cipher. This must be initialized.
  *
  * \return              The type of the cipher.
  * \return              #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
@@ -520,7 +531,9 @@
 static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
     const mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    MBEDTLS_INTERNAL_VALIDATE_RET(
+        ctx != NULL, MBEDTLS_CIPHER_NONE );
+    if( ctx->cipher_info == NULL )
         return MBEDTLS_CIPHER_NONE;
 
     return ctx->cipher_info->type;
@@ -530,7 +543,7 @@
  * \brief               This function returns the name of the given cipher
  *                      as a string.
  *
- * \param ctx           The context of the cipher. Must be initialized.
+ * \param ctx           The context of the cipher. This must be initialized.
  *
  * \return              The name of the cipher.
  * \return              NULL if \p ctx has not been not initialized.
@@ -538,7 +551,8 @@
 static inline const char *mbedtls_cipher_get_name(
     const mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
+    if( ctx->cipher_info == NULL )
         return 0;
 
     return ctx->cipher_info->name;
@@ -547,7 +561,7 @@
 /**
  * \brief               This function returns the key length of the cipher.
  *
- * \param ctx           The context of the cipher. Must be initialized.
+ * \param ctx           The context of the cipher. This must be initialized.
  *
  * \return              The key length of the cipher in bits.
  * \return              #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
@@ -556,7 +570,9 @@
 static inline int mbedtls_cipher_get_key_bitlen(
     const mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    MBEDTLS_INTERNAL_VALIDATE_RET(
+        ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
+    if( ctx->cipher_info == NULL )
         return MBEDTLS_KEY_LENGTH_NONE;
 
     return (int) ctx->cipher_info->key_bitlen;
@@ -565,7 +581,7 @@
 /**
  * \brief          This function returns the operation of the given cipher.
  *
- * \param ctx      The context of the cipher. Must be initialized.
+ * \param ctx      The context of the cipher. This must be initialized.
  *
  * \return         The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
  * \return         #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
@@ -573,7 +589,9 @@
 static inline mbedtls_operation_t mbedtls_cipher_get_operation(
     const mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    MBEDTLS_INTERNAL_VALIDATE_RET(
+        ctx != NULL, MBEDTLS_OPERATION_NONE );
+    if( ctx->cipher_info == NULL )
         return MBEDTLS_OPERATION_NONE;
 
     return ctx->operation;
@@ -582,11 +600,11 @@
 /**
  * \brief               This function sets the key to use with the given context.
  *
- * \param ctx           The generic cipher context. May not be NULL. Must have
- *                      been initialized using mbedtls_cipher_info_from_type()
- *                      or mbedtls_cipher_info_from_string().
- * \param key           The key to use.
- * \param key_bitlen    The key length to use, in bits.
+ * \param ctx           The generic cipher context. This must be initialized and
+ *                      bound to a cipher information structure.
+ * \param key           The key to use. This must be a readable buffer of at
+ *                      least \p key_bitlen Bits.
+ * \param key_bitlen    The key length to use, in Bits.
  * \param operation     The operation that the key will be used for:
  *                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
  *
@@ -607,7 +625,8 @@
  *
  *                      The default passing mode is PKCS7 padding.
  *
- * \param ctx           The generic cipher context.
+ * \param ctx           The generic cipher context. This must be initialized and
+ *                      bound to a cipher information structure.
  * \param mode          The padding mode.
  *
  * \return              \c 0 on success.
@@ -627,8 +646,10 @@
  * \note            Some ciphers do not use IVs nor nonce. For these
  *                  ciphers, this function has no effect.
  *
- * \param ctx       The generic cipher context.
- * \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ * \param ctx       The generic cipher context. This must be initialized and
+ *                  bound to a cipher information structure.
+ * \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
+ *                  must be a readable buffer of at least \p iv_len Bytes.
  * \param iv_len    The IV length for ciphers with variable-size IV.
  *                  This parameter is discarded by ciphers with fixed-size IV.
  *
@@ -637,12 +658,13 @@
  *                  parameter-verification failure.
  */
 int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *iv, size_t iv_len );
+                           const unsigned char *iv,
+                           size_t iv_len );
 
 /**
  * \brief         This function resets the cipher state.
  *
- * \param ctx     The generic cipher context.
+ * \param ctx     The generic cipher context. This must be initialized.
  *
  * \return        \c 0 on success.
  * \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@@ -652,16 +674,18 @@
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /**
- * \brief             This function adds additional data for AEAD ciphers.
- *                    Currently supported with GCM and ChaCha20+Poly1305.
- *                    Must be called exactly once, after mbedtls_cipher_reset().
+ * \brief               This function adds additional data for AEAD ciphers.
+ *                      Currently supported with GCM and ChaCha20+Poly1305.
+ *                      This must be called exactly once, after
+ *                      mbedtls_cipher_reset().
  *
- * \param ctx         The generic cipher context.
- * \param ad          The additional data to use.
- * \param ad_len      the Length of \p ad.
+ * \param ctx           The generic cipher context. This must be initialized.
+ * \param ad            The additional data to use. This must be a readable
+ *                      buffer of at least \p ad_len Bytes.
+ * \param ad_len        The length of \p ad in Bytes.
  *
- * \return            \c 0 on success.
- * \return            A specific error code on failure.
+ * \return              \c 0 on success.
+ * \return              A specific error code on failure.
  */
 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len );
@@ -682,14 +706,17 @@
  *                      mbedtls_cipher_finish(), must have \p ilen as a
  *                      multiple of the block size of the cipher.
  *
- * \param ctx           The generic cipher context.
- * \param input         The buffer holding the input data.
+ * \param ctx           The generic cipher context. This must be initialized and
+ *                      bound to a key.
+ * \param input         The buffer holding the input data. This must be a
+ *                      readable buffer of at least \p ilen Bytes.
  * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. Must be able to hold at
- *                      least \p ilen + block_size. Must not be the same buffer
- *                      as input.
+ * \param output        The buffer for the output data. This must be able to
+ *                      hold at least `ilen + block_size`. This must not be the
+ *                      same buffer as \p input.
  * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written.
+ *                      actual number of Bytes written. This must not be
+ *                      \c NULL.
  *
  * \return              \c 0 on success.
  * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@@ -709,9 +736,12 @@
  *                      contained in it is padded to the size of
  *                      the last block, and written to the \p output buffer.
  *
- * \param ctx           The generic cipher context.
- * \param output        The buffer to write data to. Needs block_size available.
+ * \param ctx           The generic cipher context. This must be initialized and
+ *                      bound to a key.
+ * \param output        The buffer to write data to. This needs to be a writable
+ *                      buffer of at least \p block_size Bytes.
  * \param olen          The length of the data written to the \p output buffer.
+ *                      This may not be \c NULL.
  *
  * \return              \c 0 on success.
  * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@@ -729,10 +759,14 @@
 /**
  * \brief               This function writes a tag for AEAD ciphers.
  *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      Must be called after mbedtls_cipher_finish().
+ *                      This must be called after mbedtls_cipher_finish().
  *
- * \param ctx           The generic cipher context.
- * \param tag           The buffer to write the tag to.
+ * \param ctx           The generic cipher context. This must be initialized,
+ *                      bound to a key, and have just completed a cipher
+ *                      operation through mbedtls_cipher_finish() the tag for
+ *                      which should be written.
+ * \param tag           The buffer to write the tag to. This must be a writable
+ *                      buffer of at least \p tag_len Bytes.
  * \param tag_len       The length of the tag to write.
  *
  * \return              \c 0 on success.
@@ -744,10 +778,11 @@
 /**
  * \brief               This function checks the tag for AEAD ciphers.
  *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      Must be called after mbedtls_cipher_finish().
+ *                      This must be called after mbedtls_cipher_finish().
  *
- * \param ctx           The generic cipher context.
- * \param tag           The buffer holding the tag.
+ * \param ctx           The generic cipher context. This must be initialized.
+ * \param tag           The buffer holding the tag. This must be a readable
+ *                      buffer of at least \p tag_len Bytes.
  * \param tag_len       The length of the tag to check.
  *
  * \return              \c 0 on success.
@@ -761,18 +796,22 @@
  * \brief               The generic all-in-one encryption/decryption function,
  *                      for all ciphers except AEAD constructs.
  *
- * \param ctx           The generic cipher context.
+ * \param ctx           The generic cipher context. This must be initialized.
  * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ *                      This must be a readable buffer of at least \p iv_len
+ *                      Bytes.
  * \param iv_len        The IV length for ciphers with variable-size IV.
  *                      This parameter is discarded by ciphers with fixed-size
  *                      IV.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. Must be able to hold at
- *                      least \p ilen + block_size. Must not be the same buffer
- *                      as input.
+ * \param input         The buffer holding the input data. This must be a
+ *                      readable buffer of at least \p ilen Bytes.
+ * \param ilen          The length of the input data in Bytes.
+ * \param output        The buffer for the output data. This must be able to
+ *                      hold at least `ilen + block_size`. This must not be the
+ *                      same buffer as \p input.
  * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written.
+ *                      actual number of Bytes written. This must not be
+ *                      \c NULL.
  *
  * \note                Some ciphers do not use IVs nor nonce. For these
  *                      ciphers, use \p iv = NULL and \p iv_len = 0.
@@ -793,27 +832,34 @@
 
 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
 /**
- * \brief             The generic autenticated encryption (AEAD) function.
+ * \brief               The generic autenticated encryption (AEAD) function.
  *
- * \param ctx         The generic cipher context.
- * \param iv          The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * \param iv_len      The IV length for ciphers with variable-size IV.
- *                    This parameter is discarded by ciphers with fixed-size IV.
- * \param ad          The additional data to authenticate.
- * \param ad_len      The length of \p ad.
- * \param input       The buffer holding the input data.
- * \param ilen        The length of the input data.
- * \param output      The buffer for the output data.
- *                    Must be able to hold at least \p ilen.
- * \param olen        The length of the output data, to be updated with the
- *                    actual number of Bytes written.
- * \param tag         The buffer for the authentication tag.
- * \param tag_len     The desired length of the authentication tag.
+ * \param ctx           The generic cipher context. This must be initialized and
+ *                      bound to a key.
+ * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ *                      This must be a readable buffer of at least \p iv_len
+ *                      Bytes.
+ * \param iv_len        The IV length for ciphers with variable-size IV.
+ *                      This parameter is discarded by ciphers with fixed-size IV.
+ * \param ad            The additional data to authenticate. This must be a
+ *                      readable buffer of at least \p ad_len Bytes.
+ * \param ad_len        The length of \p ad.
+ * \param input         The buffer holding the input data. This must be a
+ *                      readable buffer of at least \p ilen Bytes.
+ * \param ilen          The length of the input data.
+ * \param output        The buffer for the output data. This must be able to
+ *                      hold at least \p ilen Bytes.
+ * \param olen          The length of the output data, to be updated with the
+ *                      actual number of Bytes written. This must not be
+ *                      \c NULL.
+ * \param tag           The buffer for the authentication tag. This must be a
+ *                      writable buffer of at least \p tag_len Bytes.
+ * \param tag_len       The desired length of the authentication tag.
  *
- * \return            \c 0 on success.
- * \return            #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                    parameter-verification failure.
- * \return            A cipher-specific error code on failure.
+ * \return              \c 0 on success.
+ * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ *                      parameter-verification failure.
+ * \return              A cipher-specific error code on failure.
  */
 int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
                          const unsigned char *iv, size_t iv_len,
@@ -823,32 +869,39 @@
                          unsigned char *tag, size_t tag_len );
 
 /**
- * \brief             The generic autenticated decryption (AEAD) function.
+ * \brief               The generic autenticated decryption (AEAD) function.
  *
- * \note              If the data is not authentic, then the output buffer
- *                    is zeroed out to prevent the unauthentic plaintext being
- *                    used, making this interface safer.
+ * \note                If the data is not authentic, then the output buffer
+ *                      is zeroed out to prevent the unauthentic plaintext being
+ *                      used, making this interface safer.
  *
- * \param ctx         The generic cipher context.
- * \param iv          The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * \param iv_len      The IV length for ciphers with variable-size IV.
- *                    This parameter is discarded by ciphers with fixed-size IV.
- * \param ad          The additional data to be authenticated.
- * \param ad_len      The length of \p ad.
- * \param input       The buffer holding the input data.
- * \param ilen        The length of the input data.
- * \param output      The buffer for the output data.
- *                    Must be able to hold at least \p ilen.
- * \param olen        The length of the output data, to be updated with the
- *                    actual number of Bytes written.
- * \param tag         The buffer holding the authentication tag.
- * \param tag_len     The length of the authentication tag.
+ * \param ctx           The generic cipher context. This must be initialized and
+ *                      and bound to a key.
+ * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ *                      This must be a readable buffer of at least \p iv_len
+ *                      Bytes.
+ * \param iv_len        The IV length for ciphers with variable-size IV.
+ *                      This parameter is discarded by ciphers with fixed-size IV.
+ * \param ad            The additional data to be authenticated. This must be a
+ *                      readable buffer of at least \p ad_len Bytes.
+ * \param ad_len        The length of \p ad.
+ * \param input         The buffer holding the input data. This must be a
+ *                      readable buffer of at least \p ilen Bytes.
+ * \param ilen          The length of the input data.
+ * \param output        The buffer for the output data.
+ *                      This must be able to hold at least \p ilen Bytes.
+ * \param olen          The length of the output data, to be updated with the
+ *                      actual number of Bytes written. This must not be
+ *                      \c NULL.
+ * \param tag           The buffer holding the authentication tag. This must be
+ *                      a readable buffer of at least \p tag_len Bytes.
+ * \param tag_len       The length of the authentication tag.
  *
- * \return            \c 0 on success.
- * \return            #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                    parameter-verification failure.
- * \return            #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return            A cipher-specific error code on failure.
+ * \return              \c 0 on success.
+ * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ *                      parameter-verification failure.
+ * \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
+ * \return              A cipher-specific error code on failure.
  */
 int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
                          const unsigned char *iv, size_t iv_len,
diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index 6687b36..d711339 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -137,7 +137,7 @@
 typedef struct
 {
     psa_algorithm_t alg;
-    psa_key_slot_t slot;
+    psa_key_handle_t slot;
     mbedtls_cipher_psa_key_ownership slot_state;
 } mbedtls_cipher_context_psa;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index c196793..9d42b3f 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -28,6 +28,12 @@
 #ifndef MBEDTLS_CMAC_H
 #define MBEDTLS_CMAC_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "cipher.h"
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 213b691..a58b472 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -25,6 +25,12 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
 
 #if defined(MBEDTLS_DEPRECATED_WARNING)
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1f37d08..de63146 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -139,7 +139,7 @@
  *
  * System has time.h, time(), and an implementation for
  * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necesarily very accurate, but at least
+ * The time needs to be correct (not necessarily very accurate, but at least
  * the date should be correct). This is used to verify the validity period of
  * X.509 certificates.
  *
@@ -226,6 +226,7 @@
 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
 //#define MBEDTLS_PLATFORM_PRINTF_ALT
 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
 
@@ -256,6 +257,48 @@
  */
 //#define MBEDTLS_DEPRECATED_REMOVED
 
+/**
+ * \def MBEDTLS_CHECK_PARAMS
+ *
+ * This configuration option controls whether the library validates more of
+ * the parameters passed to it.
+ *
+ * When this flag is not defined, the library only attempts to validate an
+ * input parameter if: (1) they may come from the outside world (such as the
+ * network, the filesystem, etc.) or (2) not validating them could result in
+ * internal memory errors such as overflowing a buffer controlled by the
+ * library. On the other hand, it doesn't attempt to validate parameters whose
+ * values are fully controlled by the application (such as pointers).
+ *
+ * When this flag is defined, the library additionally attempts to validate
+ * parameters that are fully controlled by the application, and should always
+ * be valid if the application code is fully correct and trusted.
+ *
+ * For example, when a function accepts as input a pointer to a buffer that may
+ * contain untrusted data, and its documentation mentions that this pointer
+ * must not be NULL:
+ * - the pointer is checked to be non-NULL only if this option is enabled
+ * - the content of the buffer is always validated
+ *
+ * When this flag is defined, if a library function receives a parameter that
+ * is invalid, it will:
+ * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
+ *   call to the function mbedtls_param_failed()
+ * - immediately return (with a specific error code unless the function
+ *   returns void and can't communicate an error).
+ *
+ * When defining this flag, you also need to:
+ * - either provide a definition of the function mbedtls_param_failed() in
+ *   your application (see platform_util.h for its prototype) as the library
+ *   calls that function, but does not provide a default definition for it,
+ * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
+ *   below if the above mechanism is not flexible enough to suit your needs.
+ *   See the documentation of this macro later in this file.
+ *
+ * Uncomment to enable validation of application-controlled parameters.
+ */
+//#define MBEDTLS_CHECK_PARAMS
+
 /* \} name SECTION: System support */
 
 /**
@@ -359,7 +402,7 @@
  * \note Because of a signature change, the core AES encryption and decryption routines are
  *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
  *       respectively. When setting up alternative implementations, these functions should
- *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ *       be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
  *       must stay untouched.
  *
  * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
@@ -414,11 +457,11 @@
  *      unsigned char mbedtls_internal_ecp_grp_capable(
  *          const mbedtls_ecp_group *grp )
  *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- *      void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
+ *      void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
  * The mbedtls_internal_ecp_grp_capable function should return 1 if the
  * replacement functions implement arithmetic for the given group and 0
  * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
  * called before and after each point operation and provide an opportunity to
  * implement optimized set up and tear down instructions.
  *
@@ -645,6 +688,26 @@
 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 
 /**
+ * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
+ *
+ * Remove 3DES ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on 3DES from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
+ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
+ * them explicitly.
+ *
+ * A man-in-the-browser attacker can recover authentication tokens sent through
+ * a TLS connection using a 3DES based cipher suite (see "On the Practical
+ * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
+ * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
+ * in your threat model or you are unsure, then you should keep this option
+ * enabled to remove 3DES based cipher suites.
+ *
+ * Comment this macro to keep 3DES in the default ciphersuite list.
+ */
+#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
+
+/**
  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
  *
  * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -683,11 +746,11 @@
  * Enable "non-blocking" ECC operations that can return early and be resumed.
  *
  * This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
- * order to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
- * number of ECC operations a function may perform before pausing; see
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
+ * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
+ * to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
+ * of ECC operations a function may perform before pausing; see
  * mbedtls_ecp_set_max_ops() for more information.
  *
  * This is useful in non-threaded environments if you want to avoid blocking
@@ -697,11 +760,40 @@
  *
  * \note  This option only works with the default software implementation of
  *        elliptic curve functionality. It is incompatible with
- *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT.
+ *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
+ *        and MBEDTLS_ECDH_LEGACY_CONTEXT.
  */
 //#define MBEDTLS_ECP_RESTARTABLE
 
 /**
+ * \def MBEDTLS_ECDH_LEGACY_CONTEXT
+ *
+ * Use a backward compatible ECDH context.
+ *
+ * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
+ * defined in `ecdh.h`). For most applications, the choice of format makes
+ * no difference, since all library functions can work with either format,
+ * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
+
+ * The new format used when this option is disabled is smaller
+ * (56 bytes on a 32-bit platform). In future versions of the library, it
+ * will support alternative implementations of ECDH operations.
+ * The new format is incompatible with applications that access
+ * context fields directly and with restartable ECP operations.
+ *
+ * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
+ * want to access ECDH context fields directly. Otherwise you should
+ * comment out this macro definition.
+ *
+ * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
+ *
+ * \note This configuration option is experimental. Future versions of the
+ *       library may modify the way the ECDH context layout is configured
+ *       and may modify the layout of the new context type.
+ */
+#define MBEDTLS_ECDH_LEGACY_CONTEXT
+
+/**
  * \def MBEDTLS_ECDSA_DETERMINISTIC
  *
  * Enable deterministic ECDSA (RFC 6979).
@@ -1103,15 +1195,20 @@
  */
 //#define MBEDTLS_ENTROPY_NV_SEED
 
-/**
- * \def MBEDTLS_PSA_HAS_ITS_IO
+/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
  *
- * Enable the non-volatile secure storage usage.
+ * In PSA key storage, encode the owner of the key.
  *
- * This is crucial on systems that do not have a HW TRNG support.
+ * This is only meaningful when building the library as part of a
+ * multi-client service. When you activate this option, you must provide
+ * an implementation of the type psa_key_owner_id_t and a translation
+ * from psa_key_file_id_t to file name in all the storage backends that
+ * you wish to support.
  *
+ * Note that this option is meant for internal use only and may be removed
+ * without notice.
  */
-//#define MBEDTLS_PSA_HAS_ITS_IO
+//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
 
 /**
  * \def MBEDTLS_MEMORY_DEBUG
@@ -1184,14 +1281,17 @@
 //#define MBEDTLS_PSA_CRYPTO_SPM
 
 /**
- * \def MBEDTLS_PSA_HAS_ITS_IO
+ * \def MBEDTLS_PSA_INJECT_ENTROPY
  *
- * Enable the non-volatile secure storage usage.
+ * Enable support for entropy injection at first boot. This feature is
+ * required on systems that do not have a built-in entropy source (TRNG).
+ * This feature is currently not supported on systems that have a built-in
+ * entropy source.
  *
- * This is crucial on systems that do not have a HW TRNG support.
+ * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
  *
  */
-//#define MBEDTLS_PSA_HAS_ITS_IO
+//#define MBEDTLS_PSA_INJECT_ENTROPY
 
 /**
  * \def MBEDTLS_RSA_NO_CRT
@@ -1322,6 +1422,28 @@
 #define MBEDTLS_SSL_FALLBACK_SCSV
 
 /**
+ * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ *
+ * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
+ * giving access to the peer's certificate after completion of the handshake.
+ *
+ * Unless you need mbedtls_ssl_peer_cert() in your application, it is
+ * recommended to disable this option for reduced RAM usage.
+ *
+ * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
+ *       defined, but always returns \c NULL.
+ *
+ * \note This option has no influence on the protection against the
+ *       triple handshake attack. Even if it is disabled, Mbed TLS will
+ *       still ensure that certificates do not change during renegotiation,
+ *       for exaple by keeping a hash of the peer's certificate.
+ *
+ * Comment this macro to disable storing the peer's certificate
+ * after the handshake.
+ */
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
+/**
  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
  *
  * Enable hooking functions in SSL module for hardware acceleration of
@@ -1530,7 +1652,7 @@
  * \def MBEDTLS_SSL_SESSION_TICKETS
  *
  * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintainance of a
+ * Client-side, provides full support for session tickets (maintenance of a
  * session store remains the responsibility of the application, though).
  * Server-side, you also need to provide callbacks for writing and parsing
  * tickets, including authenticated encryption and key management. Example
@@ -1714,7 +1836,7 @@
  *
  * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
  * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be a applicable to your use case.
+ * CRIME or similar exploits may be applicable to your use case.
  *
  * \note Currently compression can't be used with DTLS.
  *
@@ -2661,38 +2783,23 @@
  *
  * Module:  library/psa_crypto_storage.c
  *
- * Requires: MBEDTLS_PSA_CRYPTO_C and one of either
- * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- * (but not both)
- *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ *           the PSA ITS interface
  */
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
 
 /**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ * \def MBEDTLS_PSA_ITS_FILE_C
  *
- * Enable persistent key storage over files for the
- * Platform Security Architecture cryptography API.
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
  *
- * Module:  library/psa_crypto_storage_file.c
+ * Module:  library/psa_its_file.c
  *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
- *
+ * Requires: MBEDTLS_FS_IO
  */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- *
- * Enable persistent key storage over PSA ITS for the
- * Platform Security Architecture cryptography API.
- *
- * Module:  library/psa_crypto_storage_its.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+#define MBEDTLS_PSA_ITS_FILE_C
 
 /**
  * \def MBEDTLS_RIPEMD160_C
@@ -3078,7 +3185,7 @@
 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
@@ -3095,11 +3202,42 @@
 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf /**< Default vsnprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
 
+/**
+ * \brief       This macro is invoked by the library when an invalid parameter
+ *              is detected that is only checked with MBEDTLS_CHECK_PARAMS
+ *              (see the documentation of that option for context).
+ *
+ *              When you leave this undefined here, a default definition is
+ *              provided that invokes the function mbedtls_param_failed(),
+ *              which is declared in platform_util.h for the benefit of the
+ *              library, but that you need to define in your application.
+ *
+ *              When you define this here, this replaces the default
+ *              definition in platform_util.h (which no longer declares the
+ *              function mbedtls_param_failed()) and it is your responsibility
+ *              to make sure this macro expands to something suitable (in
+ *              particular, that all the necessary declarations are visible
+ *              from within the library - you can ensure that by providing
+ *              them in this file next to the macro definition).
+ *
+ *              Note that you may define this macro to expand to nothing, in
+ *              which case you don't have to worry about declarations or
+ *              definitions. However, you will then be notified about invalid
+ *              parameters only in non-void functions, and void function will
+ *              just silently return early on invalid parameters, which
+ *              partially negates the benefits of enabling
+ *              #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
+ *
+ * \param cond  The expression that should evaluate to true, but doesn't.
+ */
+//#define MBEDTLS_PARAM_FAILED( cond )               assert( cond )
+
 /* SSL Cache options */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
@@ -3108,31 +3246,65 @@
 
 /** \def MBEDTLS_SSL_MAX_CONTENT_LEN
  *
- * Maximum fragment length in bytes.
+ * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
  *
- * Determines the size of both the incoming and outgoing TLS I/O buffers.
+ * This determines the size of both the incoming and outgoing TLS I/O buffers
+ * in such a way that both are capable of holding the specified amount of
+ * plaintext data, regardless of the protection mechanism used.
  *
- * Uncommenting MBEDTLS_SSL_IN_CONTENT_LEN and/or MBEDTLS_SSL_OUT_CONTENT_LEN
- * will override this length by setting maximum incoming and/or outgoing
- * fragment length, respectively.
+ * To configure incoming and outgoing I/O buffers separately, use
+ * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
+ * which overwrite the value set by this option.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of both
+ * incoming and outgoing I/O buffers.
  */
 //#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384
 
 /** \def MBEDTLS_SSL_IN_CONTENT_LEN
  *
- * Maximum incoming fragment length in bytes.
+ * Maximum length (in bytes) of incoming plaintext fragments.
  *
- * Uncomment to set the size of the inward TLS buffer independently of the
- * outward buffer.
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option is undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer
+ * independently of the outgoing I/O buffer.
  */
 //#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
 
 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
  *
- * Maximum outgoing fragment length in bytes.
+ * Maximum length (in bytes) of outgoing plaintext fragments.
  *
- * Uncomment to set the size of the outward TLS buffer independently of the
- * inward buffer.
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
  *
  * It is possible to save RAM by setting a smaller outward buffer, while keeping
  * the default inward 16384 byte buffer to conform to the TLS specification.
@@ -3142,11 +3314,8 @@
  * The specific size requirement depends on the configured ciphers and any
  * certificate data which is sent during the handshake.
  *
- * For absolute minimum RAM usage, it's best to enable
- * MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This
- * reduces both incoming and outgoing buffer sizes. However this is only
- * guaranteed if the other end of the connection also supports the TLS
- * max_fragment_len extension. Otherwise the connection may fail.
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
+ * independently of the incoming I/O buffer.
  */
 //#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
 
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index c91ca58..cc3df7b 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -36,6 +36,12 @@
 #ifndef MBEDTLS_CTR_DRBG_H
 #define MBEDTLS_CTR_DRBG_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "aes.h"
 
 #if defined(MBEDTLS_THREADING_C)
@@ -239,18 +245,20 @@
 /**
  * \brief              This function updates the state of the CTR_DRBG context.
  *
- * \note               If \p add_len is greater than
- *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
- *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
- *                     The remaining Bytes are silently discarded.
- *
  * \param ctx          The CTR_DRBG context.
  * \param additional   The data to update the state with.
- * \param add_len      Length of \p additional data.
+ * \param add_len      Length of \p additional in bytes. This must be at
+ *                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
  *
+ * \return             \c 0 on success.
+ * \return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
+ *                     \p add_len is more than
+ *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+ * \return             An error from the underlying AES cipher on failure.
  */
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
-                      const unsigned char *additional, size_t add_len );
+int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
+                                 const unsigned char *additional,
+                                 size_t add_len );
 
 /**
  * \brief   This function updates a CTR_DRBG instance with additional
@@ -290,6 +298,35 @@
 int mbedtls_ctr_drbg_random( void *p_rng,
                      unsigned char *output, size_t output_len );
 
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief              This function updates the state of the CTR_DRBG context.
+ *
+ * \deprecated         Superseded by mbedtls_ctr_drbg_update_ret()
+ *                     in 2.16.0.
+ *
+ * \note               If \p add_len is greater than
+ *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
+ *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
+ *                     The remaining Bytes are silently discarded.
+ *
+ * \param ctx          The CTR_DRBG context.
+ * \param additional   The data to update the state with.
+ * \param add_len      Length of \p additional data.
+ */
+MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
+    mbedtls_ctr_drbg_context *ctx,
+    const unsigned char *additional,
+    size_t add_len );
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
 #if defined(MBEDTLS_FS_IO)
 /**
  * \brief               This function writes a seed file.
@@ -319,6 +356,8 @@
 int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
 #endif /* MBEDTLS_FS_IO */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief               The CTR_DRBG checkup routine.
  *
@@ -327,6 +366,8 @@
  */
 int mbedtls_ctr_drbg_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 /* Internal functions (do not call directly) */
 int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
                                int (*)(void *, unsigned char *, size_t), void *,
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index ef8db67..736444b 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -65,6 +65,11 @@
     mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
 #endif
 
+#if defined(MBEDTLS_ECDH_C)
+#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr )               \
+    mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
+#endif
+
 #else /* MBEDTLS_DEBUG_C */
 
 #define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
@@ -73,6 +78,7 @@
 #define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
 #define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
 #define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr )     do { } while( 0 )
 
 #endif /* MBEDTLS_DEBUG_C */
 
@@ -221,6 +227,36 @@
                       const char *text, const mbedtls_x509_crt *crt );
 #endif
 
+#if defined(MBEDTLS_ECDH_C)
+typedef enum
+{
+    MBEDTLS_DEBUG_ECDH_Q,
+    MBEDTLS_DEBUG_ECDH_QP,
+    MBEDTLS_DEBUG_ECDH_Z,
+} mbedtls_debug_ecdh_attr;
+
+/**
+ * \brief   Print a field of the ECDH structure in the SSL context to the debug
+ *          output. This function is always used through the
+ *          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+ *          and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param ecdh      the ECDH context
+ * \param attr      the identifier of the attribute being output
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
+                                const char *file, int line,
+                                const mbedtls_ecdh_context *ecdh,
+                                mbedtls_debug_ecdh_attr attr );
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index d62042d..54e6b78 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -338,6 +338,8 @@
 void mbedtls_des_setkey( uint32_t SK[32],
                          const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -345,6 +347,8 @@
  */
 int mbedtls_des_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 8e2d020..98cd4e2 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -127,9 +127,15 @@
 void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
 
 /**
- * \brief          This function parses the ServerKeyExchange parameters.
+ * \brief          This function parses the DHM parameters in a
+ *                 TLS ServerKeyExchange handshake message
+ *                 (DHM modulus, generator, and public key).
  *
- * \param ctx      The DHM context.
+ * \note           In a TLS handshake, this is the how the client
+ *                 sets up its DHM context from the server's public
+ *                 DHM key material.
+ *
+ * \param ctx      The DHM context to use. This must be initialized.
  * \param p        On input, *p must be the start of the input buffer.
  *                 On output, *p is updated to point to the end of the data
  *                 that has been read. On success, this is the first byte
@@ -143,31 +149,37 @@
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
  */
 int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
-                     unsigned char **p,
-                     const unsigned char *end );
+                             unsigned char **p,
+                             const unsigned char *end );
 
 /**
- * \brief          This function sets up and writes the ServerKeyExchange
- *                 parameters.
+ * \brief          This function generates a DHM key pair and exports its
+ *                 public part together with the DHM parameters in the format
+ *                 used in a TLS ServerKeyExchange handshake message.
  *
- * \note           The destination buffer must be large enough to hold
- *                 the reduced binary presentation of the modulus, the generator
- *                 and the public key, each wrapped with a 2-byte length field.
- *                 It is the responsibility of the caller to ensure that enough
- *                 space is available. Refer to \c mbedtls_mpi_size to computing
- *                 the byte-size of an MPI.
- *
- * \note           This function assumes that \c ctx->P and \c ctx->G
- *                 have already been properly set. For that, use
+ * \note           This function assumes that the DHM parameters \c ctx->P
+ *                 and \c ctx->G have already been properly set. For that, use
  *                 mbedtls_dhm_set_group() below in conjunction with
  *                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
  *
- * \param ctx      The DHM context.
+ * \note           In a TLS handshake, this is the how the server generates
+ *                 and exports its DHM key material.
+ *
+ * \param ctx      The DHM context to use. This must be initialized
+ *                 and have the DHM parameters set. It may or may not
+ *                 already have imported the peer's public key.
  * \param x_size   The private key size in Bytes.
- * \param olen     The number of characters written.
- * \param output   The destination buffer.
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG context.
+ * \param olen     The address at which to store the number of Bytes
+ *                 written on success. This must not be \c NULL.
+ * \param output   The destination buffer. This must be a writable buffer of
+ *                 sufficient size to hold the reduced binary presentation of
+ *                 the modulus, the generator and the public key, each wrapped
+ *                 with a 2-byte length field. It is the responsibility of the
+ *                 caller to ensure that enough space is available. Refer to
+ *                 mbedtls_mpi_size() to computing the byte-size of an MPI.
+ * \param f_rng    The RNG function. Must not be \c NULL.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng doesn't need a context parameter.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -180,12 +192,14 @@
 /**
  * \brief          This function sets the prime modulus and generator.
  *
- * \note           This function can be used to set \p P, \p G
+ * \note           This function can be used to set \c ctx->P, \c ctx->G
  *                 in preparation for mbedtls_dhm_make_params().
  *
- * \param ctx      The DHM context.
- * \param P        The MPI holding the DHM prime modulus.
- * \param G        The MPI holding the DHM generator.
+ * \param ctx      The DHM context to configure. This must be initialized.
+ * \param P        The MPI holding the DHM prime modulus. This must be
+ *                 an initialized MPI.
+ * \param G        The MPI holding the DHM generator. This must be an
+ *                 initialized MPI.
  *
  * \return         \c 0 if successful.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -195,11 +209,17 @@
                            const mbedtls_mpi *G );
 
 /**
- * \brief          This function imports the public value of the peer, G^Y.
+ * \brief          This function imports the raw public value of the peer.
  *
- * \param ctx      The DHM context.
- * \param input    The input buffer containing the G^Y value of the peer.
- * \param ilen     The size of the input buffer.
+ * \note           In a TLS handshake, this is the how the server imports
+ *                 the Client's public DHM key.
+ *
+ * \param ctx      The DHM context to use. This must be initialized and have
+ *                 its DHM parameters set, e.g. via mbedtls_dhm_set_group().
+ *                 It may or may not already have generated its own private key.
+ * \param input    The input buffer containing the \c G^Y value of the peer.
+ *                 This must be a readable buffer of size \p ilen Bytes.
+ * \param ilen     The size of the input buffer \p input in Bytes.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -208,21 +228,25 @@
                      const unsigned char *input, size_t ilen );
 
 /**
- * \brief          This function creates its own private key, \c X, and
- *                 exports \c G^X.
+ * \brief          This function creates a DHM key pair and exports
+ *                 the raw public key in big-endian format.
  *
  * \note           The destination buffer is always fully written
  *                 so as to contain a big-endian representation of G^X mod P.
- *                 If it is larger than ctx->len, it is padded accordingly
+ *                 If it is larger than \c ctx->len, it is padded accordingly
  *                 with zero-bytes at the beginning.
  *
- * \param ctx      The DHM context.
+ * \param ctx      The DHM context to use. This must be initialized and
+ *                 have the DHM parameters set. It may or may not already
+ *                 have imported the peer's public key.
  * \param x_size   The private key size in Bytes.
- * \param output   The destination buffer.
- * \param olen     The length of the destination buffer. Must be at least
- *                  equal to ctx->len (the size of \c P).
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG context.
+ * \param output   The destination buffer. This must be a writable buffer of
+ *                 size \p olen Bytes.
+ * \param olen     The length of the destination buffer. This must be at least
+ *                 equal to `ctx->len` (the size of \c P).
+ * \param f_rng    The RNG function. This must not be \c NULL.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+ *                 if \p f_rng doesn't need a context argument.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -233,22 +257,27 @@
                      void *p_rng );
 
 /**
- * \brief               This function derives and exports the shared secret
- *                      \c (G^Y)^X mod \c P.
+ * \brief          This function derives and exports the shared secret
+ *                 \c (G^Y)^X mod \c P.
  *
- * \note                If \p f_rng is not NULL, it is used to blind the input as
- *                      a countermeasure against timing attacks. Blinding is used
- *                      only if our private key \c X is re-used, and not used
- *                      otherwise. We recommend always passing a non-NULL
- *                      \p f_rng argument.
+ * \note           If \p f_rng is not \c NULL, it is used to blind the input as
+ *                 a countermeasure against timing attacks. Blinding is used
+ *                 only if our private key \c X is re-used, and not used
+ *                 otherwise. We recommend always passing a non-NULL
+ *                 \p f_rng argument.
  *
- * \param ctx           The DHM context.
- * \param output        The destination buffer.
- * \param output_size   The size of the destination buffer. Must be at least
- *                      the size of ctx->len (the size of \c P).
+ * \param ctx           The DHM context to use. This must be initialized
+ *                      and have its own private key generated and the peer's
+ *                      public key imported.
+ * \param output        The buffer to write the generated shared key to. This
+ *                      must be a writable buffer of size \p output_size Bytes.
+ * \param output_size   The size of the destination buffer. This must be at
+ *                      least the size of \c ctx->len (the size of \c P).
  * \param olen          On exit, holds the actual number of Bytes written.
- * \param f_rng         The RNG function, for blinding purposes.
- * \param p_rng         The RNG context.
+ * \param f_rng         The RNG function, for blinding purposes. This may
+ *                      b \c NULL if blinding isn't needed.
+ * \param p_rng         The RNG context. This may be \c NULL if \p f_rng
+ *                      doesn't need a context argument.
  *
  * \return              \c 0 on success.
  * \return              An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -259,9 +288,12 @@
                      void *p_rng );
 
 /**
- * \brief          This function frees and clears the components of a DHM context.
+ * \brief          This function frees and clears the components
+ *                 of a DHM context.
  *
- * \param ctx      The DHM context to free and clear.
+ * \param ctx      The DHM context to free and clear. This may be \c NULL,
+ *                 in which case this function is a no-op. If it is not \c NULL,
+ *                 it must point to an initialized DHM context.
  */
 void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
 
@@ -270,17 +302,19 @@
 /**
  * \brief             This function parses DHM parameters in PEM or DER format.
  *
- * \param dhm         The DHM context to initialize.
- * \param dhmin       The input buffer.
- * \param dhminlen    The size of the buffer, including the terminating null
- *                    Byte for PEM data.
+ * \param dhm         The DHM context to import the DHM parameters into.
+ *                    This must be initialized.
+ * \param dhmin       The input buffer. This must be a readable buffer of
+ *                    length \p dhminlen Bytes.
+ * \param dhminlen    The size of the input buffer \p dhmin, including the
+ *                    terminating \c NULL Byte for PEM data.
  *
  * \return            \c 0 on success.
- * \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
- *                    error code on failure.
+ * \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
+ *                    code on failure.
  */
 int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
-                   size_t dhminlen );
+                           size_t dhminlen );
 
 #if defined(MBEDTLS_FS_IO)
 /** \ingroup x509_module */
@@ -288,16 +322,20 @@
  * \brief          This function loads and parses DHM parameters from a file.
  *
  * \param dhm      The DHM context to load the parameters to.
+ *                 This must be initialized.
  * \param path     The filename to read the DHM parameters from.
+ *                 This must not be \c NULL.
  *
  * \return         \c 0 on success.
- * \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
- *                    error code on failure.
+ * \return         An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
+ *                 error code on failure.
  */
 int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
 #endif /* MBEDTLS_FS_IO */
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          The DMH checkup routine.
  *
@@ -306,16 +344,16 @@
  */
 int mbedtls_dhm_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
 #ifdef __cplusplus
 }
 #endif
 
 /**
- * RFC 3526, RFC 5114 and RFC 7919 standardize a number of
- * Diffie-Hellman groups, some of which are included here
- * for use within the SSL/TLS module and the user's convenience
- * when configuring the Diffie-Hellman parameters by hand
- * through \c mbedtls_ssl_conf_dh_param.
+ * RFC 3526, RFC 5114 and RFC 7919 standardize a number of Diffie-Hellman
+ * groups, some of which are included here for use by Mbed TLS's SSL/TLS module
+ * and the user's convenience when configuring the Diffie-Hellman parameters by
+ * hand through Mbed TLS's \c mbedtls_ssl_conf_dh_param.
  *
  * The following lists the source of the above groups in the standards:
  * - RFC 5114 section 2.2:  2048-bit MODP Group with 224-bit Prime Order Subgroup
@@ -353,15 +391,6 @@
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL )       \
-    ( (mbedtls_deprecated_constant_t) ( VAL ) )
-#else
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#endif /* ! MBEDTLS_DEPRECATED_WARNING */
-
 /**
  * \warning The origin of the primes in RFC 5114 is not documented and
  *          their use therefore constitutes a security risk!
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 27f2ffc..384c3dc 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -34,6 +34,12 @@
 #ifndef MBEDTLS_ECDH_H
 #define MBEDTLS_ECDH_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "ecp.h"
 
 #ifdef __cplusplus
@@ -49,6 +55,39 @@
     MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
 } mbedtls_ecdh_side;
 
+#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+/**
+ * Defines the ECDH implementation used.
+ *
+ * Later versions of the library may add new variants, therefore users should
+ * not make any assumptions about them.
+ */
+typedef enum
+{
+    MBEDTLS_ECDH_VARIANT_NONE = 0,   /*!< Implementation not defined. */
+    MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
+} mbedtls_ecdh_variant;
+
+/**
+ * The context used by the default ECDH implementation.
+ *
+ * Later versions might change the structure of this context, therefore users
+ * should not make any assumptions about the structure of
+ * mbedtls_ecdh_context_mbed.
+ */
+typedef struct mbedtls_ecdh_context_mbed
+{
+    mbedtls_ecp_group grp;   /*!< The elliptic curve used. */
+    mbedtls_mpi d;           /*!< The private key. */
+    mbedtls_ecp_point Q;     /*!< The public key. */
+    mbedtls_ecp_point Qp;    /*!< The value of the public key of the peer. */
+    mbedtls_mpi z;           /*!< The shared secret. */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+#endif
+} mbedtls_ecdh_context_mbed;
+#endif
+
 /**
  *
  * \warning         Performing multiple operations concurrently on the same
@@ -58,6 +97,7 @@
  */
 typedef struct mbedtls_ecdh_context
 {
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
     mbedtls_ecp_group grp;   /*!< The elliptic curve used. */
     mbedtls_mpi d;           /*!< The private key. */
     mbedtls_ecp_point Q;     /*!< The public key. */
@@ -70,7 +110,26 @@
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     int restart_enabled;        /*!< The flag for restartable mode. */
     mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
-#endif
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+#else
+    uint8_t point_format;       /*!< The format of point export in TLS messages
+                                  as defined in RFC 4492. */
+    mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
+    mbedtls_ecdh_variant var;   /*!< The ECDH implementation/structure used. */
+    union
+    {
+        mbedtls_ecdh_context_mbed   mbed_ecdh;
+    } ctx;                      /*!< Implementation-specific context. The
+                                  context in use is specified by the \c var
+                                  field. */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    uint8_t restart_enabled;    /*!< The flag for restartable mode. Functions of
+                                  an alternative implementation not supporting
+                                  restartable mode must return
+                                  MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
+                                  if this flag is set. */
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
 }
 mbedtls_ecdh_context;
 
@@ -84,11 +143,16 @@
  *
  * \see             ecp.h
  *
- * \param grp       The ECP group.
+ * \param grp       The ECP group to use. This must be initialized and have
+ *                  domain parameters loaded, for example through
+ *                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
  * \param d         The destination MPI (private key).
+ *                  This must be initialized.
  * \param Q         The destination point (public key).
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ *                  This must be initialized.
+ * \param f_rng     The RNG function to use. This must not be \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may be
+ *                  \c NULL in case \p f_rng doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          Another \c MBEDTLS_ERR_ECP_XXX or
@@ -111,12 +175,22 @@
  *                  countermeasures against side-channel attacks.
  *                  For more information, see mbedtls_ecp_mul().
  *
- * \param grp       The ECP group.
+ * \param grp       The ECP group to use. This must be initialized and have
+ *                  domain parameters loaded, for example through
+ *                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
  * \param z         The destination MPI (shared secret).
+ *                  This must be initialized.
  * \param Q         The public key from another party.
+ *                  This must be initialized.
  * \param d         Our secret exponent (private key).
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ *                  This must be initialized.
+ * \param f_rng     The RNG function. This may be \c NULL if randomization
+ *                  of intermediate results during the ECP computations is
+ *                  not needed (discouraged). See the documentation of
+ *                  mbedtls_ecp_mul() for more.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may be
+ *                  \c NULL if \p f_rng is \c NULL or doesn't need a
+ *                  context argument.
  *
  * \return          \c 0 on success.
  * \return          Another \c MBEDTLS_ERR_ECP_XXX or
@@ -130,36 +204,57 @@
 /**
  * \brief           This function initializes an ECDH context.
  *
- * \param ctx       The ECDH context to initialize.
+ * \param ctx       The ECDH context to initialize. This must not be \c NULL.
  */
 void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
 
 /**
- * \brief           This function frees a context.
+ * \brief           This function sets up the ECDH context with the information
+ *                  given.
  *
- * \param ctx       The context to free.
- */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief           This function generates a public key and a TLS
- *                  ServerKeyExchange payload.
+ *                  This function should be called after mbedtls_ecdh_init() but
+ *                  before mbedtls_ecdh_make_params(). There is no need to call
+ *                  this function before mbedtls_ecdh_read_params().
  *
  *                  This is the first function used by a TLS server for ECDHE
  *                  ciphersuites.
  *
- * \note            This function assumes that the ECP group (grp) of the
- *                  \p ctx context has already been properly set,
- *                  for example, using mbedtls_ecp_group_load().
+ * \param ctx       The ECDH context to set up. This must be initialized.
+ * \param grp_id    The group id of the group to set up the context for.
+ *
+ * \return          \c 0 on success.
+ */
+int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
+                        mbedtls_ecp_group_id grp_id );
+
+/**
+ * \brief           This function frees a context.
+ *
+ * \param ctx       The context to free. This may be \c NULL, in which
+ *                  case this function does nothing. If it is not \c NULL,
+ *                  it must point to an initialized ECDH context.
+ */
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           This function generates an EC key pair and exports its
+ *                  in the format used in a TLS ServerKeyExchange handshake
+ *                  message.
+ *
+ *                  This is the second function used by a TLS server for ECDHE
+ *                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
  *
  * \see             ecp.h
  *
- * \param ctx       The ECDH context.
- * \param olen      The number of characters written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ * \param ctx       The ECDH context to use. This must be initialized
+ *                  and bound to a group, for example via mbedtls_ecdh_setup().
+ * \param olen      The address at which to store the number of Bytes written.
+ * \param buf       The destination buffer. This must be a writable buffer of
+ *                  length \p blen Bytes.
+ * \param blen      The length of the destination buffer \p buf in Bytes.
+ * \param f_rng     The RNG function to use. This must not be \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may be
+ *                  \c NULL in case \p f_rng doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -172,24 +267,32 @@
                       void *p_rng );
 
 /**
- * \brief           This function parses and processes a TLS ServerKeyExhange
- *                  payload.
+ * \brief           This function parses the ECDHE parameters in a
+ *                  TLS ServerKeyExchange handshake message.
  *
- *                  This is the first function used by a TLS client for ECDHE
- *                  ciphersuites.
+ * \note            In a TLS handshake, this is the how the client
+ *                  sets up its ECDHE context from the server's public
+ *                  ECDHE key material.
  *
  * \see             ecp.h
  *
- * \param ctx       The ECDH context.
- * \param buf       The pointer to the start of the input buffer.
- * \param end       The address for one Byte past the end of the buffer.
+ * \param ctx       The ECDHE context to use. This must be initialized.
+ * \param buf       On input, \c *buf must be the start of the input buffer.
+ *                  On output, \c *buf is updated to point to the end of the
+ *                  data that has been read. On success, this is the first byte
+ *                  past the end of the ServerKeyExchange parameters.
+ *                  On error, this is the point at which an error has been
+ *                  detected, which is usually not useful except to debug
+ *                  failures.
+ * \param end       The end of the input buffer.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  *
  */
 int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                      const unsigned char **buf, const unsigned char *end );
+                              const unsigned char **buf,
+                              const unsigned char *end );
 
 /**
  * \brief           This function sets up an ECDH context from an EC key.
@@ -200,33 +303,40 @@
  *
  * \see             ecp.h
  *
- * \param ctx       The ECDH context to set up.
- * \param key       The EC key to use.
- * \param side      Defines the source of the key: 1: Our key, or
- *                  0: The key of the peer.
+ * \param ctx       The ECDH context to set up. This must be initialized.
+ * \param key       The EC key to use. This must be initialized.
+ * \param side      Defines the source of the key. Possible values are:
+ *                  - #MBEDTLS_ECDH_OURS: The key is ours.
+ *                  - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
  *
  * \return          \c 0 on success.
  * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
  *
  */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
-                     mbedtls_ecdh_side side );
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
+                             const mbedtls_ecp_keypair *key,
+                             mbedtls_ecdh_side side );
 
 /**
- * \brief           This function generates a public key and a TLS
- *                  ClientKeyExchange payload.
+ * \brief           This function generates a public key and exports it
+ *                  as a TLS ClientKeyExchange payload.
  *
  *                  This is the second function used by a TLS client for ECDH(E)
  *                  ciphersuites.
  *
  * \see             ecp.h
  *
- * \param ctx       The ECDH context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The size of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ * \param ctx       The ECDH context to use. This must be initialized
+ *                  and bound to a group, the latter usually by
+ *                  mbedtls_ecdh_read_params().
+ * \param olen      The address at which to store the number of Bytes written.
+ *                  This must not be \c NULL.
+ * \param buf       The destination buffer. This must be a writable buffer
+ *                  of length \p blen Bytes.
+ * \param blen      The size of the destination buffer \p buf in Bytes.
+ * \param f_rng     The RNG function to use. This must not be \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may be
+ *                  \c NULL in case \p f_rng doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -239,23 +349,26 @@
                       void *p_rng );
 
 /**
- * \brief       This function parses and processes a TLS ClientKeyExchange
- *              payload.
+ * \brief       This function parses and processes the ECDHE payload of a
+ *              TLS ClientKeyExchange message.
  *
- *              This is the second function used by a TLS server for ECDH(E)
- *              ciphersuites.
+ *              This is the third function used by a TLS server for ECDH(E)
+ *              ciphersuites. (It is called after mbedtls_ecdh_setup() and
+ *              mbedtls_ecdh_make_params().)
  *
  * \see         ecp.h
  *
- * \param ctx   The ECDH context.
- * \param buf   The start of the input buffer.
- * \param blen  The length of the input buffer.
+ * \param ctx   The ECDH context to use. This must be initialized
+ *              and bound to a group, for example via mbedtls_ecdh_setup().
+ * \param buf   The pointer to the ClientKeyExchange payload. This must
+ *              be a readable buffer of length \p blen Bytes.
+ * \param blen  The length of the input buffer \p buf in Bytes.
  *
  * \return      \c 0 on success.
  * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
 int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                      const unsigned char *buf, size_t blen );
+                              const unsigned char *buf, size_t blen );
 
 /**
  * \brief           This function derives and exports the shared secret.
@@ -268,13 +381,19 @@
  *                  For more information, see mbedtls_ecp_mul().
  *
  * \see             ecp.h
- *
- * \param ctx       The ECDH context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+
+ * \param ctx       The ECDH context to use. This must be initialized
+ *                  and have its own private key generated and the peer's
+ *                  public key imported.
+ * \param olen      The address at which to store the total number of
+ *                  Bytes written on success. This must not be \c NULL.
+ * \param buf       The buffer to write the generated shared key to. This
+ *                  must be a writable buffer of size \p blen Bytes.
+ * \param blen      The length of the destination buffer \p buf in Bytes.
+ * \param f_rng     The RNG function, for blinding purposes. This may
+ *                  b \c NULL if blinding isn't needed.
+ * \param p_rng     The RNG context. This may be \c NULL if \p f_rng
+ *                  doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -297,7 +416,7 @@
  *                  computations once enabled, except by free-ing the context,
  *                  which cancels possible in-progress operations.
  *
- * \param ctx       The ECDH context.
+ * \param ctx       The ECDH context to use. This must be initialized.
  */
 void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
 #endif /* MBEDTLS_ECP_RESTARTABLE */
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 5245c6e..2943945 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -32,6 +32,12 @@
 #ifndef MBEDTLS_ECDSA_H
 #define MBEDTLS_ECDSA_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "ecp.h"
 #include "md.h"
 
@@ -123,7 +129,8 @@
  * \brief           This function computes the ECDSA signature of a
  *                  previously-hashed message.
  *
- * \note            The deterministic version is usually preferred.
+ * \note            The deterministic version implemented in
+ *                  mbedtls_ecdsa_sign_det() is usually preferred.
  *
  * \note            If the bitlength of the message hash is larger than the
  *                  bitlength of the group order, then the hash is truncated
@@ -133,14 +140,22 @@
  *
  * \see             ecp.h
  *
- * \param grp       The ECP group.
- * \param r         The first output integer.
- * \param s         The second output integer.
- * \param d         The private signing key.
- * \param buf       The message hash.
- * \param blen      The length of \p buf.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ * \param grp       The context for the elliptic curve to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param r         The MPI context in which to store the first part
+ *                  the signature. This must be initialized.
+ * \param s         The MPI context in which to store the second part
+ *                  the signature. This must be initialized.
+ * \param d         The private signing key. This must be initialized.
+ * \param buf       The content to be signed. This is usually the hash of
+ *                  the original data to be signed. This must be a readable
+ *                  buffer of length \p blen Bytes. It may be \c NULL if
+ *                  \p blen is zero.
+ * \param blen      The length of \p buf in Bytes.
+ * \param f_rng     The RNG function. This must not be \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may be
+ *                  \c NULL if \p f_rng doesn't need a context parameter.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX
@@ -167,21 +182,29 @@
  *
  * \see             ecp.h
  *
- * \param grp       The ECP group.
- * \param r         The first output integer.
- * \param s         The second output integer.
- * \param d         The private signing key.
- * \param buf       The message hash.
- * \param blen      The length of \p buf.
- * \param md_alg    The MD algorithm used to hash the message.
+ * \param grp       The context for the elliptic curve to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param r         The MPI context in which to store the first part
+ *                  the signature. This must be initialized.
+ * \param s         The MPI context in which to store the second part
+ *                  the signature. This must be initialized.
+ * \param d         The private signing key. This must be initialized
+ *                  and setup, for example through mbedtls_ecp_gen_privkey().
+ * \param buf       The hashed content to be signed. This must be a readable
+ *                  buffer of length \p blen Bytes. It may be \c NULL if
+ *                  \p blen is zero.
+ * \param blen      The length of \p buf in Bytes.
+ * \param md_alg    The hash algorithm used to hash the original data.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
  *                  error code on failure.
  */
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                    mbedtls_md_type_t md_alg );
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
+                            mbedtls_mpi *s, const mbedtls_mpi *d,
+                            const unsigned char *buf, size_t blen,
+                            mbedtls_md_type_t md_alg );
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
 /**
@@ -196,12 +219,19 @@
  *
  * \see             ecp.h
  *
- * \param grp       The ECP group.
- * \param buf       The message hash.
- * \param blen      The length of \p buf.
- * \param Q         The public key to use for verification.
+ * \param grp       The ECP group to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param buf       The hashed content that was signed. This must be a readable
+ *                  buffer of length \p blen Bytes. It may be \c NULL if
+ *                  \p blen is zero.
+ * \param blen      The length of \p buf in Bytes.
+ * \param Q         The public key to use for verification. This must be
+ *                  initialized and setup.
  * \param r         The first integer of the signature.
+ *                  This must be initialized.
  * \param s         The second integer of the signature.
+ *                  This must be initialized.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
@@ -210,8 +240,9 @@
  *                  error code on failure for any other reason.
  */
 int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                  const unsigned char *buf, size_t blen,
-                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
+                          const unsigned char *buf, size_t blen,
+                          const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
+                          const mbedtls_mpi *s);
 
 /**
  * \brief           This function computes the ECDSA signature and writes it
@@ -228,11 +259,6 @@
  *                  of the Digital Signature Algorithm (DSA) and Elliptic
  *                  Curve Digital Signature Algorithm (ECDSA)</em>.
  *
- * \note            The \p sig buffer must be at least twice as large as the
- *                  size of the curve used, plus 9. For example, 73 Bytes if
- *                  a 256-bit curve is used. A buffer length of
- *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
- *
  * \note            If the bitlength of the message hash is larger than the
  *                  bitlength of the group order, then the hash is truncated as
  *                  defined in <em>Standards for Efficient Cryptography Group
@@ -241,20 +267,32 @@
  *
  * \see             ecp.h
  *
- * \param ctx       The ECDSA context.
+ * \param ctx       The ECDSA context to use. This must be initialized
+ *                  and have a group and private key bound to it, for example
+ *                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
  * \param md_alg    The message digest that was used to hash the message.
- * \param hash      The message hash.
- * \param hlen      The length of the hash.
- * \param sig       The buffer that holds the signature.
- * \param slen      The length of the signature written.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ * \param hash      The message hash to be signed. This must be a readable
+ *                  buffer of length \p blen Bytes.
+ * \param hlen      The length of the hash \p hash in Bytes.
+ * \param sig       The buffer to which to write the signature. This must be a
+ *                  writable buffer of length at least twice as large as the
+ *                  size of the curve used, plus 9. For example, 73 Bytes if
+ *                  a 256-bit curve is used. A buffer length of
+ *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+ * \param slen      The address at which to store the actual length of
+ *                  the signature written. Must not be \c NULL.
+ * \param f_rng     The RNG function. This must not be \c NULL if
+ *                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+ *                  it is unused and may be set to \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may be
+ *                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
  *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
+                                   mbedtls_md_type_t md_alg,
                            const unsigned char *hash, size_t hlen,
                            unsigned char *sig, size_t *slen,
                            int (*f_rng)(void *, unsigned char *, size_t),
@@ -270,15 +308,28 @@
  *                  but it can return early and restart according to the limit
  *                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
  *
- * \param ctx       The ECDSA context.
+ * \param ctx       The ECDSA context to use. This must be initialized
+ *                  and have a group and private key bound to it, for example
+ *                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
  * \param md_alg    The message digest that was used to hash the message.
- * \param hash      The message hash.
- * \param hlen      The length of the hash.
- * \param sig       The buffer that holds the signature.
- * \param slen      The length of the signature written.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
- * \param rs_ctx    The restart context (NULL disables restart).
+ * \param hash      The message hash to be signed. This must be a readable
+ *                  buffer of length \p blen Bytes.
+ * \param hlen      The length of the hash \p hash in Bytes.
+ * \param sig       The buffer to which to write the signature. This must be a
+ *                  writable buffer of length at least twice as large as the
+ *                  size of the curve used, plus 9. For example, 73 Bytes if
+ *                  a 256-bit curve is used. A buffer length of
+ *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+ * \param slen      The address at which to store the actual length of
+ *                  the signature written. Must not be \c NULL.
+ * \param f_rng     The RNG function. This must not be \c NULL if
+ *                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+ *                  it is unused and may be set to \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may be
+ *                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+ * \param rs_ctx    The restart context to use. This may be \c NULL to disable
+ *                  restarting. If it is not \c NULL, it must point to an
+ *                  initialized restart context.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
@@ -314,11 +365,6 @@
  * \warning         It is not thread-safe to use the same context in
  *                  multiple threads.
  *
- * \note            The \p sig buffer must be at least twice as large as the
- *                  size of the curve used, plus 9. For example, 73 Bytes if a
- *                  256-bit curve is used. A buffer length of
- *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
- *
  * \note            If the bitlength of the message hash is larger than the
  *                  bitlength of the group order, then the hash is truncated as
  *                  defined in <em>Standards for Efficient Cryptography Group
@@ -330,12 +376,20 @@
  * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in
  *                  Mbed TLS version 2.0 and later.
  *
- * \param ctx       The ECDSA context.
- * \param hash      The message hash.
- * \param hlen      The length of the hash.
- * \param sig       The buffer that holds the signature.
- * \param slen      The length of the signature written.
- * \param md_alg    The MD algorithm used to hash the message.
+ * \param ctx       The ECDSA context to use. This must be initialized
+ *                  and have a group and private key bound to it, for example
+ *                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+ * \param hash      The message hash to be signed. This must be a readable
+ *                  buffer of length \p blen Bytes.
+ * \param hlen      The length of the hash \p hash in Bytes.
+ * \param sig       The buffer to which to write the signature. This must be a
+ *                  writable buffer of length at least twice as large as the
+ *                  size of the curve used, plus 9. For example, 73 Bytes if
+ *                  a 256-bit curve is used. A buffer length of
+ *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+ * \param slen      The address at which to store the actual length of
+ *                  the signature written. Must not be \c NULL.
+ * \param md_alg    The message digest that was used to hash the message.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
@@ -360,11 +414,14 @@
  *
  * \see             ecp.h
  *
- * \param ctx       The ECDSA context.
- * \param hash      The message hash.
- * \param hlen      The size of the hash.
- * \param sig       The signature to read and verify.
- * \param slen      The size of \p sig.
+ * \param ctx       The ECDSA context to use. This must be initialized
+ *                  and have a group and public key bound to it.
+ * \param hash      The message hash that was signed. This must be a readable
+ *                  buffer of length \p size Bytes.
+ * \param hlen      The size of the hash \p hash.
+ * \param sig       The signature to read and verify. This must be a readable
+ *                  buffer of length \p slen Bytes.
+ * \param slen      The size of \p sig in Bytes.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
@@ -387,12 +444,17 @@
  *                  but it can return early and restart according to the limit
  *                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
  *
- * \param ctx       The ECDSA context.
- * \param hash      The message hash.
- * \param hlen      The size of the hash.
- * \param sig       The signature to read and verify.
- * \param slen      The size of \p sig.
- * \param rs_ctx    The restart context (NULL disables restart).
+ * \param ctx       The ECDSA context to use. This must be initialized
+ *                  and have a group and public key bound to it.
+ * \param hash      The message hash that was signed. This must be a readable
+ *                  buffer of length \p size Bytes.
+ * \param hlen      The size of the hash \p hash.
+ * \param sig       The signature to read and verify. This must be a readable
+ *                  buffer of length \p slen Bytes.
+ * \param slen      The size of \p sig in Bytes.
+ * \param rs_ctx    The restart context to use. This may be \c NULL to disable
+ *                  restarting. If it is not \c NULL, it must point to an
+ *                  initialized restart context.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
@@ -414,10 +476,12 @@
  * \see            ecp.h
  *
  * \param ctx      The ECDSA context to store the keypair in.
+ *                 This must be initialized.
  * \param gid      The elliptic curve to use. One of the various
  *                 \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG context.
+ * \param f_rng    The RNG function to use. This must not be \c NULL.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng doesn't need a context argument.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
@@ -426,40 +490,55 @@
                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
 /**
- * \brief           This function sets an ECDSA context from an EC key pair.
+ * \brief           This function sets up an ECDSA context from an EC key pair.
  *
  * \see             ecp.h
  *
- * \param ctx       The ECDSA context to set.
- * \param key       The EC key to use.
+ * \param ctx       The ECDSA context to setup. This must be initialized.
+ * \param key       The EC key to use. This must be initialized and hold
+ *                  a private-public key pair or a public key. In the former
+ *                  case, the ECDSA context may be used for signature creation
+ *                  and verification after this call. In the latter case, it
+ *                  may be used for signature verification.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
  */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
+                                const mbedtls_ecp_keypair *key );
 
 /**
  * \brief           This function initializes an ECDSA context.
  *
  * \param ctx       The ECDSA context to initialize.
+ *                  This must not be \c NULL.
  */
 void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
 
 /**
  * \brief           This function frees an ECDSA context.
  *
- * \param ctx       The ECDSA context to free.
+ * \param ctx       The ECDSA context to free. This may be \c NULL,
+ *                  in which case this function does nothing. If it
+ *                  is not \c NULL, it must be initialized.
  */
 void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /**
- * \brief           Initialize a restart context
+ * \brief           Initialize a restart context.
+ *
+ * \param ctx       The restart context to initialize.
+ *                  This must not be \c NULL.
  */
 void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
 
 /**
- * \brief           Free the components of a restart context
+ * \brief           Free the components of a restart context.
+ *
+ * \param ctx       The restart context to free. This may be \c NULL,
+ *                  in which case this function does nothing. If it
+ *                  is not \c NULL, it must be initialized.
  */
 void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
 #endif /* MBEDTLS_ECP_RESTARTABLE */
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 59d12f0..3d8d02a 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -40,6 +40,11 @@
  * The payloads are serialized in a way suitable for use in TLS, but could
  * also be use outside TLS.
  */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
 
 #include "ecp.h"
 #include "md.h"
@@ -92,28 +97,33 @@
 #endif /* MBEDTLS_ECJPAKE_ALT */
 
 /**
- * \brief           Initialize a context
- *                  (just makes it ready for setup() or free()).
+ * \brief           Initialize an ECJPAKE context.
  *
- * \param ctx       context to initialize
+ * \param ctx       The ECJPAKE context to initialize.
+ *                  This must not be \c NULL.
  */
 void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
 
 /**
- * \brief           Set up a context for use
+ * \brief           Set up an ECJPAKE context for use.
  *
  * \note            Currently the only values for hash/curve allowed by the
- *                  standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1.
+ *                  standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
  *
- * \param ctx       context to set up
- * \param role      Our role: client or server
- * \param hash      hash function to use (MBEDTLS_MD_XXX)
- * \param curve     elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
- * \param secret    pre-shared secret (passphrase)
- * \param len       length of the shared secret
+ * \param ctx       The ECJPAKE context to set up. This must be initialized.
+ * \param role      The role of the caller. This must be either
+ *                  #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
+ * \param hash      The identifier of the hash function to use,
+ *                  for example #MBEDTLS_MD_SHA256.
+ * \param curve     The identifier of the elliptic curve to use,
+ *                  for example #MBEDTLS_ECP_DP_SECP256R1.
+ * \param secret    The pre-shared secret (passphrase). This must be
+ *                  a readable buffer of length \p len Bytes. It need
+ *                  only be valid for the duration of this call.
+ * \param len       The length of the pre-shared secret \p secret.
  *
- * \return          0 if successfull,
- *                  a negative error code otherwise
+ * \return          \c 0 if successful.
+ * \return          A negative error code on failure.
  */
 int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
                            mbedtls_ecjpake_role role,
@@ -123,29 +133,34 @@
                            size_t len );
 
 /**
- * \brief           Check if a context is ready for use
+ * \brief           Check if an ECJPAKE context is ready for use.
  *
- * \param ctx       Context to check
+ * \param ctx       The ECJPAKE context to check. This must be
+ *                  initialized.
  *
- * \return          0 if the context is ready for use,
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
+ * \return          \c 0 if the context is ready for use.
+ * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
  */
 int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
 
 /**
  * \brief           Generate and write the first round message
  *                  (TLS: contents of the Client/ServerHello extension,
- *                  excluding extension type and length bytes)
+ *                  excluding extension type and length bytes).
  *
- * \param ctx       Context to use
- * \param buf       Buffer to write the contents to
- * \param len       Buffer size
- * \param olen      Will be updated with the number of bytes written
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
+ * \param ctx       The ECJPAKE context to use. This must be
+ *                  initialized and set up.
+ * \param buf       The buffer to write the contents to. This must be a
+ *                  writable buffer of length \p len Bytes.
+ * \param len       The length of \p buf in Bytes.
+ * \param olen      The address at which to store the total number
+ *                  of Bytes written to \p buf. This must not be \c NULL.
+ * \param f_rng     The RNG function to use. This must not be \c NULL.
+ * \param p_rng     The RNG parameter to be passed to \p f_rng. This
+ *                  may be \c NULL if \p f_rng doesn't use a context.
  *
- * \return          0 if successfull,
- *                  a negative error code otherwise
+ * \return          \c 0 if successful.
+ * \return          A negative error code on failure.
  */
 int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
                             unsigned char *buf, size_t len, size_t *olen,
@@ -155,14 +170,16 @@
 /**
  * \brief           Read and process the first round message
  *                  (TLS: contents of the Client/ServerHello extension,
- *                  excluding extension type and length bytes)
+ *                  excluding extension type and length bytes).
  *
- * \param ctx       Context to use
- * \param buf       Pointer to extension contents
- * \param len       Extension length
+ * \param ctx       The ECJPAKE context to use. This must be initialized
+ *                  and set up.
+ * \param buf       The buffer holding the first round message. This must
+ *                  be a readable buffer of length \p len Bytes.
+ * \param len       The length in Bytes of \p buf.
  *
- * \return          0 if successfull,
- *                  a negative error code otherwise
+ * \return          \c 0 if successful.
+ * \return          A negative error code on failure.
  */
 int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
                                     const unsigned char *buf,
@@ -170,17 +187,21 @@
 
 /**
  * \brief           Generate and write the second round message
- *                  (TLS: contents of the Client/ServerKeyExchange)
+ *                  (TLS: contents of the Client/ServerKeyExchange).
  *
- * \param ctx       Context to use
- * \param buf       Buffer to write the contents to
- * \param len       Buffer size
- * \param olen      Will be updated with the number of bytes written
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
+ * \param ctx       The ECJPAKE context to use. This must be initialized,
+ *                  set up, and already have performed round one.
+ * \param buf       The buffer to write the round two contents to.
+ *                  This must be a writable buffer of length \p len Bytes.
+ * \param len       The size of \p buf in Bytes.
+ * \param olen      The address at which to store the total number of Bytes
+ *                  written to \p buf. This must not be \c NULL.
+ * \param f_rng     The RNG function to use. This must not be \c NULL.
+ * \param p_rng     The RNG parameter to be passed to \p f_rng. This
+ *                  may be \c NULL if \p f_rng doesn't use a context.
  *
- * \return          0 if successfull,
- *                  a negative error code otherwise
+ * \return          \c 0 if successful.
+ * \return          A negative error code on failure.
  */
 int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
                             unsigned char *buf, size_t len, size_t *olen,
@@ -189,14 +210,16 @@
 
 /**
  * \brief           Read and process the second round message
- *                  (TLS: contents of the Client/ServerKeyExchange)
+ *                  (TLS: contents of the Client/ServerKeyExchange).
  *
- * \param ctx       Context to use
- * \param buf       Pointer to the message
- * \param len       Message length
+ * \param ctx       The ECJPAKE context to use. This must be initialized
+ *                  and set up and already have performed round one.
+ * \param buf       The buffer holding the second round message. This must
+ *                  be a readable buffer of length \p len Bytes.
+ * \param len       The length in Bytes of \p buf.
  *
- * \return          0 if successfull,
- *                  a negative error code otherwise
+ * \return          \c 0 if successful.
+ * \return          A negative error code on failure.
  */
 int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
                                     const unsigned char *buf,
@@ -204,17 +227,21 @@
 
 /**
  * \brief           Derive the shared secret
- *                  (TLS: Pre-Master Secret)
+ *                  (TLS: Pre-Master Secret).
  *
- * \param ctx       Context to use
- * \param buf       Buffer to write the contents to
- * \param len       Buffer size
- * \param olen      Will be updated with the number of bytes written
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
+ * \param ctx       The ECJPAKE context to use. This must be initialized,
+ *                  set up and have performed both round one and two.
+ * \param buf       The buffer to write the derived secret to. This must
+ *                  be a writable buffer of length \p len Bytes.
+ * \param len       The length of \p buf in Bytes.
+ * \param olen      The address at which to store the total number of Bytes
+ *                  written to \p buf. This must not be \c NULL.
+ * \param f_rng     The RNG function to use. This must not be \c NULL.
+ * \param p_rng     The RNG parameter to be passed to \p f_rng. This
+ *                  may be \c NULL if \p f_rng doesn't use a context.
  *
- * \return          0 if successfull,
- *                  a negative error code otherwise
+ * \return          \c 0 if successful.
+ * \return          A negative error code on failure.
  */
 int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
                             unsigned char *buf, size_t len, size_t *olen,
@@ -222,14 +249,15 @@
                             void *p_rng );
 
 /**
- * \brief           Free a context's content
+ * \brief           This clears an ECJPAKE context and frees any
+ *                  embedded data structure.
  *
- * \param ctx       context to free
+ * \param ctx       The ECJPAKE context to free. This may be \c NULL,
+ *                  in which case this function does nothing. If it is not
+ *                  \c NULL, it must point to an initialized ECJPAKE context.
  */
 void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
 
-
-
 #if defined(MBEDTLS_SELF_TEST)
 
 /**
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 2fb1af4..1a6ec13 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -36,6 +36,12 @@
 #ifndef MBEDTLS_ECP_H
 #define MBEDTLS_ECP_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "bignum.h"
 
 /*
@@ -93,6 +99,16 @@
  */
 #define MBEDTLS_ECP_DP_MAX     12
 
+/*
+ * Curve types
+ */
+typedef enum
+{
+    MBEDTLS_ECP_TYPE_NONE = 0,
+    MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS,    /* y^2 = x^3 + a x + b      */
+    MBEDTLS_ECP_TYPE_MONTGOMERY,           /* y^2 = x^3 + a x^2 + x    */
+} mbedtls_ecp_curve_type;
+
 /**
  * Curve information, for use by other modules.
  */
@@ -159,6 +175,10 @@
  * additions or subtractions. Therefore, it is only an approximative modular
  * reduction. It must return 0 on success and non-zero on failure.
  *
+ * \note        Alternative implementations must keep the group IDs distinct. If
+ *              two group structures have the same ID, then they must be
+ *              identical.
+ *
  */
 typedef struct mbedtls_ecp_group
 {
@@ -185,6 +205,68 @@
 }
 mbedtls_ecp_group;
 
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h, or define them using the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ECP_MAX_BITS)
+/**
+ * The maximum size of the groups, that is, of \c N and \c P.
+ */
+#define MBEDTLS_ECP_MAX_BITS     521   /**< The maximum size of groups, in bits. */
+#endif
+
+#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+
+#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
+/*
+ * Maximum "window" size used for point multiplication.
+ * Default: 6.
+ * Minimum value: 2. Maximum value: 7.
+ *
+ * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+ * points used for point multiplication. This value is directly tied to EC
+ * peak memory usage, so decreasing it by one should roughly cut memory usage
+ * by two (if large curves are in use).
+ *
+ * Reduction in size may reduce speed, but larger curves are impacted first.
+ * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
+ *      w-size:     6       5       4       3       2
+ *      521       145     141     135     120      97
+ *      384       214     209     198     177     146
+ *      256       320     320     303     262     226
+ *      224       475     475     453     398     342
+ *      192       640     640     633     587     476
+ */
+#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< The maximum window size used. */
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+/*
+ * Trade memory for speed on fixed-point multiplication.
+ *
+ * This speeds up repeated multiplication of the generator (that is, the
+ * multiplication in ECDSA signatures, and half of the multiplications in
+ * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
+ *
+ * The cost is increasing EC peak memory usage by a factor roughly 2.
+ *
+ * Change this value to 0 to reduce peak memory usage.
+ */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+/* \} name SECTION: Module settings */
+
+#else  /* MBEDTLS_ECP_ALT */
+#include "ecp_alt.h"
+#endif /* MBEDTLS_ECP_ALT */
+
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 
 /**
@@ -250,68 +332,6 @@
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
 /**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h, or define them using the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ECP_MAX_BITS)
-/**
- * The maximum size of the groups, that is, of \c N and \c P.
- */
-#define MBEDTLS_ECP_MAX_BITS     521   /**< The maximum size of groups, in bits. */
-#endif
-
-#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
-
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
-/*
- * Maximum "window" size used for point multiplication.
- * Default: 6.
- * Minimum value: 2. Maximum value: 7.
- *
- * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication. This value is directly tied to EC
- * peak memory usage, so decreasing it by one should roughly cut memory usage
- * by two (if large curves are in use).
- *
- * Reduction in size may reduce speed, but larger curves are impacted first.
- * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
- *      w-size:     6       5       4       3       2
- *      521       145     141     135     120      97
- *      384       214     209     198     177     146
- *      256       320     320     303     262     226
- *      224       475     475     453     398     342
- *      192       640     640     633     587     476
- */
-#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< The maximum window size used. */
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
-/*
- * Trade memory for speed on fixed-point multiplication.
- *
- * This speeds up repeated multiplication of the generator (that is, the
- * multiplication in ECDSA signatures, and half of the multiplications in
- * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
- *
- * The cost is increasing EC peak memory usage by a factor roughly 2.
- *
- * Change this value to 0 to reduce peak memory usage.
- */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
-
-/* \} name SECTION: Module settings */
-
-#else  /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
-#endif /* MBEDTLS_ECP_ALT */
-
-/**
  * \brief    The ECP key-pair structure.
  *
  * A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
@@ -355,19 +375,19 @@
  *                  same; they must not be used until the function finally
  *                  returns 0.
  *
- *                  This only applies to functions whose documentation
- *                  mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
- *                  #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
- *                  SSL module). For functions that accept a "restart context"
- *                  argument, passing NULL disables restart and makes the
- *                  function equivalent to the function with the same name
+ *                  This only applies to functions whose documentation mentions
+ *                  they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
+ *                  `MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS` for functions in the
+ *                  Mbed TLS SSL module). For functions that accept a "restart
+ *                  context" argument, passing NULL disables restart and makes
+ *                  the function equivalent to the function with the same name
  *                  with \c _restartable removed. For functions in the ECDH
- *                  module, restart is disabled unless the function accepts
- *                  an "ECDH context" argument and
- *                  mbedtls_ecdh_enable_restart() was previously called on
- *                  that context. For function in the SSL module, restart is
- *                  only enabled for specific sides and key exchanges
- *                  (currently only for clients and ECDHE-ECDSA).
+ *                  module, restart is disabled unless the function accepts an
+ *                  "ECDH context" argument and mbedtls_ecdh_enable_restart()
+ *                  was previously called on that context. For function in the
+ *                  Mbed TLS SSL module, restart is only enabled for specific
+ *                  sides and key exchanges (currently only for clients and
+ *                  ECDHE-ECDSA).
  *
  * \param max_ops   Maximum number of basic operations done in a row.
  *                  Default: 0 (unlimited).
@@ -407,6 +427,11 @@
 int mbedtls_ecp_restart_is_enabled( void );
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
+/*
+ * Get the type of a curve
+ */
+mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
+
 /**
  * \brief           This function retrieves the information defined in
  *                  mbedtls_ecp_curve_info() for all supported curves in order
@@ -472,7 +497,7 @@
  *
  * \note            After this function is called, domain parameters
  *                  for various ECP groups can be loaded through the
- *                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()
+ *                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
  *                  functions.
  */
 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
@@ -493,24 +518,37 @@
 
 /**
  * \brief           This function frees the components of an ECP group.
- * \param grp       The group to free.
+ *
+ * \param grp       The group to free. This may be \c NULL, in which
+ *                  case this function returns immediately. If it is not
+ *                  \c NULL, it must point to an initialized ECP group.
  */
 void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
 
 /**
  * \brief           This function frees the components of a key pair.
- * \param key       The key pair to free.
+ *
+ * \param key       The key pair to free. This may be \c NULL, in which
+ *                  case this function returns immediately. If it is not
+ *                  \c NULL, it must point to an initialized ECP key pair.
  */
 void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /**
- * \brief           Initialize a restart context
+ * \brief           Initialize a restart context.
+ *
+ * \param ctx       The restart context to initialize. This must
+ *                  not be \c NULL.
  */
 void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
 
 /**
- * \brief           Free the components of a restart context
+ * \brief           Free the components of a restart context.
+ *
+ * \param ctx       The restart context to free. This may be \c NULL, in which
+ *                  case this function returns immediately. If it is not
+ *                  \c NULL, it must point to an initialized restart context.
  */
 void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
 #endif /* MBEDTLS_ECP_RESTARTABLE */
@@ -519,11 +557,12 @@
  * \brief           This function copies the contents of point \p Q into
  *                  point \p P.
  *
- * \param P         The destination point.
- * \param Q         The source point.
+ * \param P         The destination point. This must be initialized.
+ * \param Q         The source point. This must be initialized.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return          Another negative error code for other kinds of failure.
  */
 int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
 
@@ -531,31 +570,35 @@
  * \brief           This function copies the contents of group \p src into
  *                  group \p dst.
  *
- * \param dst       The destination group.
- * \param src       The source group.
+ * \param dst       The destination group. This must be initialized.
+ * \param src       The source group. This must be initialized.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
+                            const mbedtls_ecp_group *src );
 
 /**
- * \brief           This function sets a point to zero.
+ * \brief           This function sets a point to the point at infinity.
  *
- * \param pt        The point to set.
+ * \param pt        The point to set. This must be initialized.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
 
 /**
- * \brief           This function checks if a point is zero.
+ * \brief           This function checks if a point is the point at infinity.
  *
- * \param pt        The point to test.
+ * \param pt        The point to test. This must be initialized.
  *
  * \return          \c 1 if the point is zero.
  * \return          \c 0 if the point is non-zero.
+ * \return          A negative error code on failure.
  */
 int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
 
@@ -565,8 +608,8 @@
  * \note            This assumes that the points are normalized. Otherwise,
  *                  they may compare as "not equal" even if they are.
  *
- * \param P         The first point to compare.
- * \param Q         The second point to compare.
+ * \param P         The first point to compare. This must be initialized.
+ * \param Q         The second point to compare. This must be initialized.
  *
  * \return          \c 0 if the points are equal.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
@@ -578,7 +621,7 @@
  * \brief           This function imports a non-zero point from two ASCII
  *                  strings.
  *
- * \param P         The destination point.
+ * \param P         The destination point. This must be initialized.
  * \param radix     The numeric base of the input.
  * \param x         The first affine coordinate, as a null-terminated string.
  * \param y         The second affine coordinate, as a null-terminated string.
@@ -593,19 +636,31 @@
  * \brief           This function exports a point into unsigned binary data.
  *
  * \param grp       The group to which the point should belong.
- * \param P         The point to export.
- * \param format    The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro.
- * \param olen      The length of the output.
- * \param buf       The output buffer.
- * \param buflen    The length of the output buffer.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param P         The point to export. This must be initialized.
+ * \param format    The point format. This must be either
+ *                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+ *                  (For groups without these formats, this parameter is
+ *                  ignored. But it still has to be either of the above
+ *                  values.)
+ * \param olen      The address at which to store the length of
+ *                  the output in Bytes. This must not be \c NULL.
+ * \param buf       The output buffer. This must be a writable buffer
+ *                  of length \p buflen Bytes.
+ * \param buflen    The length of the output buffer \p buf in Bytes.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA
- *                  or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
+ * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+ *                  is too small to hold the point.
+ * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ *                  or the export for the given group is not implemented.
+ * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
-                            int format, size_t *olen,
-                            unsigned char *buf, size_t buflen );
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
+                                    const mbedtls_ecp_point *P,
+                                    int format, size_t *olen,
+                                    unsigned char *buf, size_t buflen );
 
 /**
  * \brief           This function imports a point from unsigned binary data.
@@ -615,108 +670,158 @@
  *                  for that.
  *
  * \param grp       The group to which the point should belong.
- * \param P         The point to import.
- * \param buf       The input buffer.
- * \param ilen      The length of the input.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param P         The destination context to import the point to.
+ *                  This must be initialized.
+ * \param buf       The input buffer. This must be a readable buffer
+ *                  of length \p ilen Bytes.
+ * \param ilen      The length of the input buffer \p buf in Bytes.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+ * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- *                  is not implemented.
- *
+ * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
+ *                  given group is not implemented.
  */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
-                           const unsigned char *buf, size_t ilen );
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
+                                   mbedtls_ecp_point *P,
+                                   const unsigned char *buf, size_t ilen );
 
 /**
  * \brief           This function imports a point from a TLS ECPoint record.
  *
- * \note            On function return, \p buf is updated to point to immediately
+ * \note            On function return, \p *buf is updated to point immediately
  *                  after the ECPoint record.
  *
- * \param grp       The ECP group used.
+ * \param grp       The ECP group to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
  * \param pt        The destination point.
  * \param buf       The address of the pointer to the start of the input buffer.
  * \param len       The length of the buffer.
  *
  * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
+ * \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization
+ *                  failure.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
  */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                        const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
+                                mbedtls_ecp_point *pt,
+                                const unsigned char **buf, size_t len );
 
 /**
- * \brief           This function exports a point as a TLS ECPoint record.
+ * \brief           This function exports a point as a TLS ECPoint record
+ *                  defined in RFC 4492, Section 5.4.
  *
- * \param grp       The ECP group used.
- * \param pt        The point format to export to. The point format is an
- *                  \c MBEDTLS_ECP_PF_XXX constant.
- * \param format    The export format.
- * \param olen      The length of the data written.
- * \param buf       The buffer to write to.
- * \param blen      The length of the buffer.
+ * \param grp       The ECP group to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param pt        The point to be exported. This must be initialized.
+ * \param format    The point format to use. This must be either
+ *                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+ * \param olen      The address at which to store the length in Bytes
+ *                  of the data written.
+ * \param buf       The target buffer. This must be a writable buffer of
+ *                  length \p blen Bytes.
+ * \param blen      The length of the target buffer \p buf in Bytes.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or
- *                  #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
+ * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+ * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
+ *                  is too small to hold the exported point.
+ * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
-                         int format, size_t *olen,
-                         unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
+                                 const mbedtls_ecp_point *pt,
+                                 int format, size_t *olen,
+                                 unsigned char *buf, size_t blen );
 
 /**
- * \brief           This function sets a group using standardized domain parameters.
+ * \brief           This function sets up an ECP group context
+ *                  from a standardized set of domain parameters.
  *
  * \note            The index should be a value of the NamedCurve enum,
  *                  as defined in <em>RFC-4492: Elliptic Curve Cryptography
  *                  (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
  *                  usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
  *
- * \param grp       The destination group.
+ * \param grp       The group context to setup. This must be initialized.
  * \param id        The identifier of the domain parameter set to load.
  *
- * \return          \c 0 on success,
- * \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups.
-
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
+ *                  correspond to a known group.
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
 
 /**
- * \brief           This function sets a group from a TLS ECParameters record.
+ * \brief           This function sets up an ECP group context from a TLS
+ *                  ECParameters record as defined in RFC 4492, Section 5.4.
  *
- * \note            \p buf is updated to point right after the ECParameters record
- *                  on exit.
+ * \note            The read pointer \p buf is updated to point right after
+ *                  the ECParameters record on exit.
  *
- * \param grp       The destination group.
+ * \param grp       The group context to setup. This must be initialized.
  * \param buf       The address of the pointer to the start of the input buffer.
- * \param len       The length of the buffer.
+ * \param len       The length of the input buffer \c *buf in Bytes.
  *
  * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+ * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+ *                  recognized.
+ * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
+                                const unsigned char **buf, size_t len );
 
 /**
- * \brief           This function writes the TLS ECParameters record for a group.
+ * \brief           This function extracts an elliptic curve group ID from a
+ *                  TLS ECParameters record as defined in RFC 4492, Section 5.4.
  *
- * \param grp       The ECP group used.
- * \param olen      The number of Bytes written.
- * \param buf       The buffer to write to.
- * \param blen      The length of the buffer.
+ * \note            The read pointer \p buf is updated to point right after
+ *                  the ECParameters record on exit.
+ *
+ * \param grp       The address at which to store the group id.
+ *                  This must not be \c NULL.
+ * \param buf       The address of the pointer to the start of the input buffer.
+ * \param len       The length of the input buffer \c *buf in Bytes.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
+ * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+ * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+ *                  recognized.
+ * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
-                         unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
+                                   const unsigned char **buf,
+                                   size_t len );
+/**
+ * \brief           This function exports an elliptic curve as a TLS
+ *                  ECParameters record as defined in RFC 4492, Section 5.4.
+ *
+ * \param grp       The ECP group to be exported.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param olen      The address at which to store the number of Bytes written.
+ *                  This must not be \c NULL.
+ * \param buf       The buffer to write to. This must be a writable buffer
+ *                  of length \p blen Bytes.
+ * \param blen      The length of the output buffer \p buf in Bytes.
+ *
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
+ *                  buffer is too small to hold the exported group.
+ * \return          Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
+                                 size_t *olen,
+                                 unsigned char *buf, size_t blen );
 
 /**
- * \brief           This function performs multiplication of a point by
- *                  an integer: \p R = \p m * \p P.
+ * \brief           This function performs a scalar multiplication of a point
+ *                  by an integer: \p R = \p m * \p P.
  *
  *                  It is not thread-safe to use same group in multiple threads.
  *
@@ -730,17 +835,22 @@
  *                  targeting these results. We recommend always providing
  *                  a non-NULL \p f_rng. The overhead is negligible.
  *
- * \param grp       The ECP group.
- * \param R         The destination point.
- * \param m         The integer by which to multiply.
- * \param P         The point to multiply.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ * \param grp       The ECP group to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param R         The point in which to store the result of the calculation.
+ *                  This must be initialized.
+ * \param m         The integer by which to multiply. This must be initialized.
+ * \param P         The point to multiply. This must be initialized.
+ * \param f_rng     The RNG function. This may be \c NULL if randomization
+ *                  of intermediate results isn't desired (discouraged).
+ * \param p_rng     The RNG context to be passed to \p p_rng.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
  *                  key, or \p P is not a valid public key.
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
              const mbedtls_mpi *m, const mbedtls_ecp_point *P,
@@ -756,12 +866,16 @@
  *                  it can return early and restart according to the limit set
  *                  with \c mbedtls_ecp_set_max_ops() to reduce blocking.
  *
- * \param grp       The ECP group.
- * \param R         The destination point.
- * \param m         The integer by which to multiply.
- * \param P         The point to multiply.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ * \param grp       The ECP group to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param R         The point in which to store the result of the calculation.
+ *                  This must be initialized.
+ * \param m         The integer by which to multiply. This must be initialized.
+ * \param P         The point to multiply. This must be initialized.
+ * \param f_rng     The RNG function. This may be \c NULL if randomization
+ *                  of intermediate results isn't desired (discouraged).
+ * \param p_rng     The RNG context to be passed to \p p_rng.
  * \param rs_ctx    The restart context (NULL disables restart).
  *
  * \return          \c 0 on success.
@@ -770,6 +884,7 @@
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
              const mbedtls_mpi *m, const mbedtls_ecp_point *P,
@@ -785,18 +900,25 @@
  * \note            In contrast to mbedtls_ecp_mul(), this function does not
  *                  guarantee a constant execution flow and timing.
  *
- * \param grp       The ECP group.
- * \param R         The destination point.
+ * \param grp       The ECP group to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param R         The point in which to store the result of the calculation.
+ *                  This must be initialized.
  * \param m         The integer by which to multiply \p P.
- * \param P         The point to multiply by \p m.
+ *                  This must be initialized.
+ * \param P         The point to multiply by \p m. This must be initialized.
  * \param n         The integer by which to multiply \p Q.
+ *                  This must be initialized.
  * \param Q         The point to be multiplied by \p n.
+ *                  This must be initialized.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
  *                  valid private keys, or \p P or \p Q are not valid public
  *                  keys.
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
              const mbedtls_mpi *m, const mbedtls_ecp_point *P,
@@ -813,12 +935,18 @@
  *                  but it can return early and restart according to the limit
  *                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
  *
- * \param grp       The ECP group.
- * \param R         The destination point.
+ * \param grp       The ECP group to use.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param R         The point in which to store the result of the calculation.
+ *                  This must be initialized.
  * \param m         The integer by which to multiply \p P.
- * \param P         The point to multiply by \p m.
+ *                  This must be initialized.
+ * \param P         The point to multiply by \p m. This must be initialized.
  * \param n         The integer by which to multiply \p Q.
+ *                  This must be initialized.
  * \param Q         The point to be multiplied by \p n.
+ *                  This must be initialized.
  * \param rs_ctx    The restart context (NULL disables restart).
  *
  * \return          \c 0 on success.
@@ -828,6 +956,7 @@
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return          Another negative error code on other kinds of failure.
  */
 int mbedtls_ecp_muladd_restartable(
              mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
@@ -852,38 +981,51 @@
  *                  structures, such as ::mbedtls_ecdh_context or
  *                  ::mbedtls_ecdsa_context.
  *
- * \param grp       The curve the point should lie on.
- * \param pt        The point to check.
+ * \param grp       The ECP group the point should belong to.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param pt        The point to check. This must be initialized.
  *
  * \return          \c 0 if the point is a valid public key.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
+ * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
+ *                  a valid public key for the given curve.
+ * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
+                              const mbedtls_ecp_point *pt );
 
 /**
- * \brief           This function checks that an \p mbedtls_mpi is a valid private
- *                  key for this curve.
+ * \brief           This function checks that an \p mbedtls_mpi is a
+ *                  valid private key for this curve.
  *
  * \note            This function uses bare components rather than an
  *                  ::mbedtls_ecp_keypair structure to ease use with other
  *                  structures, such as ::mbedtls_ecdh_context or
  *                  ::mbedtls_ecdsa_context.
  *
- * \param grp       The group used.
- * \param d         The integer to check.
+ * \param grp       The ECP group the private key should belong to.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param d         The integer to check. This must be initialized.
  *
  * \return          \c 0 if the point is a valid private key.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
+ * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
+ *                  private key for the given curve.
+ * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
+                               const mbedtls_mpi *d );
 
 /**
  * \brief           This function generates a private key.
  *
- * \param grp       The ECP group.
- * \param d         The destination MPI (secret part).
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
+ * \param grp       The ECP group to generate a private key for.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param d         The destination MPI (secret part). This must be initialized.
+ * \param f_rng     The RNG function. This must not be \c NULL.
+ * \param p_rng     The RNG parameter to be passed to \p f_rng. This may be
+ *                  \c NULL if \p f_rng doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
@@ -903,22 +1045,29 @@
  *                  structures, such as ::mbedtls_ecdh_context or
  *                  ::mbedtls_ecdsa_context.
  *
- * \param grp       The ECP group.
- * \param G         The chosen base point.
+ * \param grp       The ECP group to generate a key pair for.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
+ * \param G         The base point to use. This must be initialized
+ *                  and belong to \p grp. It replaces the default base
+ *                  point \c grp->G used by mbedtls_ecp_gen_keypair().
  * \param d         The destination MPI (secret part).
+ *                  This must be initialized.
  * \param Q         The destination point (public part).
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ *                  This must be initialized.
+ * \param f_rng     The RNG function. This must not be \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may
+ *                  be \c NULL if \p f_rng doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
  *                  on failure.
  */
 int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                     const mbedtls_ecp_point *G,
-                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+                                  const mbedtls_ecp_point *G,
+                                  mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                                  int (*f_rng)(void *, unsigned char *, size_t),
+                                  void *p_rng );
 
 /**
  * \brief           This function generates an ECP keypair.
@@ -928,51 +1077,82 @@
  *                  structures, such as ::mbedtls_ecdh_context or
  *                  ::mbedtls_ecdsa_context.
  *
- * \param grp       The ECP group.
+ * \param grp       The ECP group to generate a key pair for.
+ *                  This must be initialized and have group parameters
+ *                  set, for example through mbedtls_ecp_group_load().
  * \param d         The destination MPI (secret part).
+ *                  This must be initialized.
  * \param Q         The destination point (public part).
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ *                  This must be initialized.
+ * \param f_rng     The RNG function. This must not be \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may
+ *                  be \c NULL if \p f_rng doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
  *                  on failure.
  */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
+                             mbedtls_ecp_point *Q,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng );
 
 /**
  * \brief           This function generates an ECP key.
  *
  * \param grp_id    The ECP group identifier.
- * \param key       The destination key.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context.
+ * \param key       The destination key. This must be initialized.
+ * \param f_rng     The RNG function to use. This must not be \c NULL.
+ * \param p_rng     The RNG context to be passed to \p f_rng. This may
+ *                  be \c NULL if \p f_rng doesn't need a context argument.
  *
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
  *                  on failure.
  */
 int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
 
 /**
+ * \brief           This function reads an elliptic curve private key.
+ *
+ * \param grp_id    The ECP group identifier.
+ * \param key       The destination key.
+ * \param buf       The the buffer containing the binary representation of the
+ *                  key. (Big endian integer for Weierstrass curves, byte
+ *                  string for Montgomery curves.)
+ * \param buflen    The length of the buffer in bytes.
+ *
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
+ *                  invalid.
+ * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+ *                  the group is not implemented.
+ * \return          Another negative error code on different kinds of failure.
+ */
+int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                          const unsigned char *buf, size_t buflen );
+/**
  * \brief           This function checks that the keypair objects
  *                  \p pub and \p prv have the same group and the
  *                  same public point, and that the private key in
  *                  \p prv is consistent with the public key.
  *
- * \param pub       The keypair structure holding the public key.
- *                  If it contains a private key, that part is ignored.
+ * \param pub       The keypair structure holding the public key. This
+ *                  must be initialized. If it contains a private key, that
+ *                  part is ignored.
  * \param prv       The keypair structure holding the full keypair.
+ *                  This must be initialized.
  *
  * \return          \c 0 on success, meaning that the keys are valid and match.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
  * \return          An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
  *                  error code on calculation failure.
  */
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub,
+                                const mbedtls_ecp_keypair *prv );
 
 #if defined(MBEDTLS_SELF_TEST)
 
diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h
index 1804069..7625ed4 100644
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@@ -61,6 +61,12 @@
 #ifndef MBEDTLS_ECP_INTERNAL_H
 #define MBEDTLS_ECP_INTERNAL_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
 
 /**
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 0c38889..bee0fe4 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_ERROR_H
 #define MBEDTLS_ERROR_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include <stddef.h>
 
 /**
@@ -74,9 +80,9 @@
  * MD4       1                  0x002D-0x002D
  * MD5       1                  0x002F-0x002F
  * RIPEMD160 1                  0x0031-0x0031
- * SHA1      1                  0x0035-0x0035
- * SHA256    1                  0x0037-0x0037
- * SHA512    1                  0x0039-0x0039
+ * SHA1      1                  0x0035-0x0035 0x0073-0x0073
+ * SHA256    1                  0x0037-0x0037 0x0074-0x0074
+ * SHA512    1                  0x0039-0x0039 0x0075-0x0075
  * CHACHA20  3                  0x0051-0x0055
  * POLY1305  3                  0x0057-0x005B
  * CHACHAPOLY 2 0x0054-0x0056
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 93d15ee..fd130ab 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -33,6 +33,12 @@
 #ifndef MBEDTLS_GCM_H
 #define MBEDTLS_GCM_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "cipher.h"
 
 #include <stdint.h>
@@ -85,7 +91,7 @@
  *                  cipher, nor set the key. For this purpose, use
  *                  mbedtls_gcm_setkey().
  *
- * \param ctx       The GCM context to initialize.
+ * \param ctx       The GCM context to initialize. This must not be \c NULL.
  */
 void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
 
@@ -93,9 +99,10 @@
  * \brief           This function associates a GCM context with a
  *                  cipher algorithm and a key.
  *
- * \param ctx       The GCM context to initialize.
+ * \param ctx       The GCM context. This must be initialized.
  * \param cipher    The 128-bit block cipher to use.
- * \param key       The encryption key.
+ * \param key       The encryption key. This must be a readable buffer of at
+ *                  least \p keybits bits.
  * \param keybits   The key size in bits. Valid options are:
  *                  <ul><li>128 bits</li>
  *                  <li>192 bits</li>
@@ -122,7 +129,8 @@
  *                  authentic. You should use this function to perform encryption
  *                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
  *
- * \param ctx       The GCM context to use for encryption or decryption.
+ * \param ctx       The GCM context to use for encryption or decryption. This
+ *                  must be initialized.
  * \param mode      The operation to perform:
  *                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
  *                    The ciphertext is written to \p output and the
@@ -136,21 +144,27 @@
  *                    calling this function in decryption mode.
  * \param length    The length of the input data, which is equal to the length
  *                  of the output data.
- * \param iv        The initialization vector.
+ * \param iv        The initialization vector. This must be a readable buffer of
+ *                  at least \p iv_len Bytes.
  * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data.
+ * \param add       The buffer holding the additional data. This must be of at
+ *                  least that size in Bytes.
  * \param add_len   The length of the additional data.
- * \param input     The buffer holding the input data. Its size is \b length.
- * \param output    The buffer for holding the output data. It must have room
- *                  for \b length bytes.
+ * \param input     The buffer holding the input data. If \p length is greater
+ *                  than zero, this must be a readable buffer of at least that
+ *                  size in Bytes.
+ * \param output    The buffer for holding the output data. If \p length is greater
+ *                  than zero, this must be a writable buffer of at least that
+ *                  size in Bytes.
  * \param tag_len   The length of the tag to generate.
- * \param tag       The buffer for holding the tag.
+ * \param tag       The buffer for holding the tag. This must be a readable
+ *                  buffer of at least \p tag_len Bytes.
  *
  * \return          \c 0 if the encryption or decryption was performed
  *                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
  *                  this does not indicate that the data is authentic.
- * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or
- *                  a cipher-specific error code if the encryption
+ * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+ *                  not valid or a cipher-specific error code if the encryption
  *                  or decryption failed.
  */
 int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
@@ -173,23 +187,30 @@
  *                  input buffer. If the buffers overlap, the output buffer
  *                  must trail at least 8 Bytes behind the input buffer.
  *
- * \param ctx       The GCM context.
+ * \param ctx       The GCM context. This must be initialized.
  * \param length    The length of the ciphertext to decrypt, which is also
  *                  the length of the decrypted plaintext.
- * \param iv        The initialization vector.
+ * \param iv        The initialization vector. This must be a readable buffer
+ *                  of at least \p iv_len Bytes.
  * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data.
+ * \param add       The buffer holding the additional data. This must be of at
+ *                  least that size in Bytes.
  * \param add_len   The length of the additional data.
- * \param tag       The buffer holding the tag to verify.
+ * \param tag       The buffer holding the tag to verify. This must be a
+ *                  readable buffer of at least \p tag_len Bytes.
  * \param tag_len   The length of the tag to verify.
- * \param input     The buffer holding the ciphertext. Its size is \b length.
- * \param output    The buffer for holding the decrypted plaintext. It must
- *                  have room for \b length bytes.
+ * \param input     The buffer holding the ciphertext. If \p length is greater
+ *                  than zero, this must be a readable buffer of at least that
+ *                  size.
+ * \param output    The buffer for holding the decrypted plaintext. If \p length
+ *                  is greater than zero, this must be a writable buffer of at
+ *                  least that size.
  *
  * \return          \c 0 if successful and authenticated.
  * \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
- * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or
- *                  a cipher-specific error code if the decryption failed.
+ * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+ *                  not valid or a cipher-specific error code if the decryption
+ *                  failed.
  */
 int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
                       size_t length,
@@ -206,15 +227,16 @@
  * \brief           This function starts a GCM encryption or decryption
  *                  operation.
  *
- * \param ctx       The GCM context.
+ * \param ctx       The GCM context. This must be initialized.
  * \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
  *                  #MBEDTLS_GCM_DECRYPT.
- * \param iv        The initialization vector.
+ * \param iv        The initialization vector. This must be a readable buffer of
+ *                  at least \p iv_len Bytes.
  * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data, or NULL
- *                  if \p add_len is 0.
- * \param add_len   The length of the additional data. If 0,
- *                  \p add is NULL.
+ * \param add       The buffer holding the additional data, or \c NULL
+ *                  if \p add_len is \c 0.
+ * \param add_len   The length of the additional data. If \c 0,
+ *                  \p add may be \c NULL.
  *
  * \return          \c 0 on success.
  */
@@ -237,11 +259,15 @@
  *                  input buffer. If the buffers overlap, the output buffer
  *                  must trail at least 8 Bytes behind the input buffer.
  *
- * \param ctx       The GCM context.
+ * \param ctx       The GCM context. This must be initialized.
  * \param length    The length of the input data. This must be a multiple of
  *                  16 except in the last call before mbedtls_gcm_finish().
- * \param input     The buffer holding the input data.
- * \param output    The buffer for holding the output data.
+ * \param input     The buffer holding the input data. If \p length is greater
+ *                  than zero, this must be a readable buffer of at least that
+ *                  size in Bytes.
+ * \param output    The buffer for holding the output data. If \p length is
+ *                  greater than zero, this must be a writable buffer of at
+ *                  least that size in Bytes.
  *
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
@@ -258,9 +284,11 @@
  *                  It wraps up the GCM stream, and generates the
  *                  tag. The tag can have a maximum length of 16 Bytes.
  *
- * \param ctx       The GCM context.
- * \param tag       The buffer for holding the tag.
- * \param tag_len   The length of the tag to generate. Must be at least four.
+ * \param ctx       The GCM context. This must be initialized.
+ * \param tag       The buffer for holding the tag. This must be a readable
+ *                  buffer of at least \p tag_len Bytes.
+ * \param tag_len   The length of the tag to generate. This must be at least
+ *                  four.
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
@@ -273,10 +301,13 @@
  * \brief           This function clears a GCM context and the underlying
  *                  cipher sub-context.
  *
- * \param ctx       The GCM context to clear.
+ * \param ctx       The GCM context to clear. If this is \c NULL, the call has
+ *                  no effect. Otherwise, this must be initialized.
  */
 void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          The GCM checkup routine.
  *
@@ -285,6 +316,8 @@
  */
 int mbedtls_gcm_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index 57e8c40..4c1c860 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_HAVEGE_H
 #define MBEDTLS_HAVEGE_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include <stddef.h>
 
 #define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index e6ed7cd..40ee64e 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -27,6 +27,12 @@
 #ifndef MBEDTLS_HKDF_H
 #define MBEDTLS_HKDF_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "md.h"
 
 /**
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 3bc675e..f1289cb 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_HMAC_DRBG_H
 #define MBEDTLS_HMAC_DRBG_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "md.h"
 
 #if defined(MBEDTLS_THREADING_C)
@@ -76,7 +82,7 @@
  */
 typedef struct mbedtls_hmac_drbg_context
 {
-    /* Working state: the key K is not stored explicitely,
+    /* Working state: the key K is not stored explicitly,
      * but is implied by the HMAC context */
     mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
     unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
@@ -195,10 +201,13 @@
  * \param additional    Additional data to update state with, or NULL
  * \param add_len       Length of additional data, or 0
  *
+ * \return              \c 0 on success, or an error from the underlying
+ *                      hash calculation.
+ *
  * \note                Additional data is optional, pass NULL and 0 as second
  *                      third argument if no additional data is being used.
  */
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
                        const unsigned char *additional, size_t add_len );
 
 /**
@@ -257,6 +266,31 @@
  */
 void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
 
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief               HMAC_DRBG update state
+ *
+ * \deprecated          Superseded by mbedtls_hmac_drbg_update_ret()
+ *                      in 2.16.0.
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to update state with, or NULL
+ * \param add_len       Length of additional data, or 0
+ *
+ * \note                Additional data is optional, pass NULL and 0 as second
+ *                      third argument if no additional data is being used.
+ */
+MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
+    mbedtls_hmac_drbg_context *ctx,
+    const unsigned char *additional, size_t add_len );
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
 #if defined(MBEDTLS_FS_IO)
 /**
  * \brief               Write a seed file
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index f9bd98f..fe97cf0 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -283,6 +283,8 @@
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -295,6 +297,8 @@
  */
 int mbedtls_md2_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index dc3c048..ce703c0 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -288,6 +288,8 @@
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -300,6 +302,8 @@
  */
 int mbedtls_md4_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 6c3354f..6eed6cc 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -288,6 +288,8 @@
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -300,6 +302,8 @@
  */
 int mbedtls_md5_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
index 6c13b53..8cead58 100644
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@@ -23,6 +23,11 @@
  *
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #include "net_sockets.h"
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 5a0f656..3b67b59 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -37,6 +37,12 @@
 #ifndef MBEDTLS_NIST_KW_H
 #define MBEDTLS_NIST_KW_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "cipher.h"
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 6fbd018..342ef75 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -43,13 +43,31 @@
 #include "md.h"
 #endif
 
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "x509.h"
-#endif
-
 #define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
 #define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
 
+/* This is for the benefit of X.509, but defined here in order to avoid
+ * having a "backwards" include of x.509.h here */
+/*
+ * X.509 extension types (internal, arbitrary values for bitsets)
+ */
+#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
+#define MBEDTLS_OID_X509_EXT_KEY_USAGE                   (1 << 2)
+#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
+#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS             (1 << 4)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)
+#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
+#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)
+#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
+#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
+#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
+#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
+#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
+#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL                (1 << 14)
+#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE                (1 << 16)
+
 /*
  * Top level OID tuples
  */
@@ -150,6 +168,11 @@
 #define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
 
 /*
+ * Certificate policies
+ */
+#define MBEDTLS_OID_ANY_POLICY              MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
+
+/*
  * Netscape certificate extensions
  */
 #define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
@@ -424,7 +447,6 @@
  */
 int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
 
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
 /**
  * \brief          Translate an X.509 extension OID into local values
  *
@@ -434,7 +456,6 @@
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
 int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
-#endif
 
 /**
  * \brief          Translate an X.509 attribute type OID into the short name
@@ -561,6 +582,16 @@
 int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
 
 /**
+ * \brief          Translate certificate policies OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
  * \brief          Translate md_type into hash algorithm OID
  *
  * \param md_alg   message digest algorithm
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 677936e..f05b72b 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -3,6 +3,9 @@
  *
  * \brief VIA PadLock ACE for HW encryption/decryption supported by some
  *        processors
+ *
+ * \warning These functions are only for internal use by other library
+ *          functions; you must not call them directly.
  */
 /*
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@@ -25,6 +28,12 @@
 #ifndef MBEDTLS_PADLOCK_H
 #define MBEDTLS_PADLOCK_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "aes.h"
 
 #define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
@@ -57,7 +66,10 @@
 #endif
 
 /**
- * \brief          PadLock detection routine
+ * \brief          Internal PadLock detection routine
+ *
+ * \note           This function is only for internal use by other library
+ *                 functions; you must not call it directly.
  *
  * \param feature  The feature to detect
  *
@@ -66,7 +78,10 @@
 int mbedtls_padlock_has_support( int feature );
 
 /**
- * \brief          PadLock AES-ECB block en(de)cryption
+ * \brief          Internal PadLock AES-ECB block en(de)cryption
+ *
+ * \note           This function is only for internal use by other library
+ *                 functions; you must not call it directly.
  *
  * \param ctx      AES context
  * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@@ -76,12 +91,15 @@
  * \return         0 if success, 1 if operation failed
  */
 int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
-                       int mode,
-                       const unsigned char input[16],
-                       unsigned char output[16] );
+                               int mode,
+                               const unsigned char input[16],
+                               unsigned char output[16] );
 
 /**
- * \brief          PadLock AES-CBC buffer en(de)cryption
+ * \brief          Internal PadLock AES-CBC buffer en(de)cryption
+ *
+ * \note           This function is only for internal use by other library
+ *                 functions; you must not call it directly.
  *
  * \param ctx      AES context
  * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@@ -93,11 +111,11 @@
  * \return         0 if success, 1 if operation failed
  */
 int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
+                               int mode,
+                               size_t length,
+                               unsigned char iv[16],
+                               const unsigned char *input,
+                               unsigned char *output );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index fa82f7b..a29e9ce 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_PEM_H
 #define MBEDTLS_PEM_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include <stddef.h>
 
 /**
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 862065e..24951a6 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -202,12 +202,18 @@
 const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
 
 /**
- * \brief           Initialize a mbedtls_pk_context (as NONE)
+ * \brief           Initialize a #mbedtls_pk_context (as NONE).
+ *
+ * \param ctx       The context to initialize.
+ *                  This must not be \c NULL.
  */
 void mbedtls_pk_init( mbedtls_pk_context *ctx );
 
 /**
- * \brief           Free a mbedtls_pk_context
+ * \brief           Free the components of a #mbedtls_pk_context.
+ *
+ * \param ctx       The context to clear. It must have been initialized.
+ *                  If this is \c NULL, this function does nothing.
  *
  * \note            For contexts that have been set up with
  *                  mbedtls_pk_setup_opaque(), this does not free the underlying
@@ -219,11 +225,17 @@
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 /**
  * \brief           Initialize a restart context
+ *
+ * \param ctx       The context to initialize.
+ *                  This must not be \c NULL.
  */
 void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
 
 /**
  * \brief           Free the components of a restart context
+ *
+ * \param ctx       The context to clear. It must have been initialized.
+ *                  If this is \c NULL, this function does nothing.
  */
 void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
@@ -232,7 +244,8 @@
  * \brief           Initialize a PK context with the information given
  *                  and allocates the type-specific PK subcontext.
  *
- * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param ctx       Context to initialize. It must not have been set
+ *                  up yet (type #MBEDTLS_PK_NONE).
  * \param info      Information to use
  *
  * \return          0 on success,
@@ -273,14 +286,15 @@
  *                  ECC key pair.
  * \return          #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
  */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_slot_t key );
+int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /**
  * \brief           Initialize an RSA-alt context
  *
- * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param ctx       Context to initialize. It must not have been set
+ *                  up yet (type #MBEDTLS_PK_NONE).
  * \param key       RSA key pointer
  * \param decrypt_func  Decryption function
  * \param sign_func     Signing function
@@ -300,7 +314,7 @@
 /**
  * \brief           Get the size in bits of the underlying key
  *
- * \param ctx       Context to use
+ * \param ctx       The context to query. It must have been initialized.
  *
  * \return          Key size in bits, or 0 on error
  */
@@ -308,7 +322,8 @@
 
 /**
  * \brief           Get the length in bytes of the underlying key
- * \param ctx       Context to use
+ *
+ * \param ctx       The context to query. It must have been initialized.
  *
  * \return          Key length in bytes, or 0 on error
  */
@@ -320,18 +335,21 @@
 /**
  * \brief           Tell if a context can do the operation given by type
  *
- * \param ctx       Context to test
- * \param type      Target type
+ * \param ctx       The context to query. It must have been initialized.
+ * \param type      The desired type.
  *
- * \return          0 if context can't do the operations,
- *                  1 otherwise.
+ * \return          1 if the context can do operations on the given type.
+ * \return          0 if the context cannot do the operations on the given
+ *                  type. This is always the case for a context that has
+ *                  been initialized but not set up, or that has been
+ *                  cleared with mbedtls_pk_free().
  */
 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
 
 /**
  * \brief           Verify signature (including padding if relevant).
  *
- * \param ctx       PK context to use
+ * \param ctx       The PK context to use. It must have been set up.
  * \param md_alg    Hash algorithm used (see notes)
  * \param hash      Hash of the message to sign
  * \param hash_len  Hash length or 0 (see notes)
@@ -364,7 +382,7 @@
  *                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
  *                  operations. For RSA, same as \c mbedtls_pk_verify().
  *
- * \param ctx       PK context to use
+ * \param ctx       The PK context to use. It must have been set up.
  * \param md_alg    Hash algorithm used (see notes)
  * \param hash      Hash of the message to sign
  * \param hash_len  Hash length or 0 (see notes)
@@ -388,7 +406,7 @@
  *
  * \param type      Signature type (inc. possible padding type) to verify
  * \param options   Pointer to type-specific options, or NULL
- * \param ctx       PK context to use
+ * \param ctx       The PK context to use. It must have been set up.
  * \param md_alg    Hash algorithm used (see notes)
  * \param hash      Hash of the message to sign
  * \param hash_len  Hash length or 0 (see notes)
@@ -419,7 +437,8 @@
 /**
  * \brief           Make signature, including padding if relevant.
  *
- * \param ctx       PK context to use - must hold a private key
+ * \param ctx       The PK context to use. It must have been set up
+ *                  with a private key.
  * \param md_alg    Hash algorithm used (see notes)
  * \param hash      Hash of the message to sign
  * \param hash_len  Hash length or 0 (see notes)
@@ -453,7 +472,8 @@
  *                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
  *                  operations. For RSA, same as \c mbedtls_pk_sign().
  *
- * \param ctx       PK context to use - must hold a private key
+ * \param ctx       The PK context to use. It must have been set up
+ *                  with a private key.
  * \param md_alg    Hash algorithm used (see notes)
  * \param hash      Hash of the message to sign
  * \param hash_len  Hash length or 0 (see notes)
@@ -477,7 +497,8 @@
 /**
  * \brief           Decrypt message (including padding if relevant).
  *
- * \param ctx       PK context to use - must hold a private key
+ * \param ctx       The PK context to use. It must have been set up
+ *                  with a private key.
  * \param input     Input to decrypt
  * \param ilen      Input size
  * \param output    Decrypted output
@@ -498,7 +519,7 @@
 /**
  * \brief           Encrypt message (including padding if relevant).
  *
- * \param ctx       PK context to use
+ * \param ctx       The PK context to use. It must have been set up.
  * \param input     Message to encrypt
  * \param ilen      Message size
  * \param output    Encrypted output
@@ -533,7 +554,7 @@
 /**
  * \brief           Export debug information
  *
- * \param ctx       Context to use
+ * \param ctx       The PK context to use. It must have been initialized.
  * \param items     Place to write debug items
  *
  * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
@@ -543,7 +564,7 @@
 /**
  * \brief           Access the type name
  *
- * \param ctx       Context to use
+ * \param ctx       The PK context to use. It must have been initialized.
  *
  * \return          Type name on success, or "invalid PK"
  */
@@ -552,9 +573,10 @@
 /**
  * \brief           Get the key type
  *
- * \param ctx       Context to use
+ * \param ctx       The PK context to use. It must have been initialized.
  *
- * \return          Type on success, or MBEDTLS_PK_NONE
+ * \return          Type on success.
+ * \return          #MBEDTLS_PK_NONE for a context that has not been set up.
  */
 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
 
@@ -563,12 +585,22 @@
 /**
  * \brief           Parse a private key in PEM or DER format
  *
- * \param ctx       key to be initialized
- * \param key       input buffer
- * \param keylen    size of the buffer
- *                  (including the terminating null byte for PEM data)
- * \param pwd       password for decryption (optional)
- * \param pwdlen    size of the password
+ * \param ctx       The PK context to fill. It must have been initialized
+ *                  but not set up.
+ * \param key       Input buffer to parse.
+ *                  The buffer must contain the input exactly, with no
+ *                  extra trailing material. For PEM, the buffer must
+ *                  contain a null-terminated string.
+ * \param keylen    Size of \b key in bytes.
+ *                  For PEM data, this includes the terminating null byte,
+ *                  so \p keylen must be equal to `strlen(key) + 1`.
+ * \param pwd       Optional password for decryption.
+ *                  Pass \c NULL if expecting a non-encrypted key.
+ *                  Pass a string of \p pwdlen bytes if expecting an encrypted
+ *                  key; a non-encrypted key will also be accepted.
+ *                  The empty password is not supported.
+ * \param pwdlen    Size of the password in bytes.
+ *                  Ignored if \p pwd is \c NULL.
  *
  * \note            On entry, ctx must be empty, either freshly initialised
  *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -586,10 +618,15 @@
 /**
  * \brief           Parse a public key in PEM or DER format
  *
- * \param ctx       key to be initialized
- * \param key       input buffer
- * \param keylen    size of the buffer
- *                  (including the terminating null byte for PEM data)
+ * \param ctx       The PK context to fill. It must have been initialized
+ *                  but not set up.
+ * \param key       Input buffer to parse.
+ *                  The buffer must contain the input exactly, with no
+ *                  extra trailing material. For PEM, the buffer must
+ *                  contain a null-terminated string.
+ * \param keylen    Size of \b key in bytes.
+ *                  For PEM data, this includes the terminating null byte,
+ *                  so \p keylen must be equal to `strlen(key) + 1`.
  *
  * \note            On entry, ctx must be empty, either freshly initialised
  *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -607,9 +644,14 @@
 /**
  * \brief           Load and parse a private key
  *
- * \param ctx       key to be initialized
+ * \param ctx       The PK context to fill. It must have been initialized
+ *                  but not set up.
  * \param path      filename to read the private key from
- * \param password  password to decrypt the file (can be NULL)
+ * \param password  Optional password to decrypt the file.
+ *                  Pass \c NULL if expecting a non-encrypted key.
+ *                  Pass a null-terminated string if expecting an encrypted
+ *                  key; a non-encrypted key will also be accepted.
+ *                  The empty password is not supported.
  *
  * \note            On entry, ctx must be empty, either freshly initialised
  *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -626,7 +668,8 @@
 /**
  * \brief           Load and parse a public key
  *
- * \param ctx       key to be initialized
+ * \param ctx       The PK context to fill. It must have been initialized
+ *                  but not set up.
  * \param path      filename to read the public key from
  *
  * \note            On entry, ctx must be empty, either freshly initialised
@@ -649,7 +692,7 @@
  *                        return value to determine where you should start
  *                        using the buffer
  *
- * \param ctx       private to write away
+ * \param ctx       PK context which must contain a valid private key.
  * \param buf       buffer to write to
  * \param size      size of the buffer
  *
@@ -664,7 +707,7 @@
  *                        return value to determine where you should start
  *                        using the buffer
  *
- * \param ctx       public key to write away
+ * \param ctx       PK context which must contain a valid public or private key.
  * \param buf       buffer to write to
  * \param size      size of the buffer
  *
@@ -677,9 +720,10 @@
 /**
  * \brief           Write a public key to a PEM string
  *
- * \param ctx       public key to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
+ * \param ctx       PK context which must contain a valid public or private key.
+ * \param buf       Buffer to write to. The output includes a
+ *                  terminating null byte.
+ * \param size      Size of the buffer in bytes.
  *
  * \return          0 if successful, or a specific error code
  */
@@ -688,9 +732,10 @@
 /**
  * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
  *
- * \param ctx       private to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
+ * \param ctx       PK context which must contain a valid private key.
+ * \param buf       Buffer to write to. The output includes a
+ *                  terminating null byte.
+ * \param size      Size of the buffer in bytes.
  *
  * \return          0 if successful, or a specific error code
  */
@@ -709,7 +754,8 @@
  *
  * \param p         the position in the ASN.1 data
  * \param end       end of the buffer
- * \param pk        the key to fill
+ * \param pk        The PK context to fill. It must have been initialized
+ *                  but not set up.
  *
  * \return          0 if successful, or a specific PK error code
  */
@@ -724,7 +770,7 @@
  *
  * \param p         reference to current position pointer
  * \param start     start of the buffer (for bounds-checking)
- * \param key       public key to write away
+ * \param key       PK context which must contain a valid public or private key.
  *
  * \return          the length written or a negative error code
  */
@@ -761,7 +807,7 @@
  * \return          An Mbed TLS error code otherwise.
  */
 int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
-                               psa_key_slot_t *slot,
+                               psa_key_handle_t *slot,
                                psa_algorithm_t hash_alg );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index a621ef5..d441357 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_PKCS12_H
 #define MBEDTLS_PKCS12_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "md.h"
 #include "cipher.h"
 #include "asn1.h"
@@ -46,6 +52,8 @@
 extern "C" {
 #endif
 
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 /**
  * \brief            PKCS12 Password Based function (encryption / decryption)
  *                   for pbeWithSHAAnd128BitRC4
@@ -87,6 +95,8 @@
                 const unsigned char *input, size_t len,
                 unsigned char *output );
 
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 /**
  * \brief            The PKCS#12 derivation function uses a password and a salt
  *                   to produce pseudo-random bits for a particular "purpose".
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 9a3c9fd..c92185f 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -26,6 +26,12 @@
 #ifndef MBEDTLS_PKCS5_H
 #define MBEDTLS_PKCS5_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "asn1.h"
 #include "md.h"
 
@@ -44,6 +50,8 @@
 extern "C" {
 #endif
 
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 /**
  * \brief          PKCS#5 PBES2 function
  *
@@ -62,6 +70,8 @@
                  const unsigned char *data, size_t datalen,
                  unsigned char *output );
 
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 /**
  * \brief          PKCS#5 PBKDF2 using HMAC
  *
@@ -81,6 +91,8 @@
                        unsigned int iteration_count,
                        uint32_t key_length, unsigned char *output );
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -88,6 +100,8 @@
  */
 int mbedtls_pkcs5_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 89fe8a7..801a948 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -58,17 +58,33 @@
  * \{
  */
 
+/* The older Microsoft Windows common runtime provides non-conforming
+ * implementations of some standard library functions, including snprintf
+ * and vsnprintf. This affects MSVC and MinGW builds.
+ */
+#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
+#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
+#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
+#endif
+
 #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(_WIN32)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 #define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
 #else
 #define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< The default \c snprintf function to use.  */
 #endif
 #endif
+#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+#define MBEDTLS_PLATFORM_STD_VSNPRINTF   mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use.  */
+#else
+#define MBEDTLS_PLATFORM_STD_VSNPRINTF   vsnprintf /**< The default \c vsnprintf function to use.  */
+#endif
+#endif
 #if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
 #define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< The default \c printf function to use. */
 #endif
@@ -204,7 +220,7 @@
  * - however it is acceptable to return -1 instead of the required length when
  *   the destination buffer is too short.
  */
-#if defined(_WIN32)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 /* For Windows (inc. MSYS2), we provide our own fixed implementation */
 int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
 #endif
@@ -231,6 +247,41 @@
 #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
 
 /*
+ * The function pointers for vsnprintf
+ *
+ * The vsnprintf implementation should conform to C99:
+ * - it *must* always correctly zero-terminate the buffer
+ *   (except when n == 0, then it must leave the buffer untouched)
+ * - however it is acceptable to return -1 instead of the required length when
+ *   the destination buffer is too short.
+ */
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
+int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
+#endif
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+#include <stdarg.h>
+extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
+
+/**
+ * \brief   Set your own snprintf function pointer
+ *
+ * \param   vsnprintf_func   The \c vsnprintf function implementation
+ *
+ * \return  \c 0
+ */
+int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
+                                                 const char * format, va_list arg ) );
+#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+#define mbedtls_vsnprintf   MBEDTLS_PLATFORM_VSNPRINTF_MACRO
+#else
+#define mbedtls_vsnprintf   vsnprintf
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
+/*
  * The function pointers for exit
  */
 #if defined(MBEDTLS_PLATFORM_EXIT_ALT)
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 164a1a0..dba6d45 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -26,14 +26,14 @@
 #define MBEDTLS_PLATFORM_UTIL_H
 
 #if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
+#include "config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 #if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "mbedtls/platform_time.h"
+#include "platform_time.h"
 #include <time.h>
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 
@@ -41,6 +41,88 @@
 extern "C" {
 #endif
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+
+#if defined(MBEDTLS_PARAM_FAILED)
+/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
+ *
+ * This flag can be used to check whether it is safe to assume that
+ * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
+ */
+#define MBEDTLS_PARAM_FAILED_ALT
+#else /* MBEDTLS_PARAM_FAILED */
+#define MBEDTLS_PARAM_FAILED( cond ) \
+    mbedtls_param_failed( #cond, __FILE__, __LINE__ )
+
+/**
+ * \brief       User supplied callback function for parameter validation failure.
+ *              See #MBEDTLS_CHECK_PARAMS for context.
+ *
+ *              This function will be called unless an alternative treatement
+ *              is defined through the #MBEDTLS_PARAM_FAILED macro.
+ *
+ *              This function can return, and the operation will be aborted, or
+ *              alternatively, through use of setjmp()/longjmp() can resume
+ *              execution in the application code.
+ *
+ * \param failure_condition The assertion that didn't hold.
+ * \param file  The file where the assertion failed.
+ * \param line  The line in the file where the assertion failed.
+ */
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line );
+#endif /* MBEDTLS_PARAM_FAILED */
+
+/* Internal macro meant to be called only from within the library. */
+#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret )  \
+    do {                                            \
+        if( !(cond) )                               \
+        {                                           \
+            MBEDTLS_PARAM_FAILED( cond );           \
+            return( ret );                          \
+        }                                           \
+    } while( 0 )
+
+/* Internal macro meant to be called only from within the library. */
+#define MBEDTLS_INTERNAL_VALIDATE( cond )           \
+    do {                                            \
+        if( !(cond) )                               \
+        {                                           \
+            MBEDTLS_PARAM_FAILED( cond );           \
+            return;                                 \
+        }                                           \
+    } while( 0 )
+
+#else /* MBEDTLS_CHECK_PARAMS */
+
+/* Internal macros meant to be called only from within the library. */
+#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret )  do { } while( 0 )
+#define MBEDTLS_INTERNAL_VALIDATE( cond )           do { } while( 0 )
+
+#endif /* MBEDTLS_CHECK_PARAMS */
+
+/* Internal helper macros for deprecating API constants. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
+ * to avoid conflict with other headers which define and use
+ * it, too. We might want to move all these definitions here at
+ * some point for uniformity. */
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
+#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL )       \
+    ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
+MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
+#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL )       \
+    ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
+#undef MBEDTLS_DEPRECATED
+#else /* MBEDTLS_DEPRECATED_WARNING */
+#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
+#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
 /**
  * \brief       Securely zeroize a buffer
  *
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index b02f968..f0ec44c 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -34,7 +34,7 @@
 #define MBEDTLS_POLY1305_H
 
 #if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
+#include "config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
@@ -84,14 +84,18 @@
  *                  \c mbedtls_poly1305_finish(), then finally
  *                  \c mbedtls_poly1305_free().
  *
- * \param ctx       The Poly1305 context to initialize.
+ * \param ctx       The Poly1305 context to initialize. This must
+ *                  not be \c NULL.
  */
 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
 
 /**
- * \brief           This function releases and clears the specified Poly1305 context.
+ * \brief           This function releases and clears the specified
+ *                  Poly1305 context.
  *
- * \param ctx       The Poly1305 context to clear.
+ * \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
+ *                  case this function is a no-op. If it is not \c NULL, it must
+ *                  point to an initialized Poly1305 context.
  */
 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
 
@@ -102,11 +106,11 @@
  *                  invocation of Poly1305.
  *
  * \param ctx       The Poly1305 context to which the key should be bound.
- * \param key       The buffer containing the 256-bit key.
+ *                  This must be initialized.
+ * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if ctx or key are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] );
@@ -120,13 +124,14 @@
  *                  It can be called repeatedly to process a stream of data.
  *
  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
- * \param ilen      The length of the input data (in bytes). Any value is accepted.
+ *                  This must be initialized and bound to a key.
+ * \param ilen      The length of the input data in Bytes.
+ *                  Any value is accepted.
  * \param input     The buffer holding the input data.
- *                  This pointer can be NULL if ilen == 0.
+ *                  This pointer can be \c NULL if `ilen == 0`.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if ctx or input are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
                              const unsigned char *input,
@@ -137,12 +142,12 @@
  *                  Authentication Code (MAC).
  *
  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
- * \param mac       The buffer to where the MAC is written. Must be big enough
- *                  to hold the 16-byte MAC.
+ *                  This must be initialized and bound to a key.
+ * \param mac       The buffer to where the MAC is written. This must
+ *                  be a writable buffer of length \c 16 Bytes.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if ctx or mac are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
                              unsigned char mac[16] );
@@ -154,16 +159,16 @@
  * \warning         The key must be unique and unpredictable for each
  *                  invocation of Poly1305.
  *
- * \param key       The buffer containing the 256-bit key.
- * \param ilen      The length of the input data (in bytes). Any value is accepted.
+ * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+ * \param ilen      The length of the input data in Bytes.
+ *                  Any value is accepted.
  * \param input     The buffer holding the input data.
- *                  This pointer can be NULL if ilen == 0.
- * \param mac       The buffer to where the MAC is written. Must be big enough
- *                  to hold the 16-byte MAC.
+ *                  This pointer can be \c NULL if `ilen == 0`.
+ * \param mac       The buffer to where the MAC is written. This must be
+ *                  a writable buffer of length \c 16 Bytes.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if key, input, or mac are NULL.
+ * \return          A negative error code on failure.
  */
 int mbedtls_poly1305_mac( const unsigned char key[32],
                           const unsigned char *input,
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 5766133..b5f0b7f 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -41,21 +41,9 @@
 #include "ecp.h"
 #include "md.h"
 #include "pk.h"
+#include "oid.h"
 
-/* Slot allocation */
-
-static inline psa_status_t mbedtls_psa_get_free_key_slot( psa_key_slot_t *key )
-{
-    for( psa_key_slot_t slot = 1; slot <= 32; slot++ )
-    {
-        if( psa_get_key_information( slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT )
-        {
-            *key = slot;
-            return( PSA_SUCCESS );
-        }
-    }
-    return( PSA_ERROR_INSUFFICIENT_MEMORY );
-}
+#include <string.h>
 
 /* Translations for symmetric crypto. */
 
@@ -105,6 +93,7 @@
             if( taglen == 0 )
                 return( PSA_ALG_CBC_NO_PADDING );
             /* Intentional fallthrough for taglen != 0 */
+            /* fallthrough */
         default:
             return( 0 );
     }
@@ -170,6 +159,162 @@
 
 /* Translations for ECC. */
 
+static inline int mbedtls_psa_get_ecc_oid_from_id(
+    psa_ecc_curve_t curve, char const **oid, size_t *oid_len )
+{
+    switch( curve )
+    {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+        case PSA_ECC_CURVE_SECP192R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+        case PSA_ECC_CURVE_SECP224R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+        case PSA_ECC_CURVE_SECP256R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+        case PSA_ECC_CURVE_SECP384R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+        case PSA_ECC_CURVE_SECP521R1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+        case PSA_ECC_CURVE_SECP192K1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+        case PSA_ECC_CURVE_SECP224K1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+        case PSA_ECC_CURVE_SECP256K1:
+            *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+        case PSA_ECC_CURVE_BRAINPOOL_P256R1:
+            *oid = MBEDTLS_OID_EC_GRP_BP256R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+        case PSA_ECC_CURVE_BRAINPOOL_P384R1:
+            *oid = MBEDTLS_OID_EC_GRP_BP384R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+        case PSA_ECC_CURVE_BRAINPOOL_P512R1:
+            *oid = MBEDTLS_OID_EC_GRP_BP512R1;
+            *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
+            return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+    }
+
+     return( -1 );
+}
+
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+
 static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
 {
     switch( grpid )
@@ -231,6 +376,24 @@
     }
 }
 
+
+#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve )                \
+    ( curve == PSA_ECC_CURVE_SECP192R1        ? 192 :             \
+      curve == PSA_ECC_CURVE_SECP224R1        ? 224 :             \
+      curve == PSA_ECC_CURVE_SECP256R1        ? 256 :             \
+      curve == PSA_ECC_CURVE_SECP384R1        ? 384 :             \
+      curve == PSA_ECC_CURVE_SECP521R1        ? 521 :             \
+      curve == PSA_ECC_CURVE_SECP192K1        ? 192 :             \
+      curve == PSA_ECC_CURVE_SECP224K1        ? 224 :             \
+      curve == PSA_ECC_CURVE_SECP256K1        ? 256 :             \
+      curve == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 :             \
+      curve == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 :             \
+      curve == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 :             \
+      0 )
+
+#define MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( curve )                \
+    ( ( MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) + 7 ) / 8 )
+
 /* Translations for PK layer */
 
 static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
@@ -250,7 +413,7 @@
         /* All other failures */
         case PSA_ERROR_COMMUNICATION_FAILURE:
         case PSA_ERROR_HARDWARE_FAILURE:
-        case PSA_ERROR_TAMPERING_DETECTED:
+        case PSA_ERROR_CORRUPTION_DETECTED:
             return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
         default: /* We return the same as for the 'other failures',
                   * but list them separately nonetheless to indicate
@@ -259,6 +422,61 @@
     }
 }
 
+/* Translations for ECC */
+
+/* This function transforms an ECC group identifier from
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ * into a PSA ECC group identifier. */
+static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group(
+    uint16_t tls_ecc_grp_reg_id )
+{
+    /* The PSA identifiers are currently aligned with those from
+     * the TLS Supported Groups registry, so no conversion is necessary. */
+    return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
+}
+
+/* This function takes a buffer holding an EC public key
+ * exported through psa_export_public_key(), and converts
+ * it into an ECPoint structure to be put into a ClientKeyExchange
+ * message in an ECDHE exchange.
+ *
+ * Both the present and the foreseeable future format of EC public keys
+ * used by PSA have the ECPoint structure contained in the exported key
+ * as a subbuffer, and the function merely selects this subbuffer instead
+ * of making a copy.
+ */
+static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
+                                                     size_t srclen,
+                                                     unsigned char **dst,
+                                                     size_t *dstlen )
+{
+    *dst = src;
+    *dstlen = srclen;
+    return( 0 );
+}
+
+/* This function takes a buffer holding an ECPoint structure
+ * (as contained in a TLS ServerKeyExchange message for ECDHE
+ * exchanges) and converts it into a format that the PSA key
+ * agreement API understands.
+ */
+static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( psa_ecc_curve_t curve,
+                                                     unsigned char const *src,
+                                                     size_t srclen,
+                                                     unsigned char *dst,
+                                                     size_t dstlen,
+                                                     size_t *olen )
+{
+    ((void) curve);
+
+    if( srclen > dstlen )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    memcpy( dst, src, srclen );
+    *olen = srclen;
+    return( 0 );
+}
+
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index c74b7d2..b42f6d2 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -219,6 +219,8 @@
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -226,6 +228,8 @@
  */
 int mbedtls_ripemd160_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 406a317..489f2ed 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -150,23 +150,24 @@
  * \note           The choice of padding mode is strictly enforced for private key
  *                 operations, since there might be security concerns in
  *                 mixing padding modes. For public key operations it is
- *                 a default value, which can be overriden by calling specific
+ *                 a default value, which can be overridden by calling specific
  *                 \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
  *
  * \note           The hash selected in \p hash_id is always used for OEAP
  *                 encryption. For PSS signatures, it is always used for
- *                 making signatures, but can be overriden for verifying them.
- *                 If set to #MBEDTLS_MD_NONE, it is always overriden.
+ *                 making signatures, but can be overridden for verifying them.
+ *                 If set to #MBEDTLS_MD_NONE, it is always overridden.
  *
- * \param ctx      The RSA context to initialize.
- * \param padding  Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
- *                 #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id  The hash identifier of #mbedtls_md_type_t type, if
- *                 \p padding is #MBEDTLS_RSA_PKCS_V21.
+ * \param ctx      The RSA context to initialize. This must not be \c NULL.
+ * \param padding  The padding mode to use. This must be either
+ *                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
+ * \param hash_id  The hash identifier of ::mbedtls_md_type_t type, if
+ *                 \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
+ *                 otherwise.
  */
 void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
                        int padding,
-                       int hash_id);
+                       int hash_id );
 
 /**
  * \brief          This function imports a set of core parameters into an
@@ -188,11 +189,11 @@
  *                 for the lifetime of the RSA context being set up.
  *
  * \param ctx      The initialized RSA context to store the parameters in.
- * \param N        The RSA modulus, or NULL.
- * \param P        The first prime factor of \p N, or NULL.
- * \param Q        The second prime factor of \p N, or NULL.
- * \param D        The private exponent, or NULL.
- * \param E        The public exponent, or NULL.
+ * \param N        The RSA modulus. This may be \c NULL.
+ * \param P        The first prime factor of \p N. This may be \c NULL.
+ * \param Q        The second prime factor of \p N. This may be \c NULL.
+ * \param D        The private exponent. This may be \c NULL.
+ * \param E        The public exponent. This may be \c NULL.
  *
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
@@ -222,16 +223,16 @@
  *                 for the lifetime of the RSA context being set up.
  *
  * \param ctx      The initialized RSA context to store the parameters in.
- * \param N        The RSA modulus, or NULL.
- * \param N_len    The Byte length of \p N, ignored if \p N == NULL.
- * \param P        The first prime factor of \p N, or NULL.
- * \param P_len    The Byte length of \p P, ignored if \p P == NULL.
- * \param Q        The second prime factor of \p N, or NULL.
- * \param Q_len    The Byte length of \p Q, ignored if \p Q == NULL.
- * \param D        The private exponent, or NULL.
- * \param D_len    The Byte length of \p D, ignored if \p D == NULL.
- * \param E        The public exponent, or NULL.
- * \param E_len    The Byte length of \p E, ignored if \p E == NULL.
+ * \param N        The RSA modulus. This may be \c NULL.
+ * \param N_len    The Byte length of \p N; it is ignored if \p N == NULL.
+ * \param P        The first prime factor of \p N. This may be \c NULL.
+ * \param P_len    The Byte length of \p P; it ns ignored if \p P == NULL.
+ * \param Q        The second prime factor of \p N. This may be \c NULL.
+ * \param Q_len    The Byte length of \p Q; it is ignored if \p Q == NULL.
+ * \param D        The private exponent. This may be \c NULL.
+ * \param D_len    The Byte length of \p D; it is ignored if \p D == NULL.
+ * \param E        The public exponent. This may be \c NULL.
+ * \param E_len    The Byte length of \p E; it is ignored if \p E == NULL.
  *
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
@@ -299,11 +300,16 @@
  *                 the RSA context stays intact and remains usable.
  *
  * \param ctx      The initialized RSA context.
- * \param N        The MPI to hold the RSA modulus, or NULL.
- * \param P        The MPI to hold the first prime factor of \p N, or NULL.
- * \param Q        The MPI to hold the second prime factor of \p N, or NULL.
- * \param D        The MPI to hold the private exponent, or NULL.
- * \param E        The MPI to hold the public exponent, or NULL.
+ * \param N        The MPI to hold the RSA modulus.
+ *                 This may be \c NULL if this field need not be exported.
+ * \param P        The MPI to hold the first prime factor of \p N.
+ *                 This may be \c NULL if this field need not be exported.
+ * \param Q        The MPI to hold the second prime factor of \p N.
+ *                 This may be \c NULL if this field need not be exported.
+ * \param D        The MPI to hold the private exponent.
+ *                 This may be \c NULL if this field need not be exported.
+ * \param E        The MPI to hold the public exponent.
+ *                 This may be \c NULL if this field need not be exported.
  *
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
@@ -341,17 +347,20 @@
  *                 buffer pointers are NULL.
  *
  * \param ctx      The initialized RSA context.
- * \param N        The Byte array to store the RSA modulus, or NULL.
+ * \param N        The Byte array to store the RSA modulus,
+ *                 or \c NULL if this field need not be exported.
  * \param N_len    The size of the buffer for the modulus.
- * \param P        The Byte array to hold the first prime factor of \p N, or
- *                 NULL.
+ * \param P        The Byte array to hold the first prime factor of \p N,
+ *                 or \c NULL if this field need not be exported.
  * \param P_len    The size of the buffer for the first prime factor.
- * \param Q        The Byte array to hold the second prime factor of \p N, or
- *                 NULL.
+ * \param Q        The Byte array to hold the second prime factor of \p N,
+ *                 or \c NULL if this field need not be exported.
  * \param Q_len    The size of the buffer for the second prime factor.
- * \param D        The Byte array to hold the private exponent, or NULL.
+ * \param D        The Byte array to hold the private exponent,
+ *                 or \c NULL if this field need not be exported.
  * \param D_len    The size of the buffer for the private exponent.
- * \param E        The Byte array to hold the public exponent, or NULL.
+ * \param E        The Byte array to hold the public exponent,
+ *                 or \c NULL if this field need not be exported.
  * \param E_len    The size of the buffer for the public exponent.
  *
  * \return         \c 0 on success.
@@ -375,9 +384,12 @@
  *                 mbedtls_rsa_deduce_opt().
  *
  * \param ctx      The initialized RSA context.
- * \param DP       The MPI to hold D modulo P-1, or NULL.
- * \param DQ       The MPI to hold D modulo Q-1, or NULL.
- * \param QP       The MPI to hold modular inverse of Q modulo P, or NULL.
+ * \param DP       The MPI to hold \c D modulo `P-1`,
+ *                 or \c NULL if it need not be exported.
+ * \param DQ       The MPI to hold \c D modulo `Q-1`,
+ *                 or \c NULL if it need not be exported.
+ * \param QP       The MPI to hold modular inverse of \c Q modulo \c P,
+ *                 or \c NULL if it need not be exported.
  *
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
@@ -390,13 +402,13 @@
  * \brief          This function sets padding for an already initialized RSA
  *                 context. See mbedtls_rsa_init() for details.
  *
- * \param ctx      The RSA context to be set.
- * \param padding  Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
- *                 #MBEDTLS_RSA_PKCS_V21.
+ * \param ctx      The initialized RSA context to be configured.
+ * \param padding  The padding mode to use. This must be either
+ *                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
  * \param hash_id  The #MBEDTLS_RSA_PKCS_V21 hash identifier.
  */
 void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
-                              int hash_id);
+                              int hash_id );
 
 /**
  * \brief          This function retrieves the length of RSA modulus in Bytes.
@@ -414,11 +426,14 @@
  * \note           mbedtls_rsa_init() must be called before this function,
  *                 to set up the RSA context.
  *
- * \param ctx      The RSA context used to hold the key.
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG context.
+ * \param ctx      The initialized RSA context used to hold the key.
+ * \param f_rng    The RNG function to be used for key generation.
+ *                 This must not be \c NULL.
+ * \param p_rng    The RNG context to be passed to \p f_rng.
+ *                 This may be \c NULL if \p f_rng doesn't need a context.
  * \param nbits    The size of the public key in bits.
- * \param exponent The public exponent. For example, 65537.
+ * \param exponent The public exponent to use. For example, \c 65537.
+ *                 This must be odd and greater than \c 1.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -436,7 +451,7 @@
  *                 enough information is present to perform an RSA public key
  *                 operation using mbedtls_rsa_public().
  *
- * \param ctx      The RSA context to check.
+ * \param ctx      The initialized RSA context to check.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -475,7 +490,7 @@
  *             parameters, which goes beyond what is effectively checkable
  *             by the library.</li></ul>
  *
- * \param ctx  The RSA context to check.
+ * \param ctx  The initialized RSA context to check.
  *
  * \return     \c 0 on success.
  * \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -487,8 +502,8 @@
  *
  *                 It checks each of the contexts, and makes sure they match.
  *
- * \param pub      The RSA context holding the public key.
- * \param prv      The RSA context holding the private key.
+ * \param pub      The initialized RSA context holding the public key.
+ * \param prv      The initialized RSA context holding the private key.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -499,18 +514,19 @@
 /**
  * \brief          This function performs an RSA public key operation.
  *
+ * \param ctx      The initialized RSA context to use.
+ * \param input    The input buffer. This must be a readable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
+ * \param output   The output buffer. This must be a writable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
+ *
  * \note           This function does not handle message padding.
  *
  * \note           Make sure to set \p input[0] = 0 or ensure that
  *                 input is smaller than \p N.
  *
- * \note           The input and output buffers must be large
- *                 enough. For example, 128 Bytes if RSA-1024 is used.
- *
- * \param ctx      The RSA context.
- * \param input    The input buffer.
- * \param output   The output buffer.
- *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
@@ -521,9 +537,6 @@
 /**
  * \brief          This function performs an RSA private key operation.
  *
- * \note           The input and output buffers must be large
- *                 enough. For example, 128 Bytes if RSA-1024 is used.
- *
  * \note           Blinding is used if and only if a PRNG is provided.
  *
  * \note           If blinding is used, both the base of exponentation
@@ -535,11 +548,18 @@
  *                 Future versions of the library may enforce the presence
  *                 of a PRNG.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for blinding.
- * \param p_rng    The RNG context.
- * \param input    The input buffer.
- * \param output   The output buffer.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG function, used for blinding. It is discouraged
+ *                 and deprecated to pass \c NULL here, in which case
+ *                 blinding will be omitted.
+ * \param p_rng    The RNG context to pass to \p f_rng. This may be \c NULL
+ *                 if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
+ * \param input    The input buffer. This must be a readable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
+ * \param output   The output buffer. This must be a writable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -558,9 +578,6 @@
  *                 It is the generic wrapper for performing a PKCS#1 encryption
  *                 operation using the \p mode from the context.
  *
- * \note           The input and output buffers must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \deprecated     It is deprecated and discouraged to call this function
  *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
  *                 are likely to remove the \p mode argument and have it
@@ -570,14 +587,25 @@
  *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for padding, PKCS#1 v2.1
- *                 encoding, and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen     The length of the plaintext.
- * \param input    The buffer holding the data to encrypt.
- * \param output   The buffer used to hold the ciphertext.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG to use. It is mandatory for PKCS#1 v2.1 padding
+ *                 encoding, and for PKCS#1 v1.5 padding encoding when used
+ *                 with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
+ *                 padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
+ *                 it is used for blinding and should be provided in this
+ *                 case; see mbedtls_rsa_private() for more.
+ * \param p_rng    The RNG context to be passed to \p f_rng. May be
+ *                 \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
+ *                 need a context argument.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
+ * \param ilen     The length of the plaintext in Bytes.
+ * \param input    The input data to encrypt. This must be a readable
+ *                 buffer of size \p ilen Bytes. It may be \c NULL if
+ *                 `ilen == 0`.
+ * \param output   The output buffer. This must be a writable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -593,9 +621,6 @@
  * \brief          This function performs a PKCS#1 v1.5 encryption operation
  *                 (RSAES-PKCS1-v1_5-ENCRYPT).
  *
- * \note           The output buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \deprecated     It is deprecated and discouraged to call this function
  *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
  *                 are likely to remove the \p mode argument and have it
@@ -605,14 +630,23 @@
  *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for padding and
- *                 #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen     The length of the plaintext.
- * \param input    The buffer holding the data to encrypt.
- * \param output   The buffer used to hold the ciphertext.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG function to use. It is needed for padding generation
+ *                 if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
+ *                 #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
+ *                 blinding and should be provided; see mbedtls_rsa_private().
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may
+ *                 be \c NULL if \p f_rng is \c NULL or if \p f_rng
+ *                 doesn't need a context argument.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
+ * \param ilen     The length of the plaintext in Bytes.
+ * \param input    The input data to encrypt. This must be a readable
+ *                 buffer of size \p ilen Bytes. It may be \c NULL if
+ *                 `ilen == 0`.
+ * \param output   The output buffer. This must be a writable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -640,16 +674,24 @@
  *                   mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx        The RSA context.
- * \param f_rng      The RNG function. Needed for padding and PKCS#1 v2.1
- *                   encoding and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng      The RNG context.
- * \param mode       #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx        The initnialized RSA context to use.
+ * \param f_rng      The RNG function to use. This is needed for padding
+ *                   generation and must be provided.
+ * \param p_rng      The RNG context to be passed to \p f_rng. This may
+ *                   be \c NULL if \p f_rng doesn't need a context argument.
+ * \param mode       The mode of operation. This must be either
+ *                   #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
  * \param label      The buffer holding the custom label to use.
- * \param label_len  The length of the label.
- * \param ilen       The length of the plaintext.
- * \param input      The buffer holding the data to encrypt.
- * \param output     The buffer used to hold the ciphertext.
+ *                   This must be a readable buffer of length \p label_len
+ *                   Bytes. It may be \c NULL if \p label_len is \c 0.
+ * \param label_len  The length of the label in Bytes.
+ * \param ilen       The length of the plaintext buffer \p input in Bytes.
+ * \param input      The input data to encrypt. This must be a readable
+ *                   buffer of size \p ilen Bytes. It may be \c NULL if
+ *                   `ilen == 0`.
+ * \param output     The output buffer. This must be a writable buffer
+ *                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                   for an 2048-bit RSA modulus.
  *
  * \return           \c 0 on success.
  * \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -677,9 +719,6 @@
  *                 hold the decryption of the particular ciphertext provided,
  *                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
  *
- * \note           The input buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \deprecated     It is deprecated and discouraged to call this function
  *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
  *                 are likely to remove the \p mode argument and have it
@@ -689,14 +728,23 @@
  *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen     The length of the plaintext.
- * \param input    The buffer holding the encrypted data.
- * \param output   The buffer used to hold the plaintext.
- * \param output_max_len    The maximum length of the output buffer.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                 this is used for blinding and should be provided; see
+ *                 mbedtls_rsa_private() for more. If \p mode is
+ *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
+ * \param olen     The address at which to store the length of
+ *                 the plaintext. This must not be \c NULL.
+ * \param input    The ciphertext buffer. This must be a readable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
+ * \param output   The buffer used to hold the plaintext. This must
+ *                 be a writable buffer of length \p output_max_len Bytes.
+ * \param output_max_len The length in Bytes of the output buffer \p output.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -720,9 +768,6 @@
  *                 hold the decryption of the particular ciphertext provided,
  *                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
  *
- * \note           The input buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \deprecated     It is deprecated and discouraged to call this function
  *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
  *                 are likely to remove the \p mode argument and have it
@@ -732,14 +777,23 @@
  *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen     The length of the plaintext.
- * \param input    The buffer holding the encrypted data.
- * \param output   The buffer to hold the plaintext.
- * \param output_max_len    The maximum length of the output buffer.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                 this is used for blinding and should be provided; see
+ *                 mbedtls_rsa_private() for more. If \p mode is
+ *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
+ * \param olen     The address at which to store the length of
+ *                 the plaintext. This must not be \c NULL.
+ * \param input    The ciphertext buffer. This must be a readable buffer
+ *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
+ * \param output   The buffer used to hold the plaintext. This must
+ *                 be a writable buffer of length \p output_max_len Bytes.
+ * \param output_max_len The length in Bytes of the output buffer \p output.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -765,9 +819,6 @@
  *                   ciphertext provided, the function returns
  *                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
  *
- * \note             The input buffer must be as large as the size
- *                   of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \deprecated       It is deprecated and discouraged to call this function
  *                   in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
  *                   are likely to remove the \p mode argument and have it
@@ -777,16 +828,27 @@
  *                   mode being set to #MBEDTLS_RSA_PUBLIC and might instead
  *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx        The RSA context.
- * \param f_rng      The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng      The RNG context.
- * \param mode       #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx        The initialized RSA context to use.
+ * \param f_rng      The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                   this is used for blinding and should be provided; see
+ *                   mbedtls_rsa_private() for more. If \p mode is
+ *                   #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng      The RNG context to be passed to \p f_rng. This may be
+ *                   \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode       The mode of operation. This must be either
+ *                   #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
  * \param label      The buffer holding the custom label to use.
- * \param label_len  The length of the label.
- * \param olen       The length of the plaintext.
- * \param input      The buffer holding the encrypted data.
- * \param output     The buffer to hold the plaintext.
- * \param output_max_len    The maximum length of the output buffer.
+ *                   This must be a readable buffer of length \p label_len
+ *                   Bytes. It may be \c NULL if \p label_len is \c 0.
+ * \param label_len  The length of the label in Bytes.
+ * \param olen       The address at which to store the length of
+ *                   the plaintext. This must not be \c NULL.
+ * \param input      The ciphertext buffer. This must be a readable buffer
+ *                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                   for an 2048-bit RSA modulus.
+ * \param output     The buffer used to hold the plaintext. This must
+ *                   be a writable buffer of length \p output_max_len Bytes.
+ * \param output_max_len The length in Bytes of the output buffer \p output.
  *
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -824,16 +886,28 @@
  *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for PKCS#1 v2.1 encoding and for
- *                 #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG function to use. If the padding mode is PKCS#1 v2.1,
+ *                 this must be provided. If the padding mode is PKCS#1 v1.5 and
+ *                 \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
+ *                 and should be provided; see mbedtls_rsa_private() for more
+ *                 more. It is ignored otherwise.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+ *                 if \p f_rng is \c NULL or doesn't need a context argument.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer to hold the ciphertext.
+ * \param hashlen  The length of the message digest.
+ *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash     The buffer holding the message digest or raw data.
+ *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ *                 buffer of length \p hashlen Bytes. If \p md_alg is not
+ *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ *                 the size of the hash corresponding to \p md_alg.
+ * \param sig      The buffer to hold the signature. This must be a writable
+ *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -851,9 +925,6 @@
  * \brief          This function performs a PKCS#1 v1.5 signature
  *                 operation (RSASSA-PKCS1-v1_5-SIGN).
  *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \deprecated     It is deprecated and discouraged to call this function
  *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
  *                 are likely to remove the \p mode argument and have it
@@ -863,15 +934,27 @@
  *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                 this is used for blinding and should be provided; see
+ *                 mbedtls_rsa_private() for more. If \p mode is
+ *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+ *                 if \p f_rng is \c NULL or doesn't need a context argument.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer to hold the ciphertext.
+ * \param hashlen  The length of the message digest.
+ *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash     The buffer holding the message digest or raw data.
+ *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ *                 buffer of length \p hashlen Bytes. If \p md_alg is not
+ *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ *                 the size of the hash corresponding to \p md_alg.
+ * \param sig      The buffer to hold the signature. This must be a writable
+ *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -889,9 +972,6 @@
  * \brief          This function performs a PKCS#1 v2.1 PSS signature
  *                 operation (RSASSA-PSS-SIGN).
  *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \note           The \p hash_id in the RSA context is the one used for the
  *                 encoding. \p md_alg in the function call is the type of hash
  *                 that is encoded. According to <em>RFC-3447: Public-Key
@@ -918,16 +998,24 @@
  *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for PKCS#1 v2.1 encoding and for
- *                 #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx      The initialized RSA context to use.
+ * \param f_rng    The RNG function. It must not be \c NULL.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+ *                 if \p f_rng doesn't need a context argument.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer to hold the ciphertext.
+ * \param hashlen  The length of the message digest.
+ *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash     The buffer holding the message digest or raw data.
+ *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ *                 buffer of length \p hashlen Bytes. If \p md_alg is not
+ *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ *                 the size of the hash corresponding to \p md_alg.
+ * \param sig      The buffer to hold the signature. This must be a writable
+ *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -948,9 +1036,6 @@
  *                 This is the generic wrapper for performing a PKCS#1
  *                 verification using the mode from the context.
  *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \note           For PKCS#1 v2.1 encoding, see comments on
  *                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
  *                 \p hash_id.
@@ -964,15 +1049,26 @@
  *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx      The initialized RSA public key context to use.
+ * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                 this is used for blinding and should be provided; see
+ *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer holding the ciphertext.
+ * \param hashlen  The length of the message digest.
+ *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash     The buffer holding the message digest or raw data.
+ *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ *                 buffer of length \p hashlen Bytes. If \p md_alg is not
+ *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ *                 the size of the hash corresponding to \p md_alg.
+ * \param sig      The buffer holding the signature. This must be a readable
+ *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -990,9 +1086,6 @@
  * \brief          This function performs a PKCS#1 v1.5 verification
  *                 operation (RSASSA-PKCS1-v1_5-VERIFY).
  *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \deprecated     It is deprecated and discouraged to call this function
  *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
  *                 are likely to remove the \p mode argument and have it
@@ -1002,15 +1095,26 @@
  *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx      The initialized RSA public key context to use.
+ * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                 this is used for blinding and should be provided; see
+ *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer holding the ciphertext.
+ * \param hashlen  The length of the message digest.
+ *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash     The buffer holding the message digest or raw data.
+ *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ *                 buffer of length \p hashlen Bytes. If \p md_alg is not
+ *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ *                 the size of the hash corresponding to \p md_alg.
+ * \param sig      The buffer holding the signature. This must be a readable
+ *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1031,9 +1135,6 @@
  *                 The hash function for the MGF mask generating function
  *                 is that specified in the RSA context.
  *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
  * \note           The \p hash_id in the RSA context is the one used for the
  *                 verification. \p md_alg in the function call is the type of
  *                 hash that is verified. According to <em>RFC-3447: Public-Key
@@ -1051,15 +1152,26 @@
  *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
  *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
  *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx      The initialized RSA public key context to use.
+ * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                 this is used for blinding and should be provided; see
+ *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer holding the ciphertext.
+ * \param hashlen  The length of the message digest.
+ *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash     The buffer holding the message digest or raw data.
+ *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ *                 buffer of length \p hashlen Bytes. If \p md_alg is not
+ *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ *                 the size of the hash corresponding to \p md_alg.
+ * \param sig      The buffer holding the signature. This must be a readable
+ *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1085,19 +1197,29 @@
  *
  * \note           The \p hash_id in the RSA context is ignored.
  *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG context.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx      The initialized RSA public key context to use.
+ * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ *                 this is used for blinding and should be provided; see
+ *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng    The RNG context to be passed to \p f_rng. This may be
+ *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode     The mode of operation. This must be either
+ *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is
- *                 #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param mgf1_hash_id       The message digest used for mask generation.
- * \param expected_salt_len  The length of the salt used in padding. Use
- *                           #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig      The buffer holding the ciphertext.
+ * \param hashlen  The length of the message digest.
+ *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash     The buffer holding the message digest or raw data.
+ *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ *                 buffer of length \p hashlen Bytes. If \p md_alg is not
+ *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ *                 the size of the hash corresponding to \p md_alg.
+ * \param mgf1_hash_id      The message digest used for mask generation.
+ * \param expected_salt_len The length of the salt used in padding. Use
+ *                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+ * \param sig      The buffer holding the signature. This must be a readable
+ *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ *                 for an 2048-bit RSA modulus.
  *
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1116,8 +1238,8 @@
 /**
  * \brief          This function copies the components of an RSA context.
  *
- * \param dst      The destination context.
- * \param src      The source context.
+ * \param dst      The destination context. This must be initialized.
+ * \param src      The source context. This must be initialized.
  *
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
@@ -1127,10 +1249,14 @@
 /**
  * \brief          This function frees the components of an RSA key.
  *
- * \param ctx      The RSA Context to free.
+ * \param ctx      The RSA context to free. May be \c NULL, in which case
+ *                 this function is a no-op. If it is not \c NULL, it must
+ *                 point to an initialized RSA context.
  */
 void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          The RSA checkup routine.
  *
@@ -1139,6 +1265,8 @@
  */
 int mbedtls_rsa_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index bcaeab5..bb6ecf0 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -42,6 +42,7 @@
 
 /* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED                  -0x0035  /**< SHA-1 hardware accelerator failed */
+#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA                   -0x0073  /**< SHA-1 input data was malformed. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -79,6 +80,7 @@
  *                 stronger message digests instead.
  *
  * \param ctx      The SHA-1 context to initialize.
+ *                 This must not be \c NULL.
  *
  */
 void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
@@ -90,7 +92,10 @@
  *                 constitutes a security risk. We recommend considering
  *                 stronger message digests instead.
  *
- * \param ctx      The SHA-1 context to clear.
+ * \param ctx      The SHA-1 context to clear. This may be \c NULL,
+ *                 in which case this function does nothing. If it is
+ *                 not \c NULL, it must point to an initialized
+ *                 SHA-1 context.
  *
  */
 void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
@@ -102,8 +107,8 @@
  *                 constitutes a security risk. We recommend considering
  *                 stronger message digests instead.
  *
- * \param dst      The SHA-1 context to clone to.
- * \param src      The SHA-1 context to clone from.
+ * \param dst      The SHA-1 context to clone to. This must be initialized.
+ * \param src      The SHA-1 context to clone from. This must be initialized.
  *
  */
 void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
@@ -116,9 +121,10 @@
  *                 constitutes a security risk. We recommend considering
  *                 stronger message digests instead.
  *
- * \param ctx      The SHA-1 context to initialize.
+ * \param ctx      The SHA-1 context to initialize. This must be initialized.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  *
  */
 int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
@@ -131,11 +137,14 @@
  *                 constitutes a security risk. We recommend considering
  *                 stronger message digests instead.
  *
- * \param ctx      The SHA-1 context.
+ * \param ctx      The SHA-1 context. This must be initialized
+ *                 and have a hash operation started.
  * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
+ *                 This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data \p input in Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
                              const unsigned char *input,
@@ -149,10 +158,13 @@
  *                 constitutes a security risk. We recommend considering
  *                 stronger message digests instead.
  *
- * \param ctx      The SHA-1 context.
- * \param output   The SHA-1 checksum result.
+ * \param ctx      The SHA-1 context to use. This must be initialized and
+ *                 have a hash operation started.
+ * \param output   The SHA-1 checksum result. This must be a writable
+ *                 buffer of length \c 20 Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
                              unsigned char output[20] );
@@ -164,10 +176,12 @@
  *                 constitutes a security risk. We recommend considering
  *                 stronger message digests instead.
  *
- * \param ctx      The SHA-1 context.
- * \param data     The data block being processed.
+ * \param ctx      The SHA-1 context to use. This must be initialized.
+ * \param data     The data block being processed. This must be a
+ *                 readable buffer of length \c 64 Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  *
  */
 int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
@@ -188,7 +202,7 @@
  *
  * \deprecated     Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
  *
- * \param ctx      The SHA-1 context to initialize.
+ * \param ctx      The SHA-1 context to initialize. This must be initialized.
  *
  */
 MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
@@ -203,9 +217,11 @@
  *
  * \deprecated     Superseded by mbedtls_sha1_update_ret() in 2.7.0.
  *
- * \param ctx      The SHA-1 context.
+ * \param ctx      The SHA-1 context. This must be initialized and
+ *                 have a hash operation started.
  * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
+ *                 This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data \p input in Bytes.
  *
  */
 MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
@@ -222,9 +238,10 @@
  *
  * \deprecated     Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
  *
- * \param ctx      The SHA-1 context.
+ * \param ctx      The SHA-1 context. This must be initialized and
+ *                 have a hash operation started.
  * \param output   The SHA-1 checksum result.
- *
+ *                 This must be a writable buffer of length \c 20 Bytes.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
                                              unsigned char output[20] );
@@ -238,8 +255,9 @@
  *
  * \deprecated     Superseded by mbedtls_internal_sha1_process() in 2.7.0.
  *
- * \param ctx      The SHA-1 context.
+ * \param ctx      The SHA-1 context. This must be initialized.
  * \param data     The data block being processed.
+ *                 This must be a readable buffer of length \c 64 bytes.
  *
  */
 MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
@@ -262,10 +280,13 @@
  *                 stronger message digests instead.
  *
  * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
+ *                 This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data \p input in Bytes.
  * \param output   The SHA-1 checksum result.
+ *                 This must be a writable buffer of length \c 20 Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  *
  */
 int mbedtls_sha1_ret( const unsigned char *input,
@@ -294,8 +315,10 @@
  * \deprecated     Superseded by mbedtls_sha1_ret() in 2.7.0
  *
  * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-1 checksum result.
+ *                 This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data \p input in Bytes.
+ * \param output   The SHA-1 checksum result. This must be a writable
+ *                 buffer of size \c 20 Bytes.
  *
  */
 MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
@@ -305,6 +328,8 @@
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          The SHA-1 checkup routine.
  *
@@ -318,6 +343,8 @@
  */
 int mbedtls_sha1_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 47a31e8..d647398 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -38,6 +38,7 @@
 
 /* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED                -0x0037  /**< SHA-256 hardware accelerator failed */
+#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA                 -0x0074  /**< SHA-256 input data was malformed. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -71,22 +72,24 @@
 /**
  * \brief          This function initializes a SHA-256 context.
  *
- * \param ctx      The SHA-256 context to initialize.
+ * \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
  */
 void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
 
 /**
  * \brief          This function clears a SHA-256 context.
  *
- * \param ctx      The SHA-256 context to clear.
+ * \param ctx      The SHA-256 context to clear. This may be \c NULL, in which
+ *                 case this function returns immediately. If it is not \c NULL,
+ *                 it must point to an initialized SHA-256 context.
  */
 void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
 
 /**
  * \brief          This function clones the state of a SHA-256 context.
  *
- * \param dst      The destination context.
- * \param src      The context to clone.
+ * \param dst      The destination context. This must be initialized.
+ * \param src      The context to clone. This must be initialized.
  */
 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
                            const mbedtls_sha256_context *src );
@@ -95,11 +98,12 @@
  * \brief          This function starts a SHA-224 or SHA-256 checksum
  *                 calculation.
  *
- * \param ctx      The context to initialize.
- * \param is224    Determines which function to use:
- *                 0: Use SHA-256, or 1: Use SHA-224.
+ * \param ctx      The context to use. This must be initialized.
+ * \param is224    This determines which function to use. This must be
+ *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
 
@@ -107,11 +111,14 @@
  * \brief          This function feeds an input buffer into an ongoing
  *                 SHA-256 checksum calculation.
  *
- * \param ctx      The SHA-256 context.
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
+ * \param ctx      The SHA-256 context. This must be initialized
+ *                 and have a hash operation started.
+ * \param input    The buffer holding the data. This must be a readable
+ *                 buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
                                const unsigned char *input,
@@ -121,10 +128,13 @@
  * \brief          This function finishes the SHA-256 operation, and writes
  *                 the result to the output buffer.
  *
- * \param ctx      The SHA-256 context.
+ * \param ctx      The SHA-256 context. This must be initialized
+ *                 and have a hash operation started.
  * \param output   The SHA-224 or SHA-256 checksum result.
+ *                 This must be a writable buffer of length \c 32 Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
                                unsigned char output[32] );
@@ -134,10 +144,12 @@
  *                 the ongoing SHA-256 computation. This function is for
  *                 internal use only.
  *
- * \param ctx      The SHA-256 context.
- * \param data     The buffer holding one block of data.
+ * \param ctx      The SHA-256 context. This must be initialized.
+ * \param data     The buffer holding one block of data. This must
+ *                 be a readable buffer of length \c 64 Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
                                      const unsigned char data[64] );
@@ -152,12 +164,11 @@
  * \brief          This function starts a SHA-224 or SHA-256 checksum
  *                 calculation.
  *
- *
  * \deprecated     Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
  *
- * \param ctx      The context to initialize.
- * \param is224    Determines which function to use:
- *                 0: Use SHA-256, or 1: Use SHA-224.
+ * \param ctx      The context to use. This must be initialized.
+ * \param is224    Determines which function to use. This must be
+ *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
                                                int is224 );
@@ -168,9 +179,11 @@
  *
  * \deprecated     Superseded by mbedtls_sha256_update_ret() in 2.7.0.
  *
- * \param ctx      The SHA-256 context to initialize.
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
+ * \param ctx      The SHA-256 context to use. This must be
+ *                 initialized and have a hash operation started.
+ * \param input    The buffer holding the data. This must be a readable
+ *                 buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
                                                const unsigned char *input,
@@ -182,8 +195,10 @@
  *
  * \deprecated     Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
  *
- * \param ctx      The SHA-256 context.
- * \param output   The SHA-224 or SHA-256 checksum result.
+ * \param ctx      The SHA-256 context. This must be initialized and
+ *                 have a hash operation started.
+ * \param output   The SHA-224 or SHA-256 checksum result. This must be
+ *                 a writable buffer of length \c 32 Bytes.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
                                                unsigned char output[32] );
@@ -195,8 +210,9 @@
  *
  * \deprecated     Superseded by mbedtls_internal_sha256_process() in 2.7.0.
  *
- * \param ctx      The SHA-256 context.
- * \param data     The buffer holding one block of data.
+ * \param ctx      The SHA-256 context. This must be initialized.
+ * \param data     The buffer holding one block of data. This must be
+ *                 a readable buffer of size \c 64 Bytes.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
                                                 const unsigned char data[64] );
@@ -214,11 +230,13 @@
  *                 The SHA-256 result is calculated as
  *                 output = SHA-256(input buffer).
  *
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-224 or SHA-256 checksum result.
- * \param is224    Determines which function to use:
- *                 0: Use SHA-256, or 1: Use SHA-224.
+ * \param input    The buffer holding the data. This must be a readable
+ *                 buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
+ * \param output   The SHA-224 or SHA-256 checksum result. This must
+ *                 be a writable buffer of length \c 32 Bytes.
+ * \param is224    Determines which function to use. This must be
+ *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
  */
 int mbedtls_sha256_ret( const unsigned char *input,
                         size_t ilen,
@@ -244,11 +262,13 @@
  *
  * \deprecated     Superseded by mbedtls_sha256_ret() in 2.7.0.
  *
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-224 or SHA-256 checksum result.
- * \param is224    Determines which function to use:
- *                 0: Use SHA-256, or 1: Use SHA-224.
+ * \param input    The buffer holding the data. This must be a readable
+ *                 buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
+ * \param output   The SHA-224 or SHA-256 checksum result. This must be
+ *                 a writable buffer of length \c 32 Bytes.
+ * \param is224    Determines which function to use. This must be either
+ *                 \c 0 for SHA-256, or \c 1 for SHA-224.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
                                         size_t ilen,
@@ -258,6 +278,8 @@
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          The SHA-224 and SHA-256 checkup routine.
  *
@@ -266,6 +288,8 @@
  */
 int mbedtls_sha256_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 020f95d..c06ceed 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -37,6 +37,7 @@
 
 /* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED                -0x0039  /**< SHA-512 hardware accelerator failed */
+#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA                 -0x0075  /**< SHA-512 input data was malformed. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -70,22 +71,26 @@
 /**
  * \brief          This function initializes a SHA-512 context.
  *
- * \param ctx      The SHA-512 context to initialize.
+ * \param ctx      The SHA-512 context to initialize. This must
+ *                 not be \c NULL.
  */
 void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
 
 /**
  * \brief          This function clears a SHA-512 context.
  *
- * \param ctx      The SHA-512 context to clear.
+ * \param ctx      The SHA-512 context to clear. This may be \c NULL,
+ *                 in which case this function does nothing. If it
+ *                 is not \c NULL, it must point to an initialized
+ *                 SHA-512 context.
  */
 void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
 
 /**
  * \brief          This function clones the state of a SHA-512 context.
  *
- * \param dst      The destination context.
- * \param src      The context to clone.
+ * \param dst      The destination context. This must be initialized.
+ * \param src      The context to clone. This must be initialized.
  */
 void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
                            const mbedtls_sha512_context *src );
@@ -94,11 +99,12 @@
  * \brief          This function starts a SHA-384 or SHA-512 checksum
  *                 calculation.
  *
- * \param ctx      The SHA-512 context to initialize.
- * \param is384    Determines which function to use:
- *                 0: Use SHA-512, or 1: Use SHA-384.
+ * \param ctx      The SHA-512 context to use. This must be initialized.
+ * \param is384    Determines which function to use. This must be
+ *                 either \c for SHA-512, or \c 1 for SHA-384.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
 
@@ -106,11 +112,14 @@
  * \brief          This function feeds an input buffer into an ongoing
  *                 SHA-512 checksum calculation.
  *
- * \param ctx      The SHA-512 context.
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
+ * \param ctx      The SHA-512 context. This must be initialized
+ *                 and have a hash operation started.
+ * \param input    The buffer holding the input data. This must
+ *                 be a readable buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
                     const unsigned char *input,
@@ -121,10 +130,13 @@
  *                 the result to the output buffer. This function is for
  *                 internal use only.
  *
- * \param ctx      The SHA-512 context.
+ * \param ctx      The SHA-512 context. This must be initialized
+ *                 and have a hash operation started.
  * \param output   The SHA-384 or SHA-512 checksum result.
+ *                 This must be a writable buffer of length \c 64 Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
                                unsigned char output[64] );
@@ -133,10 +145,12 @@
  * \brief          This function processes a single data block within
  *                 the ongoing SHA-512 computation.
  *
- * \param ctx      The SHA-512 context.
- * \param data     The buffer holding one block of data.
+ * \param ctx      The SHA-512 context. This must be initialized.
+ * \param data     The buffer holding one block of data. This
+ *                 must be a readable buffer of length \c 128 Bytes.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
                                      const unsigned char data[128] );
@@ -152,9 +166,9 @@
  *
  * \deprecated     Superseded by mbedtls_sha512_starts_ret() in 2.7.0
  *
- * \param ctx      The SHA-512 context to initialize.
- * \param is384    Determines which function to use:
- *                 0: Use SHA-512, or 1: Use SHA-384.
+ * \param ctx      The SHA-512 context to use. This must be initialized.
+ * \param is384    Determines which function to use. This must be either
+ *                 \c 0 for SHA-512 or \c 1 for SHA-384.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
                                                int is384 );
@@ -165,9 +179,11 @@
  *
  * \deprecated     Superseded by mbedtls_sha512_update_ret() in 2.7.0.
  *
- * \param ctx      The SHA-512 context.
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
+ * \param ctx      The SHA-512 context. This must be initialized
+ *                 and have a hash operation started.
+ * \param input    The buffer holding the data. This must be a readable
+ *                 buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
                                                const unsigned char *input,
@@ -179,8 +195,10 @@
  *
  * \deprecated     Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
  *
- * \param ctx      The SHA-512 context.
- * \param output   The SHA-384 or SHA-512 checksum result.
+ * \param ctx      The SHA-512 context. This must be initialized
+ *                 and have a hash operation started.
+ * \param output   The SHA-384 or SHA-512 checksum result. This must
+ *                 be a writable buffer of size \c 64 Bytes.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
                                                unsigned char output[64] );
@@ -192,8 +210,9 @@
  *
  * \deprecated     Superseded by mbedtls_internal_sha512_process() in 2.7.0.
  *
- * \param ctx      The SHA-512 context.
- * \param data     The buffer holding one block of data.
+ * \param ctx      The SHA-512 context. This must be initialized.
+ * \param data     The buffer holding one block of data. This must be
+ *                 a readable buffer of length \c 128 Bytes.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha512_process(
                                             mbedtls_sha512_context *ctx,
@@ -212,13 +231,16 @@
  *                 The SHA-512 result is calculated as
  *                 output = SHA-512(input buffer).
  *
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
+ * \param input    The buffer holding the input data. This must be
+ *                 a readable buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
  * \param output   The SHA-384 or SHA-512 checksum result.
- * \param is384    Determines which function to use:
- *                 0: Use SHA-512, or 1: Use SHA-384.
+ *                 This must be a writable buffer of length \c 64 Bytes.
+ * \param is384    Determines which function to use. This must be either
+ *                 \c 0 for SHA-512, or \c 1 for SHA-384.
  *
  * \return         \c 0 on success.
+ * \return         A negative error code on failure.
  */
 int mbedtls_sha512_ret( const unsigned char *input,
                         size_t ilen,
@@ -231,6 +253,7 @@
 #else
 #define MBEDTLS_DEPRECATED
 #endif
+
 /**
  * \brief          This function calculates the SHA-512 or SHA-384
  *                 checksum of a buffer.
@@ -243,11 +266,13 @@
  *
  * \deprecated     Superseded by mbedtls_sha512_ret() in 2.7.0
  *
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-384 or SHA-512 checksum result.
- * \param is384    Determines which function to use:
- *                 0: Use SHA-512, or 1: Use SHA-384.
+ * \param input    The buffer holding the data. This must be a
+ *                 readable buffer of length \p ilen Bytes.
+ * \param ilen     The length of the input data in Bytes.
+ * \param output   The SHA-384 or SHA-512 checksum result. This must
+ *                 be a writable buffer of length \c 64 Bytes.
+ * \param is384    Determines which function to use. This must be either
+ *                 \c 0 for SHA-512, or \c 1 for SHA-384.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
                                         size_t ilen,
@@ -256,6 +281,9 @@
 
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_SELF_TEST)
+
  /**
  * \brief          The SHA-384 or SHA-512 checkup routine.
  *
@@ -263,6 +291,7 @@
  * \return         \c 1 on failure.
  */
 int mbedtls_sha512_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f7c9d93..b793ac0 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -787,6 +787,25 @@
 typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) &&        \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN  48
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  32
+#elif defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  48
+#elif defined(MBEDTLS_SHA1_C)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  20
+#else
+/* This is already checked in check_config.h, but be sure. */
+#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
+#endif
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED &&
+          !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
 /*
  * This structure is used for storing current session data.
  */
@@ -802,7 +821,15 @@
     unsigned char master[48];   /*!< the master secret  */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_x509_crt *peer_cert;        /*!< peer X.509 cert chain */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    mbedtls_x509_crt *peer_cert;       /*!< peer X.509 cert chain */
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    /*! The digest of the peer's end-CRT. This must be kept to detect CRT
+     *  changes during renegotiation, mitigating the triple handshake attack. */
+    unsigned char *peer_cert_digest;
+    size_t peer_cert_digest_len;
+    mbedtls_md_type_t peer_cert_digest_type;
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
     uint32_t verify_result;          /*!<  verification result     */
 
@@ -929,11 +956,11 @@
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_slot_t psk_opaque; /*!< PSA key slot holding opaque PSK.
-                                *   This field should only be set via
-                                *   mbedtls_ssl_conf_psk_opaque().
-                                *   If either no PSK or a raw PSK have
-                                *   been configured, this has value \c 0. */
+    psa_key_handle_t psk_opaque; /*!< PSA key slot holding opaque PSK.
+                                  *   This field should only be set via
+                                  *   mbedtls_ssl_conf_psk_opaque().
+                                  *   If either no PSK or a raw PSK have
+                                  *   been configured, this has value \c 0. */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     unsigned char *psk;      /*!< The raw pre-shared key. This field should
@@ -2055,7 +2082,7 @@
  *                 provision more than one cert/key pair (eg one ECDSA, one
  *                 RSA with SHA-256, one RSA with SHA-1). An adequate
  *                 certificate will be selected according to the client's
- *                 advertised capabilities. In case mutliple certificates are
+ *                 advertised capabilities. In case multiple certificates are
  *                 adequate, preference is given to the one set by the first
  *                 call to this function, then second, etc.
  *
@@ -2066,6 +2093,14 @@
  *                 whether it matches those preferences - the server can then
  *                 decide what it wants to do with it.
  *
+ * \note           The provided \p pk_key needs to match the public key in the
+ *                 first certificate in \p own_cert, or all handshakes using
+ *                 that certificate will fail. It is your responsibility
+ *                 to ensure that; this function will not perform any check.
+ *                 You may use mbedtls_pk_check_pair() in order to perform
+ *                 this check yourself, but be aware that this function can
+ *                 be computationally expensive on some key types.
+ *
  * \param conf     SSL configuration
  * \param own_cert own public certificate chain
  * \param pk_key   own private key
@@ -2129,7 +2164,7 @@
  * \param psk      The identifier of the key slot holding the PSK.
  *                 Until \p conf is destroyed or this function is successfully
  *                 called again, the key slot \p psk must be populated with a
- *                 key of type #PSA_ALG_CATEGORY_KEY_DERIVATION whose policy
+ *                 key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy
  *                 allows its use for the key derivation algorithm applied
  *                 in the handshake.
  * \param psk_identity      The pointer to the pre-shared key identity.
@@ -2144,7 +2179,7 @@
  * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
  */
 int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
-                                 psa_key_slot_t psk,
+                                 psa_key_handle_t psk,
                                  const unsigned char *psk_identity,
                                  size_t psk_identity_len );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -2176,7 +2211,7 @@
  * \param psk      The identifier of the key slot holding the PSK.
  *                 For the duration of the current handshake, the key slot
  *                 must be populated with a key of type
- *                 #PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
+ *                 PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
  *                 use for the key derivation algorithm
  *                 applied in the handshake.
   *
@@ -2184,7 +2219,7 @@
  * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
  */
 int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
-                                   psa_key_slot_t psk );
+                                   psa_key_handle_t psk );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /**
@@ -2964,18 +2999,34 @@
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
- * \brief          Return the peer certificate from the current connection
+ * \brief          Return the peer certificate from the current connection.
  *
- *                 Note: Can be NULL in case no certificate was sent during
- *                 the handshake. Different calls for the same connection can
- *                 return the same or different pointers for the same
- *                 certificate and even a different certificate altogether.
- *                 The peer cert CAN change in a single connection if
- *                 renegotiation is performed.
+ * \param  ssl     The SSL context to use. This must be initialized and setup.
  *
- * \param ssl      SSL context
+ * \return         The current peer certificate, if available.
+ *                 The returned certificate is owned by the SSL context and
+ *                 is valid only until the next call to the SSL API.
+ * \return         \c NULL if no peer certificate is available. This might
+ *                 be because the chosen ciphersuite doesn't use CRTs
+ *                 (PSK-based ciphersuites, for example), or because
+ *                 #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
+ *                 allowing the stack to free the peer's CRT to save memory.
  *
- * \return         the current peer certificate
+ * \note           For one-time inspection of the peer's certificate during
+ *                 the handshake, consider registering an X.509 CRT verification
+ *                 callback through mbedtls_ssl_conf_verify() instead of calling
+ *                 this function. Using mbedtls_ssl_conf_verify() also comes at
+ *                 the benefit of allowing you to influence the verification
+ *                 process, for example by masking expected and tolerated
+ *                 verification failures.
+ *
+ * \warning        You must not use the pointer returned by this function
+ *                 after any further call to the SSL API, including
+ *                 mbedtls_ssl_read() and mbedtls_ssl_write(); this is
+ *                 because the pointer might change during renegotiation,
+ *                 which happens transparently to the user.
+ *                 If you want to use the certificate across API calls,
+ *                 you must make a copy.
  */
 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -3292,7 +3343,7 @@
  *                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
  *
  * \note           You need to call mbedtls_ssl_config_defaults() unless you
- *                 manually set all of the relevent fields yourself.
+ *                 manually set all of the relevant fields yourself.
  *
  * \param conf     SSL configuration context
  */
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index ec081e6..84254d3 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_SSL_CACHE_H
 #define MBEDTLS_SSL_CACHE_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "ssl.h"
 
 #if defined(MBEDTLS_THREADING_C)
@@ -64,7 +70,8 @@
     mbedtls_time_t timestamp;           /*!< entry timestamp    */
 #endif
     mbedtls_ssl_session session;        /*!< entry session      */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     mbedtls_x509_buf peer_cert;         /*!< entry peer_cert    */
 #endif
     mbedtls_ssl_cache_entry *next;      /*!< chain pointer      */
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index cda8b48..7126783 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
 #define MBEDTLS_SSL_CIPHERSUITES_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "pk.h"
 #include "cipher.h"
 #include "md.h"
@@ -480,6 +486,24 @@
     }
 }
 
+static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
+{
+    switch( info->key_exchange )
+    {
+        case MBEDTLS_KEY_EXCHANGE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+            return( 1 );
+
+        default:
+            return( 0 );
+    }
+}
+
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
 {
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 6a0ad4f..e34760a 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_SSL_COOKIE_H
 #define MBEDTLS_SSL_COOKIE_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "ssl.h"
 
 #if defined(MBEDTLS_THREADING_C)
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 318d13f..5dde239 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -24,9 +24,19 @@
 #ifndef MBEDTLS_SSL_INTERNAL_H
 #define MBEDTLS_SSL_INTERNAL_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 #include "ssl.h"
 #include "cipher.h"
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
 #if defined(MBEDTLS_MD5_C)
 #include "md5.h"
 #endif
@@ -47,6 +57,11 @@
 #include "ecjpake.h"
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "psa_util.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
     !defined(inline) && !defined(__cplusplus)
 #define inline __inline
@@ -270,7 +285,15 @@
 #endif
 #if defined(MBEDTLS_ECDH_C)
     mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
-#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_ecc_curve_t ecdh_psa_curve;
+    psa_key_handle_t ecdh_psa_privkey;
+    unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+    size_t ecdh_psa_peerkey_len;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_ECDH_C */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     mbedtls_ecjpake_context ecjpake_ctx;        /*!< EC J-PAKE key exchange */
 #if defined(MBEDTLS_SSL_CLI_C)
@@ -284,7 +307,7 @@
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_slot_t psk_opaque;          /*!< Opaque PSK from the callback   */
+    psa_key_handle_t psk_opaque;        /*!< Opaque PSK from the callback   */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     unsigned char *psk;                 /*!<  PSK from the callback         */
     size_t psk_len;                     /*!<  Length of PSK from callback   */
@@ -308,8 +331,13 @@
         ssl_ecrs_cke_ecdh_calc_secret,  /*!< ClientKeyExchange: ECDH step 2 */
         ssl_ecrs_crt_vrfy_sign,         /*!< CertificateVerify: pk_sign()   */
     } ecrs_state;                       /*!< current (or last) operation    */
+    mbedtls_x509_crt *ecrs_peer_cert;   /*!< The peer's CRT chain.          */
     size_t ecrs_n;                      /*!< place for saving a length      */
 #endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    mbedtls_pk_context peer_pubkey;     /*!< The public key from the peer.  */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
     unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
@@ -370,11 +398,19 @@
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_operation_t fin_sha256_psa;
+#else
     mbedtls_sha256_context fin_sha256;
 #endif
+#endif
 #if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_operation_t fin_sha384_psa;
+#else
     mbedtls_sha512_context fin_sha512;
 #endif
+#endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
     void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
@@ -735,6 +771,9 @@
 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
 #endif
 
+int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
+                              const mbedtls_ssl_session *src );
+
 /* constant-time buffer comparison */
 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
 {
@@ -765,6 +804,7 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
+/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
                                             unsigned char *hash, size_t *hashlen,
                                             unsigned char *data, size_t data_len,
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index b2686df..774a007 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_SSL_TICKET_H
 #define MBEDTLS_SSL_TICKET_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
 /*
  * This implementation of the session ticket callbacks includes key
  * management, rotating the keys periodically in order to preserve forward
@@ -111,14 +117,14 @@
 /**
  * \brief           Implementation of the ticket write callback
  *
- * \note            See \c mbedlts_ssl_ticket_write_t for description
+ * \note            See \c mbedtls_ssl_ticket_write_t for description
  */
 mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
 
 /**
  * \brief           Implementation of the ticket parse callback
  *
- * \note            See \c mbedlts_ssl_ticket_parse_t for description
+ * \note            See \c mbedtls_ssl_ticket_parse_t for description
  */
 mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
 
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 492fde3..79b42b2 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,7 +39,7 @@
  * Major, Minor, Patchlevel
  */
 #define MBEDTLS_VERSION_MAJOR  2
-#define MBEDTLS_VERSION_MINOR  14
+#define MBEDTLS_VERSION_MINOR  17
 #define MBEDTLS_VERSION_PATCH  0
 
 /**
@@ -47,9 +47,9 @@
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x020E0000
-#define MBEDTLS_VERSION_STRING         "2.14.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.14.0"
+#define MBEDTLS_VERSION_NUMBER         0x02110000
+#define MBEDTLS_VERSION_STRING         "2.17.0"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.17.0"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index d6db9c6..b63e864 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -77,7 +77,7 @@
 #define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
 #define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000  /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
+#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000  /**< A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
 /* \} name */
 
 /**
@@ -142,24 +142,26 @@
  *
  * Comments refer to the status for using certificates. Status can be
  * different for writing certificates or reading CRLs or CSRs.
+ *
+ * Those are defined in oid.h as oid.c needs them in a data structure. Since
+ * these were previously defined here, let's have aliases for compatibility.
  */
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
-#define MBEDTLS_X509_EXT_KEY_USAGE                   (1 << 2)
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS             (1 << 4)
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)    /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)    /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
-#define MBEDTLS_X509_EXT_FRESHEST_CRL                (1 << 14)
-
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_KEY_USAGE                MBEDTLS_OID_X509_EXT_KEY_USAGE
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES     MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS          MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME         MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME         /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME          MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS  MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS        /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS         MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS       MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE       MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS  MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY       MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
+#define MBEDTLS_X509_EXT_FRESHEST_CRL             MBEDTLS_OID_X509_EXT_FRESHEST_CRL
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE             MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
 
 /*
  * Storage format identifiers
@@ -250,7 +252,7 @@
  *
  * \param to       mbedtls_x509_time to check
  *
- * \return         1 if the given time is in the past or an error occured,
+ * \return         1 if the given time is in the past or an error occurred,
  *                 0 otherwise.
  */
 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
@@ -264,11 +266,13 @@
  *
  * \param from     mbedtls_x509_time to check
  *
- * \return         1 if the given time is in the future or an error occured,
+ * \return         1 if the given time is in the future or an error occurred,
  *                 0 otherwise.
  */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -276,6 +280,8 @@
  */
 int mbedtls_x509_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 /*
  * Internal module functions. You probably do not want to use these unless you
  * know you do.
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 08a4283..fa838d6 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -111,7 +111,7 @@
 /**
  * \brief          Parse one or more CRLs and append them to the chained list
  *
- * \note           Mutliple CRLs are accepted only if using PEM format
+ * \note           Multiple CRLs are accepted only if using PEM format
  *
  * \param chain    points to the start of the chain
  * \param buf      buffer holding the CRL data in PEM or DER format
@@ -126,7 +126,7 @@
 /**
  * \brief          Load one or more CRLs and append them to the chained list
  *
- * \note           Mutliple CRLs are accepted only if using PEM format
+ * \note           Multiple CRLs are accepted only if using PEM format
  *
  * \param chain    points to the start of the chain
  * \param path     filename to read the CRLs from (in PEM or DER encoding)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index afeefca..b3f27be 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -52,6 +52,8 @@
  */
 typedef struct mbedtls_x509_crt
 {
+    int own_buffer;                     /**< Indicates if \c raw is owned
+                                         *   by the structure or not.        */
     mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
     mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
 
@@ -68,6 +70,7 @@
     mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
     mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
 
+    mbedtls_x509_buf pk_raw;
     mbedtls_pk_context pk;              /**< Container for the public key context. */
 
     mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
@@ -220,31 +223,88 @@
 
 /**
  * \brief          Parse a single DER formatted certificate and add it
- *                 to the chained list.
+ *                 to the end of the provided chained list.
  *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the certificate DER data
- * \param buflen   size of the buffer
+ * \param chain    The pointer to the start of the CRT chain to attach to.
+ *                 When parsing the first CRT in a chain, this should point
+ *                 to an instance of ::mbedtls_x509_crt initialized through
+ *                 mbedtls_x509_crt_init().
+ * \param buf      The buffer holding the DER encoded certificate.
+ * \param buflen   The size in Bytes of \p buf.
  *
- * \return         0 if successful, or a specific X509 or PEM error code
+ * \note           This function makes an internal copy of the CRT buffer
+ *                 \p buf. In particular, \p buf may be destroyed or reused
+ *                 after this call returns. To avoid duplicating the CRT
+ *                 buffer (at the cost of stricter lifetime constraints),
+ *                 use mbedtls_x509_crt_parse_der_nocopy() instead.
+ *
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
  */
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
-                        size_t buflen );
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
+                                const unsigned char *buf,
+                                size_t buflen );
 
 /**
- * \brief          Parse one or more certificates and add them
- *                 to the chained list. Parses permissively. If some
- *                 certificates can be parsed, the result is the number
- *                 of failed certificates it encountered. If none complete
- *                 correctly, the first error is returned.
+ * \brief          Parse a single DER formatted certificate and add it
+ *                 to the end of the provided chained list. This is a
+ *                 variant of mbedtls_x509_crt_parse_der() which takes
+ *                 temporary ownership of the CRT buffer until the CRT
+ *                 is destroyed.
  *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the certificate data in PEM or DER format
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
+ * \param chain    The pointer to the start of the CRT chain to attach to.
+ *                 When parsing the first CRT in a chain, this should point
+ *                 to an instance of ::mbedtls_x509_crt initialized through
+ *                 mbedtls_x509_crt_init().
+ * \param buf      The address of the readable buffer holding the DER encoded
+ *                 certificate to use. On success, this buffer must be
+ *                 retained and not be changed for the liftetime of the
+ *                 CRT chain \p chain, that is, until \p chain is destroyed
+ *                 through a call to mbedtls_x509_crt_free().
+ * \param buflen   The size in Bytes of \p buf.
  *
- * \return         0 if all certificates parsed successfully, a positive number
- *                 if partly successful or a specific X509 or PEM error code
+ * \note           This call is functionally equivalent to
+ *                 mbedtls_x509_crt_parse_der(), but it avoids creating a
+ *                 copy of the input buffer at the cost of stronger lifetime
+ *                 constraints. This is useful in constrained environments
+ *                 where duplication of the CRT cannot be tolerated.
+ *
+ * \return         \c 0 if successful.
+ * \return         A negative error code on failure.
+ */
+int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
+                                       const unsigned char *buf,
+                                       size_t buflen );
+
+/**
+ * \brief          Parse one DER-encoded or one or more concatenated PEM-encoded
+ *                 certificates and add them to the chained list.
+ *
+ *                 For CRTs in PEM encoding, the function parses permissively:
+ *                 if at least one certificate can be parsed, the function
+ *                 returns the number of certificates for which parsing failed
+ *                 (hence \c 0 if all certificates were parsed successfully).
+ *                 If no certificate could be parsed, the function returns
+ *                 the first (negative) error encountered during parsing.
+ *
+ *                 PEM encoded certificates may be interleaved by other data
+ *                 such as human readable descriptions of their content, as
+ *                 long as the certificates are enclosed in the PEM specific
+ *                 '-----{BEGIN/END} CERTIFICATE-----' delimiters.
+ *
+ * \param chain    The chain to which to add the parsed certificates.
+ * \param buf      The buffer holding the certificate data in PEM or DER format.
+ *                 For certificates in PEM encoding, this may be a concatenation
+ *                 of multiple certificates; for DER encoding, the buffer must
+ *                 comprise exactly one certificate.
+ * \param buflen   The size of \p buf, including the terminating \c NULL byte
+ *                 in case of PEM encoded data.
+ *
+ * \return         \c 0 if all certificates were parsed successfully.
+ * \return         The (positive) number of certificates that couldn't
+ *                 be parsed if parsing was partly successful (see above).
+ * \return         A negative X509 or PEM error code otherwise.
+ *
  */
 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
 
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 0c6ccad..a3c2804 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -205,6 +205,14 @@
  * \param key_usage key usage flags to set
  *
  * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ *
+ * \note            The <code>decipherOnly</code> flag from the Key Usage
+ *                  extension is represented by bit 8 (i.e.
+ *                  <code>0x8000</code>), which cannot typically be represented
+ *                  in an unsigned char. Therefore, the flag
+ *                  <code>decipherOnly</code> (i.e.
+ *                  #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
+ *                  function.
  */
 int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
 
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index 6430c13..b47f553 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -121,6 +121,8 @@
                     unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
+#if defined(MBEDTLS_SELF_TEST)
+
 /**
  * \brief          Checkup routine
  *
@@ -128,6 +130,8 @@
  */
 int mbedtls_xtea_self_test( int verbose );
 
+#endif /* MBEDTLS_SELF_TEST */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index e7d0ecd..3036d17 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -86,144 +86,372 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
  */
 psa_status_t psa_crypto_init(void);
 
 /**@}*/
 
-/** \defgroup policy Key policies
+/** \defgroup attributes Key attributes
  * @{
  */
 
-/** The type of the key policy data structure.
+/** The type of a structure containing key attributes.
  *
- * Before calling any function on a key policy, the application must initialize
- * it by any of the following means:
+ * This is an opaque structure that can represent the metadata of a key
+ * object. Metadata that can be stored in attributes includes:
+ * - The location of the key in storage, indicated by its key identifier
+ *   and its lifetime.
+ * - The key's policy, comprising usage flags and a specification of
+ *   the permitted algorithm(s).
+ * - Information about the key itself: the key type and its size.
+ * - Implementations may define additional attributes.
+ *
+ * The actual key material is not considered an attribute of a key.
+ * Key attributes do not contain information that is generally considered
+ * highly confidential.
+ *
+ * An attribute structure can be a simple data structure where each function
+ * `psa_set_key_xxx` sets a field and the corresponding function
+ * `psa_get_key_xxx` retrieves the value of the corresponding field.
+ * However, implementations may report values that are equivalent to the
+ * original one, but have a different encoding. For example, an
+ * implementation may use a more compact representation for types where
+ * many bit-patterns are invalid or not supported, and store all values
+ * that it does not support as a special marker value. In such an
+ * implementation, after setting an invalid value, the corresponding
+ * get function returns an invalid value which may not be the one that
+ * was originally stored.
+ *
+ * An attribute structure may contain references to auxiliary resources,
+ * for example pointers to allocated memory or indirect references to
+ * pre-calculated values. In order to free such resources, the application
+ * must call psa_reset_key_attributes(). As an exception, calling
+ * psa_reset_key_attributes() on an attribute structure is optional if
+ * the structure has only been modified by the following functions
+ * since it was initialized or last reset with psa_reset_key_attributes():
+ * - psa_set_key_id()
+ * - psa_set_key_lifetime()
+ * - psa_set_key_type()
+ * - psa_set_key_bits()
+ * - psa_set_key_usage_flags()
+ * - psa_set_key_algorithm()
+ *
+ * Before calling any function on a key attribute structure, the application
+ * must initialize it by any of the following means:
  * - Set the structure to all-bits-zero, for example:
  *   \code
- *   psa_key_policy_t policy;
- *   memset(&policy, 0, sizeof(policy));
+ *   psa_key_attributes_t attributes;
+ *   memset(&attributes, 0, sizeof(attributes));
  *   \endcode
  * - Initialize the structure to logical zero values, for example:
  *   \code
- *   psa_key_policy_t policy = {0};
+ *   psa_key_attributes_t attributes = {0};
  *   \endcode
- * - Initialize the structure to the initializer #PSA_KEY_POLICY_INIT,
+ * - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
  *   for example:
  *   \code
- *   psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ *   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
  *   \endcode
- * - Assign the result of the function psa_key_policy_init()
+ * - Assign the result of the function psa_key_attributes_init()
  *   to the structure, for example:
  *   \code
- *   psa_key_policy_t policy;
- *   policy = psa_key_policy_init();
+ *   psa_key_attributes_t attributes;
+ *   attributes = psa_key_attributes_init();
  *   \endcode
  *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_key_policy_s psa_key_policy_t;
-
-/** \def PSA_KEY_POLICY_INIT
+ * A freshly initialized attribute structure contains the following
+ * values:
  *
- * This macro returns a suitable initializer for a key policy object of type
- * #psa_key_policy_t.
+ * - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
+ * - key identifier: unspecified.
+ * - type: \c 0.
+ * - key size: \c 0.
+ * - usage flags: \c 0.
+ * - algorithm: \c 0.
+ *
+ * A typical sequence to create a key is as follows:
+ * -# Create and initialize an attribute structure.
+ * -# If the key is persistent, call psa_set_key_id().
+ *    Also call psa_set_key_lifetime() to place the key in a non-default
+ *    location.
+ * -# Set the key policy with psa_set_key_usage_flags() and
+ *    psa_set_key_algorithm().
+ * -# Set the key type with psa_set_key_type().
+ *    Skip this step if copying an existing key with psa_copy_key().
+ * -# When generating a random key with psa_generate_key() or deriving a key
+ *    with psa_key_derivation_output_key(), set the desired key size with
+ *    psa_set_key_bits().
+ * -# Call a key creation function: psa_import_key(), psa_generate_key(),
+ *    psa_key_derivation_output_key() or psa_copy_key(). This function reads
+ *    the attribute structure, creates a key with these attributes, and
+ *    outputs a handle to the newly created key.
+ * -# The attribute structure is now no longer necessary.
+ *    You may call psa_reset_key_attributes(), although this is optional
+ *    with the workflow presented here because the attributes currently
+ *    defined in this specification do not require any additional resources
+ *    beyond the structure itself.
+ *
+ * A typical sequence to query a key's attributes is as follows:
+ * -# Call psa_get_key_attributes().
+ * -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
+ *    you are interested in.
+ * -# Call psa_reset_key_attributes() to free any resources that may be
+ *    used by the attribute structure.
+ *
+ * Once a key has been created, it is impossible to change its attributes.
+ */
+typedef struct psa_key_attributes_s psa_key_attributes_t;
+
+/** \def PSA_KEY_ATTRIBUTES_INIT
+ *
+ * This macro returns a suitable initializer for a key attribute structure
+ * of type #psa_key_attributes_t.
  */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
  * Implementations should define a suitable value in `crypto_struct.h`.
  */
-#define PSA_KEY_POLICY_INIT {0}
+#define PSA_KEY_ATTRIBUTES_INIT {0}
 #endif
 
-/** Return an initial value for a key policy that forbids all usage of the key.
+/** Return an initial value for a key attributes structure.
  */
-static psa_key_policy_t psa_key_policy_init(void);
+static psa_key_attributes_t psa_key_attributes_init(void);
 
-/** \brief Set the standard fields of a policy structure.
+/** Declare a key as persistent and set its key identifier.
  *
- * Note that this function does not make any consistency check of the
- * parameters. The values are only checked when applying the policy to
- * a key slot with psa_set_key_policy().
+ * If the attribute structure currently declares the key as volatile (which
+ * is the default content of an attribute structure), this function sets
+ * the lifetime attribute to #PSA_KEY_LIFETIME_PERSISTENT.
  *
- * \param[in,out] policy The key policy to modify. It must have been
- *                       initialized as per the documentation for
- *                       #psa_key_policy_t.
- * \param usage          The permitted uses for the key.
- * \param alg            The algorithm that the key may be used for.
+ * This function does not access storage, it merely stores the given
+ * value in the structure.
+ * The persistent key will be written to storage when the attribute
+ * structure is passed to a key creation function such as
+ * psa_import_key(), psa_generate_key(),
+ * psa_key_derivation_output_key() or psa_copy_key().
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes       The attribute structure to write to.
+ * \param id                    The persistent identifier for the key.
  */
-void psa_key_policy_set_usage(psa_key_policy_t *policy,
-                              psa_key_usage_t usage,
-                              psa_algorithm_t alg);
+static void psa_set_key_id(psa_key_attributes_t *attributes,
+                           psa_key_id_t id);
 
-/** \brief Retrieve the usage field of a policy structure.
+/** Set the location of a persistent key.
  *
- * \param[in] policy    The policy object to query.
+ * To make a key persistent, you must give it a persistent key identifier
+ * with psa_set_key_id(). By default, a key that has a persistent identifier
+ * is stored in the default storage area identifier by
+ * #PSA_KEY_LIFETIME_PERSISTENT. Call this function to choose a storage
+ * area, or to explicitly declare the key as volatile.
  *
- * \return The permitted uses for a key with this policy.
+ * This function does not access storage, it merely stores the given
+ * value in the structure.
+ * The persistent key will be written to storage when the attribute
+ * structure is passed to a key creation function such as
+ * psa_import_key(), psa_generate_key(),
+ * psa_key_derivation_output_key() or psa_copy_key().
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes       The attribute structure to write to.
+ * \param lifetime              The lifetime for the key.
+ *                              If this is #PSA_KEY_LIFETIME_VOLATILE, the
+ *                              key will be volatile, and the key identifier
+ *                              attribute is reset to 0.
  */
-psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy);
+static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
+                                 psa_key_lifetime_t lifetime);
 
-/** \brief Retrieve the algorithm field of a policy structure.
+/** Retrieve the key identifier from key attributes.
  *
- * \param[in] policy    The policy object to query.
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
  *
- * \return The permitted algorithm for a key with this policy.
+ * \param[in] attributes        The key attribute structure to query.
+ *
+ * \return The persistent identifier stored in the attribute structure.
+ *         This value is unspecified if the attribute structure declares
+ *         the key as volatile.
  */
-psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
+static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes);
 
-/** \brief Set the usage policy on a key slot.
+/** Retrieve the lifetime from key attributes.
  *
- * This function must be called on an empty key slot, before importing,
- * generating or creating a key in the slot. Changing the policy of an
- * existing key is not permitted.
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
  *
- * Implementations may set restrictions on supported key policies
- * depending on the key type and the key slot.
+ * \param[in] attributes        The key attribute structure to query.
  *
- * \param handle        Handle to the key whose policy is to be changed.
- * \param[in] policy    The policy object to query.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- *         If the key is persistent, it is implementation-defined whether
- *         the policy has been saved to persistent storage. Implementations
- *         may defer saving the policy until the key material is created.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
+ * \return The lifetime value stored in the attribute structure.
  */
-psa_status_t psa_set_key_policy(psa_key_handle_t handle,
-                                const psa_key_policy_t *policy);
+static psa_key_lifetime_t psa_get_key_lifetime(
+    const psa_key_attributes_t *attributes);
 
-/** \brief Get the usage policy for a key slot.
+/** Declare usage flags for a key.
  *
- * \param handle        Handle to the key slot whose policy is being queried.
- * \param[out] policy   On success, the key's policy.
+ * Usage flags are part of a key's usage policy. They encode what
+ * kind of operations are permitted on the key. For more details,
+ * refer to the documentation of the type #psa_key_usage_t.
+ *
+ * This function overwrites any usage flags
+ * previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes       The attribute structure to write to.
+ * \param usage_flags           The usage flags to write.
+ */
+static void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
+                                    psa_key_usage_t usage_flags);
+
+/** Retrieve the usage flags from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes        The key attribute structure to query.
+ *
+ * \return The usage flags stored in the attribute structure.
+ */
+static psa_key_usage_t psa_get_key_usage_flags(
+    const psa_key_attributes_t *attributes);
+
+/** Declare the permitted algorithm policy for a key.
+ *
+ * The permitted algorithm policy of a key encodes which algorithm or
+ * algorithms are permitted to be used with this key.
+ *
+ * This function overwrites any algorithm policy
+ * previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes       The attribute structure to write to.
+ * \param alg                   The permitted algorithm policy to write.
+ */
+static void psa_set_key_algorithm(psa_key_attributes_t *attributes,
+                                  psa_algorithm_t alg);
+
+
+/** Retrieve the algorithm policy from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes        The key attribute structure to query.
+ *
+ * \return The algorithm stored in the attribute structure.
+ */
+static psa_algorithm_t psa_get_key_algorithm(
+    const psa_key_attributes_t *attributes);
+
+/** Declare the type of a key.
+ *
+ * This function overwrites any key type
+ * previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes       The attribute structure to write to.
+ * \param type                  The key type to write.
+ */
+static void psa_set_key_type(psa_key_attributes_t *attributes,
+                             psa_key_type_t type);
+
+
+/** Declare the size of a key.
+ *
+ * This function overwrites any key size previously set in \p attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] attributes       The attribute structure to write to.
+ * \param bits                  The key size in bits.
+ */
+static void psa_set_key_bits(psa_key_attributes_t *attributes,
+                             size_t bits);
+
+/** Retrieve the key type from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes        The key attribute structure to query.
+ *
+ * \return The key type stored in the attribute structure.
+ */
+static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes);
+
+/** Retrieve the key size from key attributes.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] attributes        The key attribute structure to query.
+ *
+ * \return The key size stored in the attribute structure, in bits.
+ */
+static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
+
+/** Retrieve the attributes of a key.
+ *
+ * This function first resets the attribute structure as with
+ * psa_reset_key_attributes(). It then copies the attributes of
+ * the given key into the given attribute structure.
+ *
+ * \note This function may allocate memory or other resources.
+ *       Once you have called this function on an attribute structure,
+ *       you must call psa_reset_key_attributes() to free these resources.
+ *
+ * \param[in] handle            Handle to the key to query.
+ * \param[in,out] attributes    On success, the attributes of the key.
+ *                              On failure, equivalent to a
+ *                              freshly-initialized structure.
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
  */
-psa_status_t psa_get_key_policy(psa_key_handle_t handle,
-                                psa_key_policy_t *policy);
+psa_status_t psa_get_key_attributes(psa_key_handle_t handle,
+                                    psa_key_attributes_t *attributes);
+
+/** Reset a key attribute structure to a freshly initialized state.
+ *
+ * You must initialize the attribute structure as described in the
+ * documentation of the type #psa_key_attributes_t before calling this
+ * function. Once the structure has been initialized, you may call this
+ * function at any time.
+ *
+ * This function frees any auxiliary resources that the structure
+ * may contain.
+ *
+ * \param[in,out] attributes    The attribute structure to reset.
+ */
+void psa_reset_key_attributes(psa_key_attributes_t *attributes);
 
 /**@}*/
 
@@ -231,113 +459,45 @@
  * @{
  */
 
-/** \brief Retrieve the lifetime of an open key.
- *
- * \param handle        Handle to query.
- * \param[out] lifetime On success, the lifetime value.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
-                                  psa_key_lifetime_t *lifetime);
-
-
-/** Allocate a key slot for a transient key, i.e. a key which is only stored
- * in volatile memory.
- *
- * The allocated key slot and its handle remain valid until the
- * application calls psa_close_key() or psa_destroy_key() or until the
- * application terminates.
- *
- * \param[out] handle   On success, a handle to a volatile key slot.
- *
- * \retval #PSA_SUCCESS
- *         Success. The application can now use the value of `*handle`
- *         to access the newly allocated key slot.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         There was not enough memory, or the maximum number of key slots
- *         has been reached.
- */
-psa_status_t psa_allocate_key(psa_key_handle_t *handle);
-
 /** Open a handle to an existing persistent key.
  *
- * Open a handle to a key which was previously created with psa_create_key().
+ * Open a handle to a persistent key. A key is persistent if it was created
+ * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
+ * always has a nonzero key identifier, set with psa_set_key_id() when
+ * creating the key. Implementations may provide additional pre-provisioned
+ * keys with identifiers in the range
+ * #PSA_KEY_ID_VENDOR_MIN&ndash;#PSA_KEY_ID_VENDOR_MAX.
  *
- * \param lifetime      The lifetime of the key. This designates a storage
- *                      area where the key material is stored. This must not
- *                      be #PSA_KEY_LIFETIME_VOLATILE.
+ * The application must eventually close the handle with psa_close_key()
+ * to release associated resources. If the application dies without calling
+ * psa_close_key(), the implementation should perform the equivalent of a
+ * call to psa_close_key().
+ *
+ * Implementations may provide additional keys that can be opened with
+ * psa_open_key(). Such keys have a key identifier in the vendor range,
+ * as documented in the description of #psa_key_id_t.
+ *
  * \param id            The persistent identifier of the key.
- * \param[out] handle   On success, a handle to a key slot which contains
- *                      the data and metadata loaded from the specified
- *                      persistent location.
+ * \param[out] handle   On success, a handle to the key.
  *
  * \retval #PSA_SUCCESS
  *         Success. The application can now use the value of `*handle`
- *         to access the newly allocated key slot.
+ *         to access the key.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p id is invalid for the specified lifetime.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p lifetime is not supported.
+ *         \p id is invalid.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The specified key exists, but the application does not have the
  *         permission to access it. Note that this specification does not
  *         define any way to create such a key, but it may be possible
  *         through implementation-specific means.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_STORAGE_FAILURE
  */
-psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
-                          psa_key_id_t id,
+psa_status_t psa_open_key(psa_key_id_t id,
                           psa_key_handle_t *handle);
 
-/** Create a new persistent key slot.
- *
- * Create a new persistent key slot and return a handle to it. The handle
- * remains valid until the application calls psa_close_key() or terminates.
- * The application can open the key again with psa_open_key() until it
- * removes the key by calling psa_destroy_key().
- *
- * \param lifetime      The lifetime of the key. This designates a storage
- *                      area where the key material is stored. This must not
- *                      be #PSA_KEY_LIFETIME_VOLATILE.
- * \param id            The persistent identifier of the key.
- * \param[out] handle   On success, a handle to the newly created key slot.
- *                      When key material is later created in this key slot,
- *                      it will be saved to the specified persistent location.
- *
- * \retval #PSA_SUCCESS
- *         Success. The application can now use the value of `*handle`
- *         to access the newly allocated key slot.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
- *         There is already a key with the identifier \p id in the storage
- *         area designated by \p lifetime.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p id is invalid for the specified lifetime.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p lifetime is not supported.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         \p lifetime is valid, but the application does not have the
- *         permission to create a key there.
- */
-psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
-                            psa_key_id_t id,
-                            psa_key_handle_t *handle);
 
 /** Close a key handle.
  *
@@ -345,7 +505,7 @@
  * free all associated resources, just like psa_destroy_key().
  *
  * If the handle designates a persistent key, free all resources associated
- * with the key in volatile memory. The key slot in persistent storage is
+ * with the key in volatile memory. The key in persistent storage is
  * not affected and can be opened again later with psa_open_key().
  *
  * If the key is currently in use in a multipart operation,
@@ -380,68 +540,75 @@
  * minimize the risk that an invalid input is accidentally interpreted
  * according to a different format.
  *
- * \param handle      Handle to the slot where the key will be stored.
- *                    It must have been obtained by calling
- *                    psa_allocate_key() or psa_create_key() and must
- *                    not contain key material yet.
- * \param type        Key type (a \c PSA_KEY_TYPE_XXX value). On a successful
- *                    import, the key slot will contain a key of this type.
+
+ * \param[in] attributes    The attributes for the new key.
+ *                          The key size is always determined from the
+ *                          \p data buffer.
+ *                          If the key size in \p attributes is nonzero,
+ *                          it must be equal to the size from \p data.
+ * \param[out] handle       On success, a handle to the newly created key.
+ *                          \c 0 on failure.
  * \param[in] data    Buffer containing the key data. The content of this
- *                    buffer is interpreted according to \p type. It must
- *                    contain the format described in the documentation
+ *                    buffer is interpreted according to the type declared
+ *                    in \p attributes.
+ *                    All implementations must support at least the format
+ *                    described in the documentation
  *                    of psa_export_key() or psa_export_public_key() for
- *                    the chosen type.
+ *                    the chosen type. Implementations may allow other
+ *                    formats, but should be conservative: implementations
+ *                    should err on the side of rejecting content if it
+ *                    may be erroneous (e.g. wrong type or truncated data).
  * \param data_length Size of the \p data buffer in bytes.
  *
  * \retval #PSA_SUCCESS
  *         Success.
  *         If the key is persistent, the key material and the key's metadata
  *         have been saved to persistent storage.
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ *         This is an attempt to create a persistent key, and there is
+ *         already a persistent key with the given identifier.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         The key type or key size is not supported, either by the
- *         implementation in general or in this particular slot.
+ *         implementation in general or in this particular persistent location.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key slot is invalid,
- *         or the key data is not correctly formatted.
- * \retval #PSA_ERROR_OCCUPIED_SLOT
- *         There is already a key in the specified slot.
+ *         The key attributes, as a whole, are invalid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The key data is not correctly formatted.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The size in \p attributes is nonzero and does not match the size
+ *         of the key data.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t psa_import_key(psa_key_handle_t handle,
-                            psa_key_type_t type,
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
                             const uint8_t *data,
-                            size_t data_length);
+                            size_t data_length,
+                            psa_key_handle_t *handle);
 
 /**
  * \brief Destroy a key.
  *
- * This function destroys the content of the key slot from both volatile
+ * This function destroys a key from both volatile
  * memory and, if applicable, non-volatile storage. Implementations shall
- * make a best effort to ensure that any previous content of the slot is
- * unrecoverable.
+ * make a best effort to ensure that that the key material cannot be recovered.
  *
  * This function also erases any metadata such as policies and frees all
  * resources associated with the key.
  *
- * If the key is currently in use in a multipart operation,
- * the multipart operation is aborted.
- *
- * \param handle        Handle to the key slot to erase.
+ * \param handle        Handle to the key to erase.
  *
  * \retval #PSA_SUCCESS
- *         The slot's content, if any, has been erased.
+ *         The key material has been erased.
  * \retval #PSA_ERROR_NOT_PERMITTED
- *         The slot holds content and cannot be erased because it is
+ *         The key cannot be erased because it is
  *         read-only, either due to a policy or due to physical restrictions.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -452,7 +619,7 @@
  *         to erase key material even in this stage, however applications
  *         should be aware that it may be impossible to guarantee that the
  *         key material is not recoverable in such cases.
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  *         An unexpected condition which is not a storage corruption or
  *         a communication failure occurred. The cryptoprocessor may have
  *         been compromised.
@@ -464,133 +631,6 @@
 psa_status_t psa_destroy_key(psa_key_handle_t handle);
 
 /**
- * \brief Get basic metadata about a key.
- *
- * \param handle        Handle to the key slot to query.
- * \param[out] type     On success, the key type (a \c PSA_KEY_TYPE_XXX value).
- *                      This may be a null pointer, in which case the key type
- *                      is not written.
- * \param[out] bits     On success, the key size in bits.
- *                      This may be a null pointer, in which case the key size
- *                      is not written.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
- *         The handle is to a key slot which does not contain key material yet.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_get_key_information(psa_key_handle_t handle,
-                                     psa_key_type_t *type,
-                                     size_t *bits);
-
-/**
- * \brief Set domain parameters for a key.
- *
- * Some key types require additional domain parameters to be set before import
- * or generation of the key. The domain parameters can be set with this
- * function or, for key generation, through the \c extra parameter of
- * psa_generate_key().
- *
- * The format for the required domain parameters varies by the key type.
- * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY),
- *   the `Dss-Parms` format as defined by RFC 3279 &sect;2.3.2.
- *   ```
- *   Dss-Parms ::= SEQUENCE  {
- *      p       INTEGER,
- *      q       INTEGER,
- *      g       INTEGER
- *   }
- *   ```
- * - For Diffie-Hellman key exchange keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY), the
- *   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
- *   ```
- *   DomainParameters ::= SEQUENCE {
- *      p               INTEGER,                    -- odd prime, p=jq +1
- *      g               INTEGER,                    -- generator, g
- *      q               INTEGER,                    -- factor of p-1
- *      j               INTEGER OPTIONAL,           -- subgroup factor
- *      validationParms ValidationParms OPTIONAL
- *   }
- *   ValidationParms ::= SEQUENCE {
- *      seed            BIT STRING,
- *      pgenCounter     INTEGER
- *   }
- *   ```
- *
- * \param handle      Handle to the slot where the key will be stored.
- *                    This must be a valid slot for a key of the chosen
- *                    type: it must have been obtained by calling
- *                    psa_allocate_key() or psa_create_key() with the
- *                    correct \p type and with a maximum size that is
- *                    compatible with \p data. It must not contain
- *                    key material yet.
- * \param type        Key type (a \c PSA_KEY_TYPE_XXX value). When
- *                    subsequently creating key material into \p handle,
- *                    the type must be compatible.
- * \param[in] data    Buffer containing the key domain parameters. The content
- *                    of this buffer is interpreted according to \p type. of
- *                    psa_export_key() or psa_export_public_key() for the
- *                    chosen type.
- * \param data_length Size of the \p data buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
- *         There is already a key in the specified slot.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_set_key_domain_parameters(psa_key_handle_t handle,
-                                           psa_key_type_t type,
-                                           const uint8_t *data,
-                                           size_t data_length);
-
-/**
- * \brief Get domain parameters for a key.
- *
- * Get the domain parameters for a key with this function, if any. The format
- * of the domain parameters written to \p data is specified in the
- * documentation for psa_set_key_domain_parameters().
- *
- * \param handle            Handle to the key to get domain parameters from.
- * \param[out] data         On success, the key domain parameters.
- * \param data_size         Size of the \p data buffer in bytes.
- * \param[out] data_length  On success, the number of bytes
- *                          that make up the key domain parameters data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
- *         There is no key in the specified slot.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle,
-                                           uint8_t *data,
-                                           size_t data_size,
-                                           size_t *data_length);
-
-/**
  * \brief Export a key in binary format.
  *
  * The output of this function can be passed to psa_import_key() to
@@ -609,7 +649,7 @@
  *   correct.
  * - For Triple-DES, the format is the concatenation of the
  *   two or three DES keys.
- * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEYPAIR), the format
+ * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
  *   is the non-encrypted DER encoding of the representation defined by
  *   PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
  *   ```
@@ -625,12 +665,8 @@
  *       coefficient         INTEGER,  -- (inverse of q) mod p
  *   }
  *   ```
- * - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format is the
- *   representation of the private key `x` as a big-endian byte string. The
- *   length of the byte string is the private key size in bytes (leading zeroes
- *   are not stripped).
  * - For elliptic curve key pairs (key types for which
- *   #PSA_KEY_TYPE_IS_ECC_KEYPAIR is true), the format is
+ *   #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
  *   a representation of the private value as a `ceiling(m/8)`-byte string
  *   where `m` is the bit size associated with the curve, i.e. the bit size
  *   of the order of the curve's coordinate field. This byte string is
@@ -640,13 +676,16 @@
  *   and `PSA_ECC_CURVE_BRAINPOOL_PXXX`).
  *   This is the content of the `privateKey` field of the `ECPrivateKey`
  *   format defined by RFC 5915.
- * - For Diffie-Hellman key exchange key pairs (#PSA_KEY_TYPE_DH_KEYPAIR), the
+ * - For Diffie-Hellman key exchange key pairs (key types for which
+ *   #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
  *   format is the representation of the private key `x` as a big-endian byte
  *   string. The length of the byte string is the private key size in bytes
  *   (leading zeroes are not stripped).
  * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
  *   true), the format is the same as for psa_export_public_key().
  *
+ * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
+ *
  * \param handle            Handle to the key to export.
  * \param[out] data         Buffer where the key data is to be written.
  * \param data_size         Size of the \p data buffer in bytes.
@@ -655,8 +694,9 @@
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
+ *         The key does not have the #PSA_KEY_USAGE_EXPORT flag.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p data buffer is too small. You can determine a
@@ -666,7 +706,7 @@
  *         and \c bits is the key size in bits.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -706,15 +746,15 @@
  *      - The byte 0x04;
  *      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
  *      - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
- * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY), the format is the
- *   representation of the public key `y = g^x mod p` as a big-endian byte
- *   string. The length of the byte string is the length of the base prime `p`
- *   in bytes.
- * - For Diffie-Hellman key exchange public keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY),
+ * - For Diffie-Hellman key exchange public keys (key types for which
+ *   #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
  *   the format is the representation of the public key `y = g^x mod p` as a
  *   big-endian byte string. The length of the byte string is the length of the
  *   base prime `p` in bytes.
  *
+ * Exporting a public key object or the public part of a key pair is
+ * always permitted, regardless of the key's usage flags.
+ *
  * \param handle            Handle to the key to export.
  * \param[out] data         Buffer where the key data is to be written.
  * \param data_size         Size of the \p data buffer in bytes.
@@ -723,19 +763,19 @@
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The key is neither a public key nor a key pair.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p data buffer is too small. You can determine a
  *         sufficient buffer size by calling
- *         #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(\c type), \c bits)
+ *         #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
  *         where \c type is the key type
  *         and \c bits is the key size in bits.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -750,54 +790,72 @@
  *
  * Copy key material from one location to another.
  *
- * This function is primarily useful to copy a key from one lifetime
- * to another. The target key retains its lifetime and location.
+ * This function is primarily useful to copy a key from one location
+ * to another, since it populates a key using the material from
+ * another key which may have a different lifetime.
  *
- * In an implementation where slots have different ownerships,
- * this function may be used to share a key with a different party,
+ * This function may be used to share a key with a different party,
  * subject to implementation-defined restrictions on key sharing.
- * In this case \p constraint would typically prevent the recipient
- * from exporting the key.
  *
- * The resulting key may only be used in a way that conforms to all
- * three of: the policy of the source key, the policy previously set
- * on the target, and the \p constraint parameter passed when calling
- * this function.
+ * The policy on the source key must have the usage flag
+ * #PSA_KEY_USAGE_COPY set.
+ * This flag is sufficient to permit the copy if the key has the lifetime
+ * #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
+ * Some secure elements do not provide a way to copy a key without
+ * making it extractable from the secure element. If a key is located
+ * in such a secure element, then the key must have both usage flags
+ * #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
+ * a copy of the key outside the secure element.
+ *
+ * The resulting key may only be used in a way that conforms to
+ * both the policy of the original key and the policy specified in
+ * the \p attributes parameter:
  * - The usage flags on the resulting key are the bitwise-and of the
- *   usage flags on the source policy, the previously-set target policy
- *   and the policy constraint.
- * - If all three policies allow the same algorithm or wildcard-based
+ *   usage flags on the source policy and the usage flags in \p attributes.
+ * - If both allow the same algorithm or wildcard-based
  *   algorithm policy, the resulting key has the same algorithm policy.
- * - If one of the policies allows an algorithm and all the other policies
- *   either allow the same algorithm or a wildcard-based algorithm policy
- *   that includes this algorithm, the resulting key allows the same
- *   algorithm.
+ * - If either of the policies allows an algorithm and the other policy
+ *   allows a wildcard-based algorithm policy that includes this algorithm,
+ *   the resulting key allows the same algorithm.
+ * - If the policies do not allow any algorithm in common, this function
+ *   fails with the status #PSA_ERROR_INVALID_ARGUMENT.
  *
- * The effect of this function on implementation-defined metadata is
+ * The effect of this function on implementation-defined attributes is
  * implementation-defined.
  *
- * \param source_handle     The key to copy. It must be a handle to an
- *                          occupied slot.
- * \param target_handle     A handle to the target slot. It must not contain
- *                          key material yet.
- * \param[in] constraint    An optional policy constraint. If this parameter
- *                          is non-null then the resulting key will conform
- *                          to this policy in addition to the source policy
- *                          and the policy already present on the target
- *                          slot. If this parameter is null then the
- *                          function behaves in the same way as if it was
- *                          the target policy, i.e. only the source and
- *                          target policies apply.
+ * \param source_handle     The key to copy. It must be a valid key handle.
+ * \param[in] attributes    The attributes for the new key.
+ *                          They are used as follows:
+ *                          - The key type and size may be 0. If either is
+ *                            nonzero, it must match the corresponding
+ *                            attribute of the source key.
+ *                          - The key location (the lifetime and, for
+ *                            persistent keys, the key identifier) is
+ *                            used directly.
+ *                          - The policy constraints (usage flags and
+ *                            algorithm policy) are combined from
+ *                            the source key and \p attributes so that
+ *                            both sets of restrictions apply, as
+ *                            described in the documentation of this function.
+ * \param[out] target_handle On success, a handle to the newly created key.
+ *                          \c 0 on failure.
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
- *         \p target already contains key material.
- * \retval #PSA_ERROR_EMPTY_SLOT
- *         \p source does not contain key material.
+ *         \p source_handle is invalid.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ *         This is an attempt to create a persistent key, and there is
+ *         already a persistent key with the given identifier.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The policy constraints on the source, on the target and
- *         \p constraints are incompatible.
+ *         The lifetime or identifier in \p attributes are invalid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The policy constraints on the source and specified in
+ *         \p attributes are incompatible.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p attributes specifies a key type or key size
+ *         which does not match the attributes of the source key.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The source key is not exportable and its lifetime does not
  *         allow copying it to the target's lifetime.
@@ -805,11 +863,11 @@
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_copy_key(psa_key_handle_t source_handle,
-                          psa_key_handle_t target_handle,
-                          const psa_key_policy_t *constraint);
+                          const psa_key_attributes_t *attributes,
+                          psa_key_handle_t *target_handle);
 
 /**@}*/
 
@@ -839,7 +897,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_compute(psa_algorithm_t alg,
                               const uint8_t *input,
@@ -868,7 +926,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_compare(psa_algorithm_t alg,
                               const uint8_t *input,
@@ -956,10 +1014,13 @@
  *         Success.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a hash algorithm.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (already set up and not
+ *         subsequently completed).
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
                             psa_algorithm_t alg);
@@ -981,7 +1042,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_update(psa_hash_operation_t *operation,
                              const uint8_t *input,
@@ -1022,7 +1083,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
                              uint8_t *hash,
@@ -1058,7 +1119,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
                              const uint8_t *hash,
@@ -1089,7 +1150,7 @@
  *         \p operation is not an active hash operation.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
 
@@ -1115,7 +1176,7 @@
  *         \p target_operation is active.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
                             psa_hash_operation_t *target_operation);
@@ -1149,16 +1210,15 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a MAC algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -1188,16 +1248,15 @@
  *         The MAC of the message was calculated successfully, but it
  *         differs from the expected value.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a MAC algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_mac_verify(psa_key_handle_t handle,
                             psa_algorithm_t alg,
@@ -1291,16 +1350,19 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a MAC algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (already set up and not
+ *         subsequently completed).
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -1348,7 +1410,7 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c key is not compatible with \c alg.
@@ -1357,7 +1419,10 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (already set up and not
+ *         subsequently completed).
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -1386,7 +1451,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_mac_update(psa_mac_operation_t *operation,
                             const uint8_t *input,
@@ -1428,7 +1493,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
                                  uint8_t *mac,
@@ -1464,7 +1529,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
                                    const uint8_t *mac,
@@ -1496,7 +1561,7 @@
  *         \p operation is not an active MAC operation.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
 
@@ -1529,17 +1594,16 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a cipher algorithm.
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_cipher_encrypt(psa_key_handle_t handle,
                                 psa_algorithm_t alg,
@@ -1571,17 +1635,16 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a cipher algorithm.
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_cipher_decrypt(psa_key_handle_t handle,
                                 psa_algorithm_t alg,
@@ -1677,16 +1740,19 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a cipher algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (already set up and not
+ *         subsequently completed).
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -1736,16 +1802,19 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not a cipher algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The operation state is not valid (already set up and not
+ *         subsequently completed).
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -1781,7 +1850,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
                                     unsigned char *iv,
@@ -1816,7 +1885,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
                                const unsigned char *iv,
@@ -1852,7 +1921,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
                                const uint8_t *input,
@@ -1890,7 +1959,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
                                uint8_t *output,
@@ -1923,7 +1992,7 @@
  *         \p operation is not an active cipher operation.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
 
@@ -1964,16 +2033,16 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not an AEAD algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -2020,18 +2089,18 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_INVALID_SIGNATURE
  *         The ciphertext is not authentic.
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not an AEAD algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -2141,16 +2210,15 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not an AEAD algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -2203,16 +2271,15 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
+ *         \p handle is not compatible with \p alg.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         \p alg is not supported or is not an AEAD algorithm.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -2249,7 +2316,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
                                      unsigned char *nonce,
@@ -2283,7 +2350,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
                                 const unsigned char *nonce,
@@ -2321,7 +2388,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
                                   size_t ad_length,
@@ -2363,7 +2430,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
                                 const uint8_t *input,
@@ -2394,12 +2461,24 @@
  *          - In particular, do not copy the output anywhere but to a
  *            memory or storage space that you have exclusive access to.
  *
+ * This function does not require the input to be aligned to any
+ * particular block boundary. If the implementation can only process
+ * a whole block at a time, it must consume all the input provided, but
+ * it may delay the end of the corresponding output until a subsequent
+ * call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()
+ * provides sufficient input. The amount of data that can be delayed
+ * in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+ *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] input             Buffer containing the message fragment to
  *                              encrypt or decrypt.
  * \param input_length          Size of the \p input buffer in bytes.
  * \param[out] output           Buffer where the output is to be written.
  * \param output_size           Size of the \p output buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg,
+ *                              \p input_length) where \c alg is the
+ *                              algorithm that is being calculated.
  * \param[out] output_length    On success, the number of bytes
  *                              that make up the returned output.
  *
@@ -2410,6 +2489,9 @@
  *         or already completed).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of the \p output buffer is too small.
+ *         You can determine a sufficient buffer size by calling
+ *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length)
+ *         where \c alg is the algorithm that is being calculated.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
@@ -2420,7 +2502,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_update(psa_aead_operation_t *operation,
                              const uint8_t *input,
@@ -2440,11 +2522,9 @@
  *
  * This function has two output buffers:
  * - \p ciphertext contains trailing ciphertext that was buffered from
- *   preceding calls to psa_aead_update(). For all standard AEAD algorithms,
- *   psa_aead_update() does not buffer any output and therefore \p ciphertext
- *   will not contain any output and can be a 0-sized buffer.
+ *   preceding calls to psa_aead_update().
  * - \p tag contains the authentication tag. Its length is always
- *   #PSA_AEAD_TAG_LENGTH(\p alg) where \p alg is the AEAD algorithm
+ *   #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
  *   that the operation performs.
  *
  * When this function returns, the operation becomes inactive.
@@ -2453,11 +2533,18 @@
  * \param[out] ciphertext       Buffer where the last part of the ciphertext
  *                              is to be written.
  * \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where
+ *                              \c alg is the algorithm that is being
+ *                              calculated.
  * \param[out] ciphertext_length On success, the number of bytes of
  *                              returned ciphertext.
  * \param[out] tag              Buffer where the authentication tag is
  *                              to be written.
  * \param tag_size              Size of the \p tag buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is
+ *                              the algorithm that is being calculated.
  * \param[out] tag_length       On success, the number of bytes
  *                              that make up the returned tag.
  *
@@ -2467,7 +2554,12 @@
  *         The operation state is not valid (not set up, nonce not set,
  *         decryption, or already completed).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
+ *         The size of the \p ciphertext or \p tag buffer is too small.
+ *         You can determine a sufficient buffer size for \p ciphertext by
+ *         calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg)
+ *         where \c alg is the algorithm that is being calculated.
+ *         You can determine a sufficient buffer size for \p tag by
+ *         calling #PSA_AEAD_TAG_LENGTH(\c alg).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
@@ -2479,7 +2571,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
                              uint8_t *ciphertext,
@@ -2501,6 +2593,18 @@
  * When this function returns, the operation becomes inactive.
  *
  * \param[in,out] operation     Active AEAD operation.
+ * \param[out] plaintext        Buffer where the last part of the plaintext
+ *                              is to be written. This is the remaining data
+ *                              from previous calls to psa_aead_update()
+ *                              that could not be processed until the end
+ *                              of the input.
+ * \param plaintext_size        Size of the \p plaintext buffer in bytes.
+ *                              This must be at least
+ *                              #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where
+ *                              \c alg is the algorithm that is being
+ *                              calculated.
+ * \param[out] plaintext_length On success, the number of bytes of
+ *                              returned plaintext.
  * \param[in] tag               Buffer containing the authentication tag.
  * \param tag_length            Size of the \p tag buffer in bytes.
  *
@@ -2510,7 +2614,10 @@
  *         The operation state is not valid (not set up, nonce not set,
  *         encryption, or already completed).
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
+ *         The size of the \p plaintext buffer is too small.
+ *         You can determine a sufficient buffer size for \p plaintext by
+ *         calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg)
+ *         where \c alg is the algorithm that is being calculated.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         The total length of input to psa_aead_update_ad() so far is
  *         less than the additional data length that was previously
@@ -2522,9 +2629,12 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+                             uint8_t *plaintext,
+                             size_t plaintext_size,
+                             size_t *plaintext_length,
                              const uint8_t *tag,
                              size_t tag_length);
 
@@ -2554,7 +2664,7 @@
  *         \p operation is not an active AEAD operation.
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
 
@@ -2576,7 +2686,7 @@
  * \param handle                Handle to the key to use for the operation.
  *                              It must be an asymmetric key pair.
  * \param alg                   A signature algorithm that is compatible with
- *                              the type of \p key.
+ *                              the type of \p handle.
  * \param[in] hash              The hash or message to sign.
  * \param hash_length           Size of the \p hash buffer in bytes.
  * \param[out] signature        Buffer where the signature is to be written.
@@ -2590,13 +2700,13 @@
  *         determine a sufficient buffer size by calling
  *         #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
  *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of \p key.
+ *         respectively of \p handle.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
@@ -2623,7 +2733,7 @@
  * \param handle            Handle to the key to use for the operation.
  *                          It must be a public key or an asymmetric key pair.
  * \param alg               A signature algorithm that is compatible with
- *                          the type of \p key.
+ *                          the type of \p handle.
  * \param[in] hash          The hash or message whose signature is to be
  *                          verified.
  * \param hash_length       Size of the \p hash buffer in bytes.
@@ -2640,7 +2750,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -2660,7 +2770,7 @@
  *                              It must be a public key or an asymmetric
  *                              key pair.
  * \param alg                   An asymmetric encryption algorithm that is
- *                              compatible with the type of \p key.
+ *                              compatible with the type of \p handle.
  * \param[in] input             The message to encrypt.
  * \param input_length          Size of the \p input buffer in bytes.
  * \param[in] salt              A salt or label, if supported by the
@@ -2687,13 +2797,13 @@
  *         determine a sufficient buffer size by calling
  *         #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
  *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of \p key.
+ *         respectively of \p handle.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
@@ -2716,7 +2826,7 @@
  * \param handle                Handle to the key to use for the operation.
  *                              It must be an asymmetric key pair.
  * \param alg                   An asymmetric encryption algorithm that is
- *                              compatible with the type of \p key.
+ *                              compatible with the type of \p handle.
  * \param[in] input             The message to decrypt.
  * \param input_length          Size of the \p input buffer in bytes.
  * \param[in] salt              A salt or label, if supported by the
@@ -2743,13 +2853,13 @@
  *         determine a sufficient buffer size by calling
  *         #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
  *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of \p key.
+ *         respectively of \p handle.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
  * \retval #PSA_ERROR_INVALID_PADDING
  * \retval #PSA_ERROR_BAD_STATE
@@ -2769,233 +2879,85 @@
 
 /**@}*/
 
-/** \defgroup generators Generators
+/** \defgroup key_derivation Key derivation and pseudorandom generation
  * @{
  */
 
-/** The type of the state data structure for generators.
+/** The type of the state data structure for key derivation operations.
  *
- * Before calling any function on a generator, the application must
- * initialize it by any of the following means:
+ * Before calling any function on a key derivation operation object, the
+ * application must initialize it by any of the following means:
  * - Set the structure to all-bits-zero, for example:
  *   \code
- *   psa_crypto_generator_t generator;
- *   memset(&generator, 0, sizeof(generator));
+ *   psa_key_derivation_operation_t operation;
+ *   memset(&operation, 0, sizeof(operation));
  *   \endcode
  * - Initialize the structure to logical zero values, for example:
  *   \code
- *   psa_crypto_generator_t generator = {0};
+ *   psa_key_derivation_operation_t operation = {0};
  *   \endcode
- * - Initialize the structure to the initializer #PSA_CRYPTO_GENERATOR_INIT,
+ * - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
  *   for example:
  *   \code
- *   psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ *   psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
  *   \endcode
- * - Assign the result of the function psa_crypto_generator_init()
+ * - Assign the result of the function psa_key_derivation_operation_init()
  *   to the structure, for example:
  *   \code
- *   psa_crypto_generator_t generator;
- *   generator = psa_crypto_generator_init();
+ *   psa_key_derivation_operation_t operation;
+ *   operation = psa_key_derivation_operation_init();
  *   \endcode
  *
  * This is an implementation-defined \c struct. Applications should not
  * make any assumptions about the content of this structure except
  * as directed by the documentation of a specific implementation.
  */
-typedef struct psa_crypto_generator_s psa_crypto_generator_t;
+typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
 
-/** \def PSA_CRYPTO_GENERATOR_INIT
+/** \def PSA_KEY_DERIVATION_OPERATION_INIT
  *
- * This macro returns a suitable initializer for a generator object
- * of type #psa_crypto_generator_t.
+ * This macro returns a suitable initializer for a key derivation operation
+ * object of type #psa_key_derivation_operation_t.
  */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
  * Implementations should define a suitable value in `crypto_struct.h`.
  */
-#define PSA_CRYPTO_GENERATOR_INIT {0}
+#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
 #endif
 
-/** Return an initial value for a generator object.
+/** Return an initial value for a key derivation operation object.
  */
-static psa_crypto_generator_t psa_crypto_generator_init(void);
-
-/** Retrieve the current capacity of a generator.
- *
- * The capacity of a generator is the maximum number of bytes that it can
- * return. Reading *N* bytes from a generator reduces its capacity by *N*.
- *
- * \param[in] generator     The generator to query.
- * \param[out] capacity     On success, the capacity of the generator.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- */
-psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
-                                        size_t *capacity);
-
-/** Set the maximum capacity of a generator.
- *
- * \param[in,out] generator The generator object to modify.
- * \param capacity          The new capacity of the generator.
- *                          It must be less or equal to the generator's
- *                          current capacity.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p capacity is larger than the generator's current capacity.
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- */
-psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator,
-                                        size_t capacity);
-
-/** Read some data from a generator.
- *
- * This function reads and returns a sequence of bytes from a generator.
- * The data that is read is discarded from the generator. The generator's
- * capacity is decreased by the number of bytes read.
- *
- * \param[in,out] generator The generator object to read from.
- * \param[out] output       Buffer where the generator output will be
- *                          written.
- * \param output_length     Number of bytes to output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
- *                          There were fewer than \p output_length bytes
- *                          in the generator. Note that in this case, no
- *                          output is written to the output buffer.
- *                          The generator's capacity is set to 0, thus
- *                          subsequent calls to this function will not
- *                          succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- */
-psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
-                                uint8_t *output,
-                                size_t output_length);
-
-/** Create a symmetric key from data read from a generator.
- *
- * This function reads a sequence of bytes from a generator and imports
- * these bytes as a key.
- * The data that is read is discarded from the generator. The generator's
- * capacity is decreased by the number of bytes read.
- *
- * This function is equivalent to calling #psa_generator_read and
- * passing the resulting output to #psa_import_key, but
- * if the implementation provides an isolation boundary then
- * the key material is not exposed outside the isolation boundary.
- *
- * \param handle            Handle to the slot where the key will be stored.
- *                          It must have been obtained by calling
- *                          psa_allocate_key() or psa_create_key() and must
- *                          not contain key material yet.
- * \param type              Key type (a \c PSA_KEY_TYPE_XXX value).
- *                          This must be a symmetric key type.
- * \param bits              Key size in bits.
- * \param[in,out] generator The generator object to read from.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- *         If the key is persistent, the key material and the key's metadata
- *         have been saved to persistent storage.
- * \retval #PSA_ERROR_INSUFFICIENT_CAPACITY
- *                          There were fewer than \p output_length bytes
- *                          in the generator. Note that in this case, no
- *                          output is written to the output buffer.
- *                          The generator's capacity is set to 0, thus
- *                          subsequent calls to this function will not
- *                          succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         The key type or key size is not supported, either by the
- *         implementation in general or in this particular slot.
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
- *         There is already a key in the specified slot.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_generator_import_key(psa_key_handle_t handle,
-                                      psa_key_type_t type,
-                                      size_t bits,
-                                      psa_crypto_generator_t *generator);
-
-/** Abort a generator.
- *
- * Once a generator has been aborted, its capacity is zero.
- * Aborting a generator frees all associated resources except for the
- * \c generator structure itself.
- *
- * This function may be called at any time as long as the generator
- * object has been initialized to #PSA_CRYPTO_GENERATOR_INIT, to
- * psa_crypto_generator_init() or a zero value. In particular, it is valid
- * to call psa_generator_abort() twice, or to call psa_generator_abort()
- * on a generator that has not been set up.
- *
- * Once aborted, the generator object may be called.
- *
- * \param[in,out] generator    The generator to abort.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- */
-psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
-
-/** Use the maximum possible capacity for a generator.
- *
- * Use this value as the capacity argument when setting up a generator
- * to indicate that the generator should have the maximum possible capacity.
- * The value of the maximum possible capacity depends on the generator
- * algorithm.
- */
-#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))
-
-/**@}*/
-
-/** \defgroup derivation Key derivation
- * @{
- */
+static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
 
 /** Set up a key derivation operation.
  *
- * A key derivation algorithm takes some inputs and uses them to create
- * a byte generator which can be used to produce keys and other
+ * A key derivation algorithm takes some inputs and uses them to generate
+ * a byte stream in a deterministic way.
+ * This byte stream can be used to produce keys and other
  * cryptographic material.
  *
- * To use a generator for key derivation:
- * - Start with an initialized object of type #psa_crypto_generator_t.
+ * To derive a key:
+ * - Start with an initialized object of type #psa_key_derivation_operation_t.
  * - Call psa_key_derivation_setup() to select the algorithm.
  * - Provide the inputs for the key derivation by calling
  *   psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
  *   as appropriate. Which inputs are needed, in what order, and whether
  *   they may be keys and if so of what type depends on the algorithm.
- * - Optionally set the generator's maximum capacity with
- *   psa_set_generator_capacity(). You may do this before, in the middle of
- *   or after providing inputs. For some algorithms, this step is mandatory
+ * - Optionally set the operation's maximum capacity with
+ *   psa_key_derivation_set_capacity(). You may do this before, in the middle
+ *   of or after providing inputs. For some algorithms, this step is mandatory
  *   because the output depends on the maximum capacity.
- * - Generate output with psa_generator_read() or
- *   psa_generator_import_key(). Successive calls to these functions
- *   use successive output bytes from the generator.
- * - Clean up the generator object with psa_generator_abort().
+ * - To derive a key, call psa_key_derivation_output_key().
+ *   To derive a byte string for a different purpose, call
+ * - psa_key_derivation_output_bytes().
+ *   Successive calls to these functions use successive output bytes
+ *   calculated by the key derivation algorithm.
+ * - Clean up the key derivation operation object with
+ *   psa_key_derivation_abort().
  *
- * \param[in,out] generator       The generator object to set up. It must
+ * \param[in,out] operation       The key derivation operation object
+ *                                to set up. It must
  *                                have been initialized but not set up yet.
  * \param alg                     The key derivation algorithm to compute
  *                                (\c PSA_ALG_XXX value such that
@@ -3010,11 +2972,60 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  */
-psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator,
-                                      psa_algorithm_t alg);
+psa_status_t psa_key_derivation_setup(
+    psa_key_derivation_operation_t *operation,
+    psa_algorithm_t alg);
+
+/** Retrieve the current capacity of a key derivation operation.
+ *
+ * The capacity of a key derivation is the maximum number of bytes that it can
+ * return. When you get *N* bytes of output from a key derivation operation,
+ * this reduces its capacity by *N*.
+ *
+ * \param[in] operation     The operation to query.
+ * \param[out] capacity     On success, the capacity of the operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ */
+psa_status_t psa_key_derivation_get_capacity(
+    const psa_key_derivation_operation_t *operation,
+    size_t *capacity);
+
+/** Set the maximum capacity of a key derivation operation.
+ *
+ * The capacity of a key derivation operation is the maximum number of bytes
+ * that the key derivation operation can return from this point onwards.
+ *
+ * \param[in,out] operation The key derivation operation object to modify.
+ * \param capacity          The new capacity of the operation.
+ *                          It must be less or equal to the operation's
+ *                          current capacity.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p capacity is larger than the operation's current capacity.
+ *         In this case, the operation object remains valid and its capacity
+ *         remains unchanged.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ */
+psa_status_t psa_key_derivation_set_capacity(
+    psa_key_derivation_operation_t *operation,
+    size_t capacity);
+
+/** Use the maximum possible capacity for a key derivation operation.
+ *
+ * Use this value as the capacity argument when setting up a key derivation
+ * to indicate that the operation should have the maximum possible capacity.
+ * The value of the maximum possible capacity depends on the key derivation
+ * algorithm.
+ */
+#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1))
 
 /** Provide an input for key derivation or key agreement.
  *
@@ -3026,8 +3037,8 @@
  * using psa_key_derivation_input_key() instead of this function. Refer to
  * the documentation of individual step types for information.
  *
- * \param[in,out] generator       The generator object to use. It must
- *                                have been set up with
+ * \param[in,out] operation       The key derivation operation object to use.
+ *                                It must have been set up with
  *                                psa_key_derivation_setup() and must not
  *                                have produced any output yet.
  * \param step                    Which step the input data is for.
@@ -3037,24 +3048,25 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the generator's algorithm.
+ *         \c step is not compatible with the operation's algorithm.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c step does not allow direct inputs.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The value of \p step is not valid given the state of \p generator.
+ *         The value of \p step is not valid given the state of \p operation.
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator,
-                                            psa_key_derivation_step_t step,
-                                            const uint8_t *data,
-                                            size_t data_length);
+psa_status_t psa_key_derivation_input_bytes(
+    psa_key_derivation_operation_t *operation,
+    psa_key_derivation_step_t step,
+    const uint8_t *data,
+    size_t data_length);
 
 /** Provide an input for key derivation in the form of a key.
  *
@@ -3067,8 +3079,8 @@
  * passed as direct inputs using psa_key_derivation_input_bytes(). Refer to
  * the documentation of individual step types for information.
  *
- * \param[in,out] generator       The generator object to use. It must
- *                                have been set up with
+ * \param[in,out] operation       The key derivation operation object to use.
+ *                                It must have been set up with
  *                                psa_key_derivation_setup() and must not
  *                                have produced any output yet.
  * \param step                    Which step the input data is for.
@@ -3079,26 +3091,27 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the generator's algorithm.
+ *         \c step is not compatible with the operation's algorithm.
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c step does not allow key inputs.
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
- *         The value of \p step is not valid given the state of \p generator.
+ *         The value of \p step is not valid given the state of \p operation.
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator,
-                                          psa_key_derivation_step_t step,
-                                          psa_key_handle_t handle);
+psa_status_t psa_key_derivation_input_key(
+    psa_key_derivation_operation_t *operation,
+    psa_key_derivation_step_t step,
+    psa_key_handle_t handle);
 
 /** Perform a key agreement and use the shared secret as input to a key
  * derivation.
@@ -3107,17 +3120,17 @@
  * a public key \p peer_key.
  * The result of this function is passed as input to a key derivation.
  * The output of this key derivation can be extracted by reading from the
- * resulting generator to produce keys and other cryptographic material.
+ * resulting operation to produce keys and other cryptographic material.
  *
- * \param[in,out] generator       The generator object to use. It must
- *                                have been set up with
+ * \param[in,out] operation       The key derivation operation object to use.
+ *                                It must have been set up with
  *                                psa_key_derivation_setup() with a
  *                                key agreement and derivation algorithm
  *                                \c alg (\c PSA_ALG_XXX value such that
- *                                #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true
- *                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
+ *                                #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
+ *                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
  *                                is false).
- *                                The generator must be ready for an
+ *                                The operation must be ready for an
  *                                input of the type given by \p step.
  * \param step                    Which step the input data is for.
  * \param private_key             Handle to the private key to use.
@@ -3126,10 +3139,10 @@
  *                          public key type corresponding to the type of
  *                          private_key. That is, this function performs the
  *                          equivalent of
- *                          #psa_import_key(`internal_public_key_handle`,
- *                          #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(`private_key_type`),
+ *                          #psa_import_key(...,
  *                          `peer_key`, `peer_key_length`) where
- *                          `private_key_type` is the type of `private_key`.
+ *                          with key attributes indicating the public key
+ *                          type corresponding to the type of `private_key`.
  *                          For example, for EC keys, this means that peer_key
  *                          is interpreted as a point on the curve that the
  *                          private key is on. The standard formats for public
@@ -3140,7 +3153,7 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \c private_key is not compatible with \c alg,
@@ -3151,26 +3164,199 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
-psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
-                               psa_key_derivation_step_t step,
-                               psa_key_handle_t private_key,
-                               const uint8_t *peer_key,
-                               size_t peer_key_length);
+psa_status_t psa_key_derivation_key_agreement(
+    psa_key_derivation_operation_t *operation,
+    psa_key_derivation_step_t step,
+    psa_key_handle_t private_key,
+    const uint8_t *peer_key,
+    size_t peer_key_length);
 
-/** Perform a key agreement and use the shared secret as input to a key
- * derivation.
+/** Read some data from a key derivation operation.
  *
- * A key agreement algorithm takes two inputs: a private key \p private_key
- * a public key \p peer_key.
+ * This function calculates output bytes from a key derivation algorithm and
+ * return those bytes.
+ * If you view the key derivation's output as a stream of bytes, this
+ * function destructively reads the requested number of bytes from the
+ * stream.
+ * The operation's capacity decreases by the number of bytes read.
+ *
+ * \param[in,out] operation The key derivation operation object to read from.
+ * \param[out] output       Buffer where the output will be written.
+ * \param output_length     Number of bytes to output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ *                          The operation's capacity was less than
+ *                          \p output_length bytes. Note that in this case,
+ *                          no output is written to the output buffer.
+ *                          The operation's capacity is set to 0, thus
+ *                          subsequent calls to this function will not
+ *                          succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_key_derivation_output_bytes(
+    psa_key_derivation_operation_t *operation,
+    uint8_t *output,
+    size_t output_length);
+
+/** Derive a key from an ongoing key derivation operation.
+ *
+ * This function calculates output bytes from a key derivation algorithm
+ * and uses those bytes to generate a key deterministically.
+ * If you view the key derivation's output as a stream of bytes, this
+ * function destructively reads as many bytes as required from the
+ * stream.
+ * The operation's capacity decreases by the number of bytes read.
+ *
+ * How much output is produced and consumed from the operation, and how
+ * the key is derived, depends on the key type:
+ *
+ * - For key types for which the key is an arbitrary sequence of bytes
+ *   of a given size, this function is functionally equivalent to
+ *   calling #psa_key_derivation_output_bytes
+ *   and passing the resulting output to #psa_import_key.
+ *   However, this function has a security benefit:
+ *   if the implementation provides an isolation boundary then
+ *   the key material is not exposed outside the isolation boundary.
+ *   As a consequence, for these key types, this function always consumes
+ *   exactly (\p bits / 8) bytes from the operation.
+ *   The following key types defined in this specification follow this scheme:
+ *
+ *     - #PSA_KEY_TYPE_AES;
+ *     - #PSA_KEY_TYPE_ARC4;
+ *     - #PSA_KEY_TYPE_CAMELLIA;
+ *     - #PSA_KEY_TYPE_DERIVE;
+ *     - #PSA_KEY_TYPE_HMAC.
+ *
+ * - For ECC keys on a Montgomery elliptic curve
+ *   (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+ *   Montgomery curve), this function always draws a byte string whose
+ *   length is determined by the curve, and sets the mandatory bits
+ *   accordingly. That is:
+ *
+ *     - #PSA_ECC_CURVE_CURVE25519: draw a 32-byte string
+ *       and process it as specified in RFC 7748 &sect;5.
+ *     - #PSA_ECC_CURVE_CURVE448: draw a 56-byte string
+ *       and process it as specified in RFC 7748 &sect;5.
+ *
+ * - For key types for which the key is represented by a single sequence of
+ *   \p bits bits with constraints as to which bit sequences are acceptable,
+ *   this function draws a byte string of length (\p bits / 8) bytes rounded
+ *   up to the nearest whole number of bytes. If the resulting byte string
+ *   is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
+ *   This process is repeated until an acceptable byte string is drawn.
+ *   The byte string drawn from the operation is interpreted as specified
+ *   for the output produced by psa_export_key().
+ *   The following key types defined in this specification follow this scheme:
+ *
+ *     - #PSA_KEY_TYPE_DES.
+ *       Force-set the parity bits, but discard forbidden weak keys.
+ *       For 2-key and 3-key triple-DES, the three keys are generated
+ *       successively (for example, for 3-key triple-DES,
+ *       if the first 8 bytes specify a weak key and the next 8 bytes do not,
+ *       discard the first 8 bytes, use the next 8 bytes as the first key,
+ *       and continue reading output from the operation to derive the other
+ *       two keys).
+ *     - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
+ *       where \c group designates any Diffie-Hellman group) and
+ *       ECC keys on a Weierstrass elliptic curve
+ *       (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+ *       Weierstrass curve).
+ *       For these key types, interpret the byte string as integer
+ *       in big-endian order. Discard it if it is not in the range
+ *       [0, *N* - 2] where *N* is the boundary of the private key domain
+ *       (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+ *       or the order of the curve's base point for ECC).
+ *       Add 1 to the resulting integer and use this as the private key *x*.
+ *       This method allows compliance to NIST standards, specifically
+ *       the methods titled "key-pair generation by testing candidates"
+ *       in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,
+ *       in FIPS 186-4 &sect;B.1.2 for DSA, and
+ *       in NIST SP 800-56A &sect;5.6.1.2.2 or
+ *       FIPS 186-4 &sect;B.4.2 for elliptic curve keys.
+ *
+ * - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
+ *   the way in which the operation output is consumed is
+ *   implementation-defined.
+ *
+ * In all cases, the data that is read is discarded from the operation.
+ * The operation's capacity is decreased by the number of bytes read.
+ *
+ * \param[in] attributes    The attributes for the new key.
+ * \param[in,out] operation The key derivation operation object to read from.
+ * \param[out] handle       On success, a handle to the newly created key.
+ *                          \c 0 on failure.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ *         If the key is persistent, the key material and the key's metadata
+ *         have been saved to persistent storage.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ *         This is an attempt to create a persistent key, and there is
+ *         already a persistent key with the given identifier.
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ *         There was not enough data to create the desired key.
+ *         Note that in this case, no output is written to the output buffer.
+ *         The operation's capacity is set to 0, thus subsequent calls to
+ *         this function will not succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         The key type or key size is not supported, either by the
+ *         implementation in general or in this particular location.
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_key_derivation_output_key(
+    const psa_key_attributes_t *attributes,
+    psa_key_derivation_operation_t *operation,
+    psa_key_handle_t *handle);
+
+/** Abort a key derivation operation.
+ *
+ * Once a key derivation operation has been aborted, its capacity is zero.
+ * Aborting an operation frees all associated resources except for the
+ * \c operation structure itself.
+ *
+ * This function may be called at any time as long as the operation
+ * object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to
+ * psa_key_derivation_operation_init() or a zero value. In particular,
+ * it is valid to call psa_key_derivation_abort() twice, or to call
+ * psa_key_derivation_abort() on an operation that has not been set up.
+ *
+ * Once aborted, the key derivation operation object may be called.
+ *
+ * \param[in,out] operation    The operation to abort.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t psa_key_derivation_abort(
+    psa_key_derivation_operation_t *operation);
+
+/** Perform a key agreement and return the raw shared secret.
  *
  * \warning The raw result of a key agreement algorithm such as finite-field
  * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
  * not be used directly as key material. It should instead be passed as
  * input to a key derivation algorithm. To chain a key agreement with
- * a key derivation, use psa_key_agreement() and other functions from
- * the key derivation and generator interface.
+ * a key derivation, use psa_key_derivation_key_agreement() and other
+ * functions from the key derivation interface.
  *
  * \param alg                     The key agreement algorithm to compute
  *                                (\c PSA_ALG_XXX value such that
@@ -3192,7 +3378,6 @@
  * \retval #PSA_SUCCESS
  *         Success.
  * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p alg is not a key agreement algorithm
@@ -3205,15 +3390,15 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
-psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg,
-                                                 psa_key_handle_t private_key,
-                                                 const uint8_t *peer_key,
-                                                 size_t peer_key_length,
-                                                 uint8_t *output,
-                                                 size_t output_size,
-                                                 size_t *output_length);
+psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
+                                   psa_key_handle_t private_key,
+                                   const uint8_t *peer_key,
+                                   size_t peer_key_length,
+                                   uint8_t *output,
+                                   size_t output_size,
+                                   size_t *output_length);
 
 /**@}*/
 
@@ -3238,7 +3423,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
@@ -3247,85 +3432,44 @@
 psa_status_t psa_generate_random(uint8_t *output,
                                  size_t output_size);
 
-/** Extra parameters for RSA key generation.
- *
- * You may pass a pointer to a structure of this type as the \c extra
- * parameter to psa_generate_key().
- */
-typedef struct {
-    uint32_t e; /**< Public exponent value. Default: 65537. */
-} psa_generate_key_extra_rsa;
-
 /**
  * \brief Generate a key or key pair.
  *
- * \param handle            Handle to the slot where the key will be stored.
- *                          It must have been obtained by calling
- *                          psa_allocate_key() or psa_create_key() and must
- *                          not contain key material yet.
- * \param type              Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param bits              Key size in bits.
- * \param[in] extra         Extra parameters for key generation. The
- *                          interpretation of this parameter depends on
- *                          \p type. All types support \c NULL to use
- *                          default parameters. Implementation that support
- *                          the generation of vendor-specific key types
- *                          that allow extra parameters shall document
- *                          the format of these extra parameters and
- *                          the default values. For standard parameters,
- *                          the meaning of \p extra is as follows:
- *                          - For a symmetric key type (a type such
- *                            that #PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) is
- *                            false), \p extra must be \c NULL.
- *                          - For an elliptic curve key type (a type
- *                            such that #PSA_KEY_TYPE_IS_ECC(\p type) is
- *                            false), \p extra must be \c NULL.
- *                          - For an RSA key (\p type is
- *                            #PSA_KEY_TYPE_RSA_KEYPAIR), \p extra is an
- *                            optional #psa_generate_key_extra_rsa structure
- *                            specifying the public exponent. The
- *                            default public exponent used when \p extra
- *                            is \c NULL is 65537.
- *                          - For an DSA key (\p type is
- *                            #PSA_KEY_TYPE_DSA_KEYPAIR), \p extra is an
- *                            optional structure specifying the key domain
- *                            parameters. The key domain parameters can also be
- *                            provided by psa_set_key_domain_parameters(),
- *                            which documents the format of the structure.
- *                          - For a DH key (\p type is
- *                            #PSA_KEY_TYPE_DH_KEYPAIR), the \p extra is an
- *                            optional structure specifying the key domain
- *                            parameters. The key domain parameters can also be
- *                            provided by psa_set_key_domain_parameters(),
- *                            which documents the format of the structure.
- * \param extra_size        Size of the buffer that \p extra
- *                          points to, in bytes. Note that if \p extra is
- *                          \c NULL then \p extra_size must be zero.
+ * The key is generated randomly.
+ * Its location, policy, type and size are taken from \p attributes.
+ *
+ * The following type-specific considerations apply:
+ * - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
+ *   the public exponent is 65537.
+ *   The modulus is a product of two probabilistic primes
+ *   between 2^{n-1} and 2^n where n is the bit size specified in the
+ *   attributes.
+ *
+ * \param[in] attributes    The attributes for the new key.
+ * \param[out] handle       On success, a handle to the newly created key.
+ *                          \c 0 on failure.
  *
  * \retval #PSA_SUCCESS
  *         Success.
  *         If the key is persistent, the key material and the key's metadata
  *         have been saved to persistent storage.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_OCCUPIED_SLOT
- *         There is already a key in the specified slot.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ *         This is an attempt to create a persistent key, and there is
+ *         already a persistent key with the given identifier.
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t psa_generate_key(psa_key_handle_t handle,
-                              psa_key_type_t type,
-                              size_t bits,
-                              const void *extra,
-                              size_t extra_size);
+psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
+                              psa_key_handle_t *handle);
 
 /**@}*/
 
diff --git a/include/psa/crypto_accel_driver.h b/include/psa/crypto_accel_driver.h
index b752fed..4a540f0 100644
--- a/include/psa/crypto_accel_driver.h
+++ b/include/psa/crypto_accel_driver.h
@@ -38,12 +38,13 @@
 extern "C" {
 #endif
 
-/** \defgroup driver_digest Message Digests
+/** \defgroup driver_digest Hardware-Accelerated Message Digests
  *
  * Generation and authentication of Message Digests (aka hashes) must be done
  * in parts using the following sequence:
  * - `psa_drv_hash_setup_t`
  * - `psa_drv_hash_update_t`
+ * - `psa_drv_hash_update_t`
  * - ...
  * - `psa_drv_hash_finish_t`
  *
@@ -64,7 +65,7 @@
 /** \brief The function prototype for the start operation of a hash (message
  * digest) operation
  *
- *  Functions that implement the prototype should be named in the following
+ *  Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
  * psa_drv_hash_<ALGO>_setup
@@ -81,7 +82,7 @@
 /** \brief The function prototype for the update operation of a hash (message
  * digest) operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
  * psa_drv_hash_<ALGO>_update
@@ -99,10 +100,10 @@
                                               const uint8_t *p_input,
                                               size_t input_length);
 
-/** \brief  The prototype for the finish operation of a hash (message digest)
- * operation
+/** \brief  The function prototype for the finish operation of a hash (message
+ * digest) operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
  * psa_drv_hash_<ALGO>_finish
@@ -130,7 +131,7 @@
 /** \brief The function prototype for the abort operation of a hash (message
  * digest) operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
  * psa_drv_hash_<ALGO>_abort
@@ -144,39 +145,39 @@
 
 /**@}*/
 
-/** \defgroup transparent_mac Transparent Message Authentication Code
+/** \defgroup accel_mac Hardware-Accelerated Message Authentication Code
  * Generation and authentication of Message Authentication Codes (MACs) using
- * transparent keys can be done either as a single function call (via the
- * `psa_drv_mac_transparent_generate_t` or `psa_drv_mac_transparent_verify_t`
+ * cryptographic accelerators can be done either as a single function call (via the
+ * `psa_drv_accel_mac_generate_t` or `psa_drv_accel_mac_verify_t`
  * functions), or in parts using the following sequence:
- * - `psa_drv_mac_transparent_setup_t`
- * - `psa_drv_mac_transparent_update_t`
- * - `psa_drv_mac_transparent_update_t`
+ * - `psa_drv_accel_mac_setup_t`
+ * - `psa_drv_accel_mac_update_t`
+ * - `psa_drv_accel_mac_update_t`
  * - ...
- * - `psa_drv_mac_transparent_finish_t` or `psa_drv_mac_transparent_finish_verify_t`
+ * - `psa_drv_accel_mac_finish_t` or `psa_drv_accel_mac_finish_verify_t`
  *
- * If a previously started Transparent MAC operation needs to be terminated, it
- * should be done so by the `psa_drv_mac_transparent_abort_t`. Failure to do so may
+ * If a previously started MAC operation needs to be terminated, it
+ * should be done so by the `psa_drv_accel_mac_abort_t`. Failure to do so may
  * result in allocated resources not being freed or in other undefined
  * behavior.
  *
  */
 /**@{*/
 
-/** \brief The hardware-specific transparent-key MAC context structure
+/** \brief The hardware-accelerator-specific MAC context structure
  *
  * The contents of this structure are implementation dependent and are
  * therefore not described here.
  */
-typedef struct psa_drv_mac_transparent_context_s psa_drv_mac_transparent_context_t;
+typedef struct psa_drv_accel_mac_context_s psa_drv_accel_mac_context_t;
 
 /** \brief The function prototype for the setup operation of a
- * transparent-key MAC operation
+ * hardware-accelerated MAC operation
  *
- *  Functions that implement the prototype should be named in the following
+ *  Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_setup
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_setup
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the underlying primitive, and `MAC_VARIANT`
  * is the specific variant of a MAC operation (such as HMAC or CMAC)
@@ -190,17 +191,17 @@
  * \retval  PSA_SUCCESS
  *          Success.
  */
-typedef psa_status_t (*psa_drv_mac_transparent_setup_t)(psa_drv_mac_transparent_context_t *p_context,
-                                                        const uint8_t *p_key,
-                                                        size_t key_length);
+typedef psa_status_t (*psa_drv_accel_mac_setup_t)(psa_drv_accel_mac_context_t *p_context,
+                                                  const uint8_t *p_key,
+                                                  size_t key_length);
 
 /** \brief The function prototype for the update operation of a
- * transparent-key MAC operation
+ * hardware-accelerated MAC operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_update
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_update
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT`
  * is the specific variant of a MAC operation (such as HMAC or CMAC)
@@ -212,17 +213,17 @@
  *                              to the MAC operation
  * \param[in] input_length      The size in bytes of the input message buffer
  */
-typedef psa_status_t (*psa_drv_mac_transparent_update_t)(psa_drv_mac_transparent_context_t *p_context,
-                                                         const uint8_t *p_input,
-                                                         size_t input_length);
+typedef psa_status_t (*psa_drv_accel_mac_update_t)(psa_drv_accel_mac_context_t *p_context,
+                                                   const uint8_t *p_input,
+                                                   size_t input_length);
 
 /** \brief  The function prototype for the finish operation of a
- * transparent-key MAC operation
+ * hardware-accelerated MAC operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  *  convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_finish
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_finish
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
  * the specific variant of a MAC operation (such as HMAC or CMAC)
@@ -237,17 +238,17 @@
  * \retval PSA_SUCCESS
  *          Success.
  */
-typedef psa_status_t (*psa_drv_mac_transparent_finish_t)(psa_drv_mac_transparent_context_t *p_context,
-                                                         uint8_t *p_mac,
-                                                         size_t mac_length);
+typedef psa_status_t (*psa_drv_accel_mac_finish_t)(psa_drv_accel_mac_context_t *p_context,
+                                                   uint8_t *p_mac,
+                                                   size_t mac_length);
 
 /** \brief The function prototype for the finish and verify operation of a
- * transparent-key MAC operation
+ * hardware-accelerated MAC operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_finish_verify
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_finish_verify
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
  * the specific variant of a MAC operation (such as HMAC or CMAC)
@@ -263,17 +264,17 @@
  * \retval PSA_SUCCESS
  *          The operation completed successfully and the comparison matched
  */
-typedef psa_status_t (*psa_drv_mac_transparent_finish_verify_t)(psa_drv_mac_transparent_context_t *p_context,
-                                                                const uint8_t *p_mac,
-                                                                size_t mac_length);
+typedef psa_status_t (*psa_drv_accel_mac_finish_verify_t)(psa_drv_accel_mac_context_t *p_context,
+                                                          const uint8_t *p_mac,
+                                                          size_t mac_length);
 
 /** \brief The function prototype for the abort operation for a previously
- * started transparent-key MAC operation
+ * started hardware-accelerated MAC operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_abort
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_abort
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
  * the specific variant of a MAC operation (such as HMAC or CMAC)
@@ -283,15 +284,15 @@
  *                              aborted
  *
  */
-typedef psa_status_t (*psa_drv_mac_transparent_abort_t)(psa_drv_mac_transparent_context_t *p_context);
+typedef psa_status_t (*psa_drv_accel_mac_abort_t)(psa_drv_accel_mac_context_t *p_context);
 
-/** \brief The function prototype for a one-shot operation of a transparent-key
- * MAC operation
+/** \brief The function prototype for the one-shot operation of a
+ * hardware-accelerated MAC operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
  * the specific variant of a MAC operation (such as HMAC or CMAC)
@@ -306,21 +307,21 @@
  *                           upon success
  * \param[in] mac_length     The length in bytes of the `p_mac` buffer
  */
-typedef psa_status_t (*psa_drv_mac_transparent_t)(const uint8_t *p_input,
-                                                  size_t input_length,
-                                                  const uint8_t *p_key,
-                                                  size_t key_length,
-                                                  psa_algorithm_t alg,
-                                                  uint8_t *p_mac,
-                                                  size_t mac_length);
+typedef psa_status_t (*psa_drv_accel_mac_t)(const uint8_t *p_input,
+                                            size_t input_length,
+                                            const uint8_t *p_key,
+                                            size_t key_length,
+                                            psa_algorithm_t alg,
+                                            uint8_t *p_mac,
+                                            size_t mac_length);
 
-/** \brief The function prototype for a one-shot operation of a transparent-key
- * MAC Verify operation
+/** \brief The function prototype for the one-shot hardware-accelerated MAC
+ * Verify operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_verify
+ * psa_drv_accel_mac_<ALGO>_<MAC_VARIANT>_verify
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
  * the specific variant of a MAC operation (such as HMAC or CMAC)
@@ -337,51 +338,53 @@
  * \retval PSA_SUCCESS
  *  The operation completed successfully and the comparison matched
  */
-typedef psa_status_t (*psa_drv_mac_transparent_verify_t)(const uint8_t *p_input,
-                                                         size_t input_length,
-                                                         const uint8_t *p_key,
-                                                         size_t key_length,
-                                                         psa_algorithm_t alg,
-                                                         const uint8_t *p_mac,
-                                                         size_t mac_length);
+typedef psa_status_t (*psa_drv_accel_mac_verify_t)(const uint8_t *p_input,
+                                                   size_t input_length,
+                                                   const uint8_t *p_key,
+                                                   size_t key_length,
+                                                   psa_algorithm_t alg,
+                                                   const uint8_t *p_mac,
+                                                   size_t mac_length);
 /**@}*/
 
-/** \defgroup transparent_cipher Transparent Block Cipher
- * Encryption and Decryption using transparent keys in block modes other than
- * ECB must be done in multiple parts, using the following flow:
- * - `psa_drv_cipher_transparent_setup_t`
- * - `psa_drv_cipher_transparent_set_iv_t` (optional depending upon block mode)
- * - `psa_drv_cipher_transparent_update_t`
+/** \defgroup accel_cipher Hardware-Accelerated Block Ciphers
+ * Encryption and Decryption using hardware-acceleration in block modes other
+ * than ECB must be done in multiple parts, using the following flow:
+ * - `psa_drv_accel_ciphersetup_t`
+ * - `psa_drv_accel_cipher_set_iv_t` (optional depending upon block mode)
+ * - `psa_drv_accel_cipher_update_t`
+ * - `psa_drv_accel_cipher_update_t`
  * - ...
- * - `psa_drv_cipher_transparent_finish_t`
-
- * If a previously started Transparent Cipher operation needs to be terminated,
- * it should be done so by the `psa_drv_cipher_transparent_abort_t`. Failure to do
- * so may result in allocated resources not being freed or in other undefined
- * behavior.
+ * - `psa_drv_accel_cipher_finish_t`
+ *
+ * If a previously started hardware-accelerated Cipher operation needs to be
+ * terminated, it should be done so by the `psa_drv_accel_cipher_abort_t`.
+ * Failure to do so may result in allocated resources not being freed or in
+ * other undefined behavior.
  */
 /**@{*/
 
-/** \brief The hardware-specific transparent-key Cipher context structure
+/** \brief The hardware-accelerator-specific cipher context structure
  *
  * The contents of this structure are implementation dependent and are
  * therefore not described here.
  */
-typedef struct psa_drv_cipher_transparent_context_s psa_drv_cipher_transparent_context_t;
+typedef struct psa_drv_accel_cipher_context_s psa_drv_accel_cipher_context_t;
 
-/** \brief The function prototype for the setup operation of transparent-key
- * block cipher operations.
- *  Functions that implement the prototype should be named in the following
+/** \brief The function prototype for the setup operation of
+ * hardware-accelerated block cipher operations.
+ *  Functions that implement this prototype should be named in the following
  * conventions:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_cipher_transparent_setup_<CIPHER_NAME>_<MODE>
+ * psa_drv_accel_cipher_setup_<CIPHER_NAME>_<MODE>
  * ~~~~~~~~~~~~~
  * Where
  * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
  * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
- * or for stream ciphers:
+ *
+ * For stream ciphers:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_cipher_transparent_setup_<CIPHER_NAME>
+ * psa_drv_accel_cipher_setup_<CIPHER_NAME>
  * ~~~~~~~~~~~~~
  * Where `CIPHER_NAME` is the name of a stream cipher (i.e. RC4)
  *
@@ -395,17 +398,17 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_transparent_setup_t)(psa_drv_cipher_transparent_context_t *p_context,
-                                                           psa_encrypt_or_decrypt_t direction,
-                                                           const uint8_t *p_key_data,
-                                                           size_t key_data_size);
+typedef psa_status_t (*psa_drv_accel_cipher_setup_t)(psa_drv_accel_cipher_context_t *p_context,
+                                                     psa_encrypt_or_decrypt_t direction,
+                                                     const uint8_t *p_key_data,
+                                                     size_t key_data_size);
 
 /** \brief The function prototype for the set initialization vector operation
- * of transparent-key block cipher operations
- * Functions that implement the prototype should be named in the following
+ * of hardware-accelerated block cipher operations
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_cipher_transparent_set_iv_<CIPHER_NAME>_<MODE>
+ * psa_drv_accel_cipher_set_iv_<CIPHER_NAME>_<MODE>
  * ~~~~~~~~~~~~~
  * Where
  * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
@@ -418,17 +421,17 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_transparent_set_iv_t)(psa_drv_cipher_transparent_context_t *p_context,
-                                                            const uint8_t *p_iv,
-                                                            size_t iv_length);
+typedef psa_status_t (*psa_drv_accel_cipher_set_iv_t)(psa_drv_accel_cipher_context_t *p_context,
+                                                      const uint8_t *p_iv,
+                                                      size_t iv_length);
 
-/** \brief The function prototype for the update operation of transparent-key
- * block cipher operations.
+/** \brief The function prototype for the update operation of
+ * hardware-accelerated block cipher operations.
  *
- *  Functions that implement the prototype should be named in the following
+ *  Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_cipher_transparent_update_<CIPHER_NAME>_<MODE>
+ * psa_drv_accel_cipher_update_<CIPHER_NAME>_<MODE>
  * ~~~~~~~~~~~~~
  * Where
  * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
@@ -447,20 +450,20 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_transparent_update_t)(psa_drv_cipher_transparent_context_t *p_context,
-                                                            const uint8_t *p_input,
-                                                            size_t input_size,
-                                                            uint8_t *p_output,
-                                                            size_t output_size,
-                                                            size_t *p_output_length);
+typedef psa_status_t (*psa_drv_accel_cipher_update_t)(psa_drv_accel_cipher_context_t *p_context,
+                                                      const uint8_t *p_input,
+                                                      size_t input_size,
+                                                      uint8_t *p_output,
+                                                      size_t output_size,
+                                                      size_t *p_output_length);
 
-/** \brief The function prototype for the finish operation of transparent-key
- * block cipher operations.
+/** \brief The function prototype for the finish operation of
+ * hardware-accelerated block cipher operations.
  *
- *  Functions that implement the prototype should be named in the following
+ *  Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_cipher_transparent_finish_<CIPHER_NAME>_<MODE>
+ * psa_drv_accel_cipher_finish_<CIPHER_NAME>_<MODE>
  * ~~~~~~~~~~~~~
  * Where
  * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
@@ -476,18 +479,18 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_transparent_finish_t)(psa_drv_cipher_transparent_context_t *p_context,
-                                                            uint8_t *p_output,
-                                                            size_t output_size,
-                                                            size_t *p_output_length);
+typedef psa_status_t (*psa_drv_accel_cipher_finish_t)(psa_drv_accel_cipher_context_t *p_context,
+                                                      uint8_t *p_output,
+                                                      size_t output_size,
+                                                      size_t *p_output_length);
 
-/** \brief The function prototype for the abort operation of transparent-key
- * block cipher operations.
+/** \brief The function prototype for the abort operation of
+ * hardware-accelerated block cipher operations.
  *
  *  Functions that implement the following prototype should be named in the
  * following convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_cipher_transparent_abort_<CIPHER_NAME>_<MODE>
+ * psa_drv_accel_cipher_abort_<CIPHER_NAME>_<MODE>
  * ~~~~~~~~~~~~~
  * Where
  * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
@@ -498,27 +501,27 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_transparent_abort_t)(psa_drv_cipher_transparent_context_t *p_context);
+typedef psa_status_t (*psa_drv_accel_cipher_abort_t)(psa_drv_accel_cipher_context_t *p_context);
 
 /**@}*/
 
-/** \defgroup aead_transparent AEAD Transparent
+/** \defgroup accel_aead Hardware-Accelerated Authenticated Encryption with Additional Data
  *
- * Authenticated Encryption with Additional Data (AEAD) operations with
- * transparent keys must be done in one function call. While this creates a
- * burden for implementers as there must be sufficient space in memory for the
- * entire message, it prevents decrypted data from being made available before
- * the authentication operation is complete and the data is known to be
- * authentic.
+ * Hardware-accelerated Authenticated Encryption with Additional Data (AEAD)
+ * operations must be done in one function call. While this creates a burden
+ * for implementers as there must be sufficient space in memory for the entire
+ * message, it prevents decrypted data from being made available before the
+ * authentication operation is complete and the data is known to be authentic.
  */
 /**@{*/
 
-/** Process an authenticated encryption operation using an opaque key.
+/** \brief The function prototype for the hardware-accelerated authenticated
+ * encryption operation.
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_aead_<ALGO>_encrypt
+ * psa_drv_accel_aead_<ALGO>_encrypt
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the AEAD algorithm
  *
@@ -551,27 +554,28 @@
  *                                      the `ciphertext` buffer
  *
  * \retval #PSA_SUCCESS
-
- */
-typedef psa_status_t (*psa_drv_aead_transparent_encrypt_t)(const uint8_t *p_key,
-                                                           size_t key_length,
-                                                           psa_algorithm_t alg,
-                                                           const uint8_t *nonce,
-                                                           size_t nonce_length,
-                                                           const uint8_t *additional_data,
-                                                           size_t additional_data_length,
-                                                           const uint8_t *plaintext,
-                                                           size_t plaintext_length,
-                                                           uint8_t *ciphertext,
-                                                           size_t ciphertext_size,
-                                                           size_t *ciphertext_length);
-
-/** Process an authenticated decryption operation using an opaque key.
  *
- * Functions that implement the prototype should be named in the following
+ */
+typedef psa_status_t (*psa_drv_accel_aead_encrypt_t)(const uint8_t *p_key,
+                                                     size_t key_length,
+                                                     psa_algorithm_t alg,
+                                                     const uint8_t *nonce,
+                                                     size_t nonce_length,
+                                                     const uint8_t *additional_data,
+                                                     size_t additional_data_length,
+                                                     const uint8_t *plaintext,
+                                                     size_t plaintext_length,
+                                                     uint8_t *ciphertext,
+                                                     size_t ciphertext_size,
+                                                     size_t *ciphertext_length);
+
+/** \brief The function prototype for the hardware-accelerated authenticated
+ * decryption operation.
+ *
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_aead_<ALGO>_decrypt
+ * psa_drv_accel_aead_<ALGO>_decrypt
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the AEAD algorithm
  * \param[in] p_key                     A pointer to the key material
@@ -604,41 +608,45 @@
  * \retval #PSA_SUCCESS
  *         Success.
  */
-typedef psa_status_t (*psa_drv_aead_transparent_decrypt_t)(const uint8_t *p_key,
-                                                           size_t key_length,
-                                                           psa_algorithm_t alg,
-                                                           const uint8_t *nonce,
-                                                           size_t nonce_length,
-                                                           const uint8_t *additional_data,
-                                                           size_t additional_data_length,
-                                                           const uint8_t *ciphertext,
-                                                           size_t ciphertext_length,
-                                                           uint8_t *plaintext,
-                                                           size_t plaintext_size,
-                                                           size_t *plaintext_length);
+typedef psa_status_t (*psa_drv_accel_aead_decrypt_t)(const uint8_t *p_key,
+                                                     size_t key_length,
+                                                     psa_algorithm_t alg,
+                                                     const uint8_t *nonce,
+                                                     size_t nonce_length,
+                                                     const uint8_t *additional_data,
+                                                     size_t additional_data_length,
+                                                     const uint8_t *ciphertext,
+                                                     size_t ciphertext_length,
+                                                     uint8_t *plaintext,
+                                                     size_t plaintext_size,
+                                                     size_t *plaintext_length);
 
 /**@}*/
 
-/** \defgroup transparent_asymmetric Transparent Asymmetric Cryptography
+/** \defgroup accel_asymmetric Hardware-Accelerated Asymmetric Cryptography
  *
  * Since the amount of data that can (or should) be encrypted or signed using
- * asymmetric keys is limited by the key size, asymmetric key operations using
- * transparent keys must be done in single function calls.
+ * asymmetric keys is limited by the key size, hardware-accelerated asymmetric
+ * key operations must be done in single function calls.
  */
 /**@{*/
 
 
 /**
- * \brief A function that signs a hash or short message with a transparent
- * asymmetric private key
+ * \brief The function prototype for the hardware-accelerated asymmetric sign
+ * operation.
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_asymmetric_<ALGO>_sign
+ * psa_drv_accel_asymmetric_<ALGO>_sign
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the signing algorithm
  *
+ * This function supports any asymmetric-key output from psa_export_key() as
+ * the buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_key() for the formats.
+ *
  * \param[in] p_key                 A buffer containing the private key
  *                                  material
  * \param[in] key_size              The size in bytes of the `p_key` data
@@ -653,26 +661,32 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_asymmetric_transparent_sign_t)(const uint8_t *p_key,
-                                                              size_t key_size,
-                                                              psa_algorithm_t alg,
-                                                              const uint8_t *p_hash,
-                                                              size_t hash_length,
-                                                              uint8_t *p_signature,
-                                                              size_t signature_size,
-                                                              size_t *p_signature_length);
+typedef psa_status_t (*psa_drv_accel_asymmetric_sign_t)(const uint8_t *p_key,
+                                                        size_t key_size,
+                                                        psa_algorithm_t alg,
+                                                        psa_key_type_t key_type,
+                                                        const uint8_t *p_hash,
+                                                        size_t hash_length,
+                                                        uint8_t *p_signature,
+                                                        size_t signature_size,
+                                                        size_t *p_signature_length);
 
 /**
- * \brief A function that verifies the signature a hash or short message using
- * a transparent asymmetric public key
+ * \brief The function prototype for the hardware-accelerated signature verify
+ * operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_asymmetric_<ALGO>_verify
+ * psa_drv_accel_asymmetric_<ALGO>_verify
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the signing algorithm
  *
+ * This function supports any output from \ref psa_export_public_key() as the
+ * buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_public_key() for the format of public keys and to the
+ * documentation of \ref psa_export_key() for the format for other key types.
+ *
  * \param[in] p_key             A buffer containing the public key material
  * \param[in] key_size          The size in bytes of the `p_key` data
  * \param[in] alg               A signature algorithm that is compatible with
@@ -686,25 +700,31 @@
  * \retval PSA_SUCCESS
  *         The signature is valid.
  */
-typedef psa_status_t (*psa_drv_asymmetric_transparent_verify_t)(const uint8_t *p_key,
-                                                                size_t key_size,
-                                                                psa_algorithm_t alg,
-                                                                const uint8_t *p_hash,
-                                                                size_t hash_length,
-                                                                const uint8_t *p_signature,
-                                                                size_t signature_length);
+typedef psa_status_t (*psa_drv_accel_asymmetric_verify_t)(const uint8_t *p_key,
+                                                          size_t key_size,
+                                                          psa_algorithm_t alg,
+                                                          psa_key_type_t key_type,
+                                                          const uint8_t *p_hash,
+                                                          size_t hash_length,
+                                                          const uint8_t *p_signature,
+                                                          size_t signature_length);
 
 /**
- * \brief A function that encrypts a short message with a transparent
- * asymmetric public key
+ * \brief The function prototype for the hardware-accelerated asymmetric
+ * encrypt operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_asymmetric_<ALGO>_encrypt
+ * psa_drv_accel_asymmetric_<ALGO>_encrypt
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the encryption algorithm
  *
+ * This function supports any output from \ref psa_export_public_key() as the
+ * buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_public_key() for the format of public keys and to the
+ * documentation of \ref psa_export_key() for the format for other key types.
+ *
  * \param[in] p_key             A buffer containing the public key material
  * \param[in] key_size          The size in bytes of the `p_key` data
  * \param[in] alg               An asymmetric encryption algorithm that is
@@ -730,27 +750,33 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_asymmetric_transparent_encrypt_t)(const uint8_t *p_key,
-                                                                 size_t key_size,
-                                                                 psa_algorithm_t alg,
-                                                                 const uint8_t *p_input,
-                                                                 size_t input_length,
-                                                                 const uint8_t *p_salt,
-                                                                 size_t salt_length,
-                                                                 uint8_t *p_output,
-                                                                 size_t output_size,
-                                                                 size_t *p_output_length);
+typedef psa_status_t (*psa_drv_accel_asymmetric_encrypt_t)(const uint8_t *p_key,
+                                                           size_t key_size,
+                                                           psa_algorithm_t alg,
+                                                           psa_key_type_t key_type,
+                                                           const uint8_t *p_input,
+                                                           size_t input_length,
+                                                           const uint8_t *p_salt,
+                                                           size_t salt_length,
+                                                           uint8_t *p_output,
+                                                           size_t output_size,
+                                                           size_t *p_output_length);
 
 /**
- * \brief Decrypt a short message with a transparent asymmetric private key
+ * \brief The function prototype for the hardware=acce;erated asymmetric
+ * decrypt operation
  *
- * Functions that implement the prototype should be named in the following
+ * Functions that implement this prototype should be named in the following
  * convention:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_asymmetric_<ALGO>_decrypt
+ * psa_drv_accel_asymmetric_<ALGO>_decrypt
  * ~~~~~~~~~~~~~
  * Where `ALGO` is the name of the encryption algorithm
  *
+ * This function supports any asymmetric-key output from psa_export_key() as
+ * the buffer in \p p_key. Refer to the documentation of \ref
+ * psa_export_key() for the formats.
+ *
  * \param[in] p_key             A buffer containing the private key material
  * \param[in] key_size          The size in bytes of the `p_key` data
  * \param[in] alg               An asymmetric encryption algorithm that is
@@ -776,16 +802,17 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_asymmetric_transparent_decrypt_t)(const uint8_t *p_key,
-                                                                 size_t key_size,
-                                                                 psa_algorithm_t alg,
-                                                                 const uint8_t *p_input,
-                                                                 size_t input_length,
-                                                                 const uint8_t *p_salt,
-                                                                 size_t salt_length,
-                                                                 uint8_t *p_output,
-                                                                 size_t output_size,
-                                                                 size_t *p_output_length);
+typedef psa_status_t (*psa_drv_accel_asymmetric_decrypt_t)(const uint8_t *p_key,
+                                                           size_t key_size,
+                                                           psa_algorithm_t alg,
+                                                           psa_key_type_t key_type,
+                                                           const uint8_t *p_input,
+                                                           size_t input_length,
+                                                           const uint8_t *p_salt,
+                                                           size_t salt_length,
+                                                           uint8_t *p_output,
+                                                           size_t output_size,
+                                                           size_t *p_output_length);
 
 /**@}*/
 
diff --git a/include/psa/crypto_entropy_driver.h b/include/psa/crypto_entropy_driver.h
index f5e383e..f596b6b 100644
--- a/include/psa/crypto_entropy_driver.h
+++ b/include/psa/crypto_entropy_driver.h
@@ -40,10 +40,6 @@
  */
 /**@{*/
 
-/** \brief A hardware-specific structure for a entropy providing hardware
- */
-typedef struct psa_drv_entropy_context_s psa_drv_entropy_context_t;
-
 /** \brief Initialize an entropy driver
  *
  *
@@ -53,7 +49,7 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_entropy_init_t)(psa_drv_entropy_context_t *p_context);
+typedef psa_status_t (*psa_drv_entropy_init_t)(void *p_context);
 
 /** \brief Get a specified number of bits from the entropy source
  *
@@ -81,7 +77,7 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_entropy_get_bits_t)(psa_drv_entropy_context_t *p_context,
+typedef psa_status_t (*psa_drv_entropy_get_bits_t)(void *p_context,
                                                    uint8_t *p_buffer,
                                                    uint32_t buffer_size,
                                                    uint32_t *p_received_entropy_bits);
@@ -96,11 +92,12 @@
  * If one of the functions is not implemented, it should be set to NULL.
  */
 typedef struct {
+    /** The driver-specific size of the entropy context */
+    const size_t                context_size;
     /** Function that performs initialization for the entropy source */
-    psa_drv_entropy_init_t *p_init;
-    /** Function that performs the get_bits operation for the entropy source
-    */
-    psa_drv_entropy_get_bits_t *p_get_bits;
+    psa_drv_entropy_init_t      p_init;
+    /** Function that performs the get_bits operation for the entropy source */
+    psa_drv_entropy_get_bits_t  p_get_bits;
 } psa_drv_entropy_t;
 /**@}*/
 
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index a0eac4d..497fd75 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -30,6 +30,8 @@
 #ifndef PSA_CRYPTO_EXTRA_H
 #define PSA_CRYPTO_EXTRA_H
 
+#include "mbedtls/platform_util.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -37,6 +39,29 @@
 /* UID for secure storage seed */
 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
 
+/*
+ * Deprecated PSA Crypto error code definitions
+ */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_UNKNOWN_ERROR \
+    MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR )
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_OCCUPIED_SLOT \
+    MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS )
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_EMPTY_SLOT \
+    MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST )
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define PSA_ERROR_INSUFFICIENT_CAPACITY \
+    MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA )
+#endif
+
 /**
  * \brief Library deinitialization.
  *
@@ -89,10 +114,9 @@
  * This is an Mbed TLS extension.
  *
  * \note This function is only available on the following platforms:
- * * If the compile-time options MBEDTLS_ENTROPY_NV_SEED and
- *   MBEDTLS_PSA_HAS_ITS_IO are both enabled. Note that you
- *   must provide compatible implementations of mbedtls_nv_seed_read
- *   and mbedtls_nv_seed_write.
+ * * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled.
+ *   Note that you must provide compatible implementations of
+ *   mbedtls_nv_seed_read and mbedtls_nv_seed_write.
  * * In a client-server integration of PSA Cryptography, on the client side,
  *   if the server supports this feature.
  * \param[in] seed          Buffer containing the seed value to inject.
@@ -111,7 +135,6 @@
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         \p seed_size is out of range.
  * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval `PSA_ITS_ERROR_XXX`
  *         There was a failure reading or writing from storage.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The library has already been initialized. It is no longer
@@ -125,7 +148,7 @@
  * FIMXE This function is no longer part of the official API. Its prototype
  * is only kept around for the sake of tests that haven't been updated yet.
  *
- * A key derivation algorithm takes three inputs: a secret input \p key and
+ * A key derivation algorithm takes three inputs: a secret input \p handle and
  * two non-secret inputs \p label and p salt.
  * The result of this function is a byte generator which can
  * be used to produce keys and other cryptographic material.
@@ -134,9 +157,10 @@
  * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
  *   and \p label is the info string used in the "expand" step.
  *
- * \param[in,out] generator       The generator object to set up. It must have
- *                                been initialized as per the documentation for
- *                                #psa_crypto_generator_t and not yet in use.
+ * \param[in,out] operation       The key derivation object to set up. It must
+ *                                have been initialized as per the documentation
+ *                                for #psa_key_derivation_operation_t and not
+ *                                yet be in use.
  * \param handle                  Handle to the secret key.
  * \param alg                     The key derivation algorithm to compute
  *                                (\c PSA_ALG_XXX value such that
@@ -146,7 +170,7 @@
  * \param[in] label               Label to use.
  * \param label_length            Size of the \p label buffer in bytes.
  * \param capacity                The maximum number of bytes that the
- *                                generator will be able to provide.
+ *                                operation will be able to provide.
  *
  * \retval #PSA_SUCCESS
  *         Success.
@@ -161,13 +185,13 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation,
                                 psa_key_handle_t handle,
                                 psa_algorithm_t alg,
                                 const uint8_t *salt,
@@ -179,6 +203,489 @@
 /* FIXME Deprecated. Remove this as soon as all the tests are updated. */
 #define PSA_ALG_SELECT_RAW                      ((psa_algorithm_t)0x31000001)
 
+/** \defgroup policy Key policies
+ * @{
+ *
+ * The functions in this section are legacy interfaces where the properties
+ * of a key object are set after allocating a handle, in constrast with the
+ * preferred interface where key objects are created atomically from
+ * a structure that represents the properties.
+ */
+
+/** \def PSA_KEY_POLICY_INIT
+ *
+ * This macro returns a suitable initializer for a key policy object of type
+ * #psa_key_policy_t.
+ */
+#ifdef __DOXYGEN_ONLY__
+/* This is an example definition for documentation purposes.
+ * Implementations should define a suitable value in `crypto_struct.h`.
+ */
+#define PSA_KEY_POLICY_INIT {0}
+#endif
+
+/** Return an initial value for a key policy that forbids all usage of the key.
+ */
+static psa_key_policy_t psa_key_policy_init(void);
+
+/** \brief Set the standard fields of a policy structure.
+ *
+ * Note that this function does not make any consistency check of the
+ * parameters. The values are only checked when applying the policy to
+ * a key with psa_set_key_policy().
+ *
+ * \param[in,out] policy The key policy to modify. It must have been
+ *                       initialized as per the documentation for
+ *                       #psa_key_policy_t.
+ * \param usage          The permitted uses for the key.
+ * \param alg            The algorithm that the key may be used for.
+ */
+void psa_key_policy_set_usage(psa_key_policy_t *policy,
+                              psa_key_usage_t usage,
+                              psa_algorithm_t alg);
+
+/** \brief Retrieve the usage field of a policy structure.
+ *
+ * \param[in] policy    The policy object to query.
+ *
+ * \return The permitted uses for a key with this policy.
+ */
+psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy);
+
+/** \brief Retrieve the algorithm field of a policy structure.
+ *
+ * \param[in] policy    The policy object to query.
+ *
+ * \return The permitted algorithm for a key with this policy.
+ */
+psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
+
+/** \brief Set the usage policy for a key.
+ *
+ * This function must be called on a key handle before importing,
+ * generating or creating a key. Changing the policy of an
+ * existing key is not permitted.
+ *
+ * Implementations may set restrictions on supported key policies
+ * depending on the key type.
+ *
+ * \param handle        Handle to the key whose policy is to be changed.
+ * \param[in] policy    The policy object to query.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ *         If the key is persistent, it is implementation-defined whether
+ *         the policy has been saved to persistent storage. Implementations
+ *         may defer saving the policy until the key material is created.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_set_key_policy(psa_key_handle_t handle,
+                                const psa_key_policy_t *policy);
+
+/** \brief Get the usage policy for a key.
+ *
+ * \param handle        Handle to the key whose policy is being queried.
+ * \param[out] policy   On success, the key's policy.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_get_key_policy(psa_key_handle_t handle,
+                                psa_key_policy_t *policy);
+
+/**@}*/
+
+/** \defgroup to_handle Key creation to allocated handle
+ * @{
+ *
+ * The functions in this section are legacy interfaces where the properties
+ * of a key object are set after allocating a handle, in constrast with the
+ * preferred interface where key objects are created atomically from
+ * a structure that represents the properties.
+ */
+
+/** Create a new persistent key.
+ *
+ * Create a new persistent key and return a handle to it. The handle
+ * remains valid until the application calls psa_close_key() or terminates.
+ * The application can open the key again with psa_open_key() until it
+ * removes the key by calling psa_destroy_key().
+ *
+ * \param lifetime      The lifetime of the key. This designates a storage
+ *                      area where the key material is stored. This must not
+ *                      be #PSA_KEY_LIFETIME_VOLATILE.
+ * \param id            The persistent identifier of the key.
+ * \param[out] handle   On success, a handle to the newly created key.
+ *                      When key material is later created in this key,
+ *                      it will be saved to the specified persistent location.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success. The application can now use the value of `*handle`
+ *         for key operations.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ *         There is already a key with the identifier \p id in the storage
+ *         area designated by \p lifetime.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p id is invalid for the specified lifetime.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         \p lifetime is not supported.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ *         \p lifetime is valid, but the application does not have the
+ *         permission to create a key there.
+ */
+psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
+                            psa_key_id_t id,
+                            psa_key_handle_t *handle);
+
+/** Allocate space for a transient key, i.e. a key which is only stored
+ * in volatile memory.
+ *
+ * The allocated key and its handle remain valid until the
+ * application calls psa_close_key() or psa_destroy_key() or until the
+ * application terminates.
+ *
+ * \param[out] handle   On success, a handle to a volatile key.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success. The application can now use the value of `*handle`
+ *         to refer to the key.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ *         There was not enough memory, or the maximum number of transient keys
+ *         has been reached.
+ */
+psa_status_t psa_allocate_key(psa_key_handle_t *handle);
+
+/**
+ * \brief Get basic metadata about a key.
+ *
+ * \param handle        Handle to the key to query.
+ * \param[out] type     On success, the key type (a \c PSA_KEY_TYPE_XXX value).
+ *                      This may be a null pointer, in which case the key type
+ *                      is not written.
+ * \param[out] bits     On success, the key size in bits.
+ *                      This may be a null pointer, in which case the key size
+ *                      is not written.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ *         The handle does not contain a key.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_get_key_information(psa_key_handle_t handle,
+                                     psa_key_type_t *type,
+                                     size_t *bits);
+
+/** \brief Retrieve the lifetime of an open key.
+ *
+ * \param handle        Handle to query.
+ * \param[out] lifetime On success, the lifetime value.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_get_key_lifetime_from_handle(psa_key_handle_t handle,
+                                  psa_key_lifetime_t *lifetime);
+
+psa_status_t psa_import_key_to_handle(psa_key_handle_t handle,
+                            psa_key_type_t type,
+                            const uint8_t *data,
+                            size_t data_length);
+
+psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
+                          psa_key_handle_t target_handle,
+                          const psa_key_policy_t *constraint);
+
+psa_status_t psa_generate_derived_key_to_handle(psa_key_handle_t handle,
+                                      psa_key_type_t type,
+                                      size_t bits,
+                                      psa_key_derivation_operation_t *operation);
+
+psa_status_t psa_generate_key_to_handle(psa_key_handle_t handle,
+                              psa_key_type_t type,
+                              size_t bits,
+                              const void *extra,
+                              size_t extra_size);
+
+/**@}*/
+
+
+/** \addtogroup crypto_types
+ * @{
+ */
+
+/** DSA public key.
+ *
+ * The import and export format is the
+ * representation of the public key `y = g^x mod p` as a big-endian byte
+ * string. The length of the byte string is the length of the base prime `p`
+ * in bytes.
+ */
+#define PSA_KEY_TYPE_DSA_PUBLIC_KEY             ((psa_key_type_t)0x60020000)
+
+/** DSA key pair (private and public key).
+ *
+ * The import and export format is the
+ * representation of the private key `x` as a big-endian byte string. The
+ * length of the byte string is the private key size in bytes (leading zeroes
+ * are not stripped).
+ *
+ * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * FIPS 186-4 &sect;B.1.2: interpret the byte string as integer
+ * in big-endian order. Discard it if it is not in the range
+ * [0, *N* - 2] where *N* is the boundary of the private key domain
+ * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+ * or the order of the curve's base point for ECC).
+ * Add 1 to the resulting integer and use this as the private key *x*.
+ *
+ */
+#define PSA_KEY_TYPE_DSA_KEY_PAIR                ((psa_key_type_t)0x70020000)
+
+/** Whether a key type is an DSA key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_DSA(type)                                       \
+    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
+
+#define PSA_ALG_DSA_BASE                        ((psa_algorithm_t)0x10040000)
+/** DSA signature with hashing.
+ *
+ * This is the signature scheme defined by FIPS 186-4,
+ * with a random per-message secret number (*k*).
+ *
+ * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
+ *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *                      This includes #PSA_ALG_ANY_HASH
+ *                      when specifying the algorithm in a usage policy.
+ *
+ * \return              The corresponding DSA signature algorithm.
+ * \return              Unspecified if \p hash_alg is not a supported
+ *                      hash algorithm.
+ */
+#define PSA_ALG_DSA(hash_alg)                             \
+    (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_DETERMINISTIC_DSA_BASE          ((psa_algorithm_t)0x10050000)
+#define PSA_ALG_DSA_DETERMINISTIC_FLAG          ((psa_algorithm_t)0x00010000)
+/** Deterministic DSA signature with hashing.
+ *
+ * This is the deterministic variant defined by RFC 6979 of
+ * the signature scheme defined by FIPS 186-4.
+ *
+ * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
+ *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *                      This includes #PSA_ALG_ANY_HASH
+ *                      when specifying the algorithm in a usage policy.
+ *
+ * \return              The corresponding DSA signature algorithm.
+ * \return              Unspecified if \p hash_alg is not a supported
+ *                      hash algorithm.
+ */
+#define PSA_ALG_DETERMINISTIC_DSA(hash_alg)                             \
+    (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_DSA(alg)                                             \
+    (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \
+     PSA_ALG_DSA_BASE)
+#define PSA_ALG_DSA_IS_DETERMINISTIC(alg)               \
+    (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
+#define PSA_ALG_IS_DETERMINISTIC_DSA(alg)                       \
+    (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+#define PSA_ALG_IS_RANDOMIZED_DSA(alg)                          \
+    (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+
+
+/* We need to expand the sample definition of this macro from
+ * the API definition. */
+#undef PSA_ALG_IS_HASH_AND_SIGN
+#define PSA_ALG_IS_HASH_AND_SIGN(alg)                                   \
+    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
+     PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
+
+/**@}*/
+
+/** \addtogroup attributes
+ * @{
+ */
+
+/** Custom Diffie-Hellman group.
+ *
+ * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or
+ * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM), the group data comes
+ * from domain parameters set by psa_set_key_domain_parameters().
+ */
+/* This value is reserved for private use in the TLS named group registry. */
+#define PSA_DH_GROUP_CUSTOM             ((psa_dh_group_t) 0x01fc)
+
+
+/**
+ * \brief Set domain parameters for a key.
+ *
+ * Some key types require additional domain parameters in addition to
+ * the key type identifier and the key size. Use this function instead
+ * of psa_set_key_type() when you need to specify domain parameters.
+ *
+ * The format for the required domain parameters varies based on the key type.
+ *
+ * - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
+ *   the domain parameter data consists of the public exponent,
+ *   represented as a big-endian integer with no leading zeros.
+ *   This information is used when generating an RSA key pair.
+ *   When importing a key, the public exponent is read from the imported
+ *   key data and the exponent recorded in the attribute structure is ignored.
+ *   As an exception, the public exponent 65537 is represented by an empty
+ *   byte string.
+ * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
+ *   the `Dss-Parms` format as defined by RFC 3279 &sect;2.3.2.
+ *   ```
+ *   Dss-Parms ::= SEQUENCE  {
+ *      p       INTEGER,
+ *      q       INTEGER,
+ *      g       INTEGER
+ *   }
+ *   ```
+ * - For Diffie-Hellman key exchange keys
+ *   (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or
+ *   #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM)), the
+ *   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
+ *   ```
+ *   DomainParameters ::= SEQUENCE {
+ *      p               INTEGER,                    -- odd prime, p=jq +1
+ *      g               INTEGER,                    -- generator, g
+ *      q               INTEGER,                    -- factor of p-1
+ *      j               INTEGER OPTIONAL,           -- subgroup factor
+ *      validationParms ValidationParms OPTIONAL
+ *   }
+ *   ValidationParms ::= SEQUENCE {
+ *      seed            BIT STRING,
+ *      pgenCounter     INTEGER
+ *   }
+ *   ```
+ *
+ * \note This function may allocate memory or other resources.
+ *       Once you have called this function on an attribute structure,
+ *       you must call psa_reset_key_attributes() to free these resources.
+ *
+ * \note This is an experimental extension to the interface. It may change
+ *       in future versions of the library.
+ *
+ * \param[in,out] attributes    Attribute structure where the specified domain
+ *                              parameters will be stored.
+ *                              If this function fails, the content of
+ *                              \p attributes is not modified.
+ * \param type                  Key type (a \c PSA_KEY_TYPE_XXX value).
+ * \param[in] data              Buffer containing the key domain parameters.
+ *                              The content of this buffer is interpreted
+ *                              according to \p type as described above.
+ * \param data_length           Size of the \p data buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+                                           psa_key_type_t type,
+                                           const uint8_t *data,
+                                           size_t data_length);
+
+/**
+ * \brief Get domain parameters for a key.
+ *
+ * Get the domain parameters for a key with this function, if any. The format
+ * of the domain parameters written to \p data is specified in the
+ * documentation for psa_set_key_domain_parameters().
+ *
+ * \note This is an experimental extension to the interface. It may change
+ *       in future versions of the library.
+ *
+ * \param[in] attributes        The key attribute structure to query.
+ * \param[out] data             On success, the key domain parameters.
+ * \param data_size             Size of the \p data buffer in bytes.
+ *                              The buffer is guaranteed to be large
+ *                              enough if its size in bytes is at least
+ *                              the value given by
+ *                              PSA_KEY_DOMAIN_PARAMETERS_SIZE().
+ * \param[out] data_length      On success, the number of bytes
+ *                              that make up the key domain parameters data.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ */
+psa_status_t psa_get_key_domain_parameters(
+    const psa_key_attributes_t *attributes,
+    uint8_t *data,
+    size_t data_size,
+    size_t *data_length);
+
+/** Safe output buffer size for psa_get_key_domain_parameters().
+ *
+ * This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * \warning This function may call its arguments multiple times or
+ *          zero times, so you should not pass arguments that contain
+ *          side effects.
+ *
+ * \note This is an experimental extension to the interface. It may change
+ *       in future versions of the library.
+ *
+ * \param key_type  A supported key type.
+ * \param key_bits  The size of the key in bits.
+ *
+ * \return If the parameters are valid and supported, return
+ *         a buffer size in bytes that guarantees that
+ *         psa_get_key_domain_parameters() will not fail with
+ *         #PSA_ERROR_BUFFER_TOO_SMALL.
+ *         If the parameters are a valid combination that is not supported
+ *         by the implementation, this macro shall return either a
+ *         sensible size or 0.
+ *         If the parameters are not valid, the
+ *         return value is unspecified.
+ */
+#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits)              \
+    (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) :                      \
+     PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
+     PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
+     0)
+#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits)     \
+    (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
+#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits)    \
+    (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
+
+/**@}*/
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 50ca546..42cdad3 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -49,4 +49,53 @@
 /* Integral type representing a key handle. */
 typedef uint16_t psa_key_handle_t;
 
+/* This implementation distinguishes *application key identifiers*, which
+ * are the key identifiers specified by the application, from
+ * *key file identifiers*, which are the key identifiers that the library
+ * sees internally. The two types can be different if there is a remote
+ * call layer between the application and the library which supports
+ * multiple client applications that do not have access to each others'
+ * keys. The point of having different types is that the key file
+ * identifier may encode not only the key identifier specified by the
+ * application, but also the the identity of the application.
+ *
+ * Note that this is an internal concept of the library and the remote
+ * call layer. The application itself never sees anything other than
+ * #psa_app_key_id_t with its standard definition.
+ */
+
+/* The application key identifier is always what the application sees as
+ * #psa_key_id_t. */
+typedef uint32_t psa_app_key_id_t;
+
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+
+#if defined(PSA_CRYPTO_SECURE)
+/* Building for the PSA Crypto service on a PSA platform. */
+/* A key owner is a PSA partition identifier. */
+typedef int32_t psa_key_owner_id_t;
+#endif
+
+typedef struct
+{
+    uint32_t key_id;
+    psa_key_owner_id_t owner;
+} psa_key_file_id_t;
+#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id )
+
+/* Since crypto.h is used as part of the PSA Cryptography API specification,
+ * it must use standard types for things like the argument of psa_open_key().
+ * If it wasn't for that constraint, psa_open_key() would take a
+ * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an
+ * alias for `psa_key_file_id_t` when building for a multi-client service. */
+typedef psa_key_file_id_t psa_key_id_t;
+
+#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+
+/* By default, a key file identifier is just the application key identifier. */
+typedef psa_app_key_id_t psa_key_file_id_t;
+#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
+
+#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+
 #endif /* PSA_CRYPTO_PLATFORM_H */
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 0578664..9f54947 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -3,10 +3,10 @@
  * \brief PSA external cryptoprocessor driver module
  *
  * This header declares types and function signatures for cryptography
- * drivers that access key material via opaque references. This is
- * meant for cryptoprocessors that have a separate key storage from the
+ * drivers that access key material via opaque references.
+ * This is meant for cryptoprocessors that have a separate key storage from the
  * space in which the PSA Crypto implementation runs, typically secure
- * elements.
+ * elements (SEs).
  *
  * This file is part of the PSA Crypto Driver Model, containing functions for
  * driver developers to implement to enable hardware to be called in a
@@ -43,27 +43,27 @@
 /** An internal designation of a key slot between the core part of the
  * PSA Crypto implementation and the driver. The meaning of this value
  * is driver-dependent. */
-typedef uint32_t psa_key_slot_t;
+typedef uint32_t psa_key_slot_number_t; // Change this to psa_key_slot_t after psa_key_slot_t is removed from Mbed crypto
 
-/** \defgroup opaque_mac Opaque Message Authentication Code
+/** \defgroup se_mac Secure Element Message Authentication Codes
  * Generation and authentication of Message Authentication Codes (MACs) using
- * opaque keys can be done either as a single function call (via the
- * `psa_drv_mac_opaque_generate_t` or `psa_drv_mac_opaque_verify_t` functions), or in
+ * a secure element can be done either as a single function call (via the
+ * `psa_drv_se_mac_generate_t` or `psa_drv_se_mac_verify_t` functions), or in
  * parts using the following sequence:
- * - `psa_drv_mac_opaque_setup_t`
- * - `psa_drv_mac_opaque_update_t`
- * - `psa_drv_mac_opaque_update_t`
+ * - `psa_drv_se_mac_setup_t`
+ * - `psa_drv_se_mac_update_t`
+ * - `psa_drv_se_mac_update_t`
  * - ...
- * - `psa_drv_mac_opaque_finish_t` or `psa_drv_mac_opaque_finish_verify_t`
+ * - `psa_drv_se_mac_finish_t` or `psa_drv_se_mac_finish_verify_t`
  *
- * If a previously started Opaque MAC operation needs to be terminated, it
- * should be done so by the `psa_drv_mac_opaque_abort_t`. Failure to do so may
+ * If a previously started secure element MAC operation needs to be terminated,
+ * it should be done so by the `psa_drv_se_mac_abort_t`. Failure to do so may
  * result in allocated resources not being freed or in other undefined
  * behavior.
  */
 /**@{*/
-/** \brief A function that starts a MAC operation for a PSA Crypto Driver
- * implementation using an opaque key
+/** \brief A function that starts a secure element  MAC operation for a PSA
+ * Crypto Driver implementation
  *
  * \param[in,out] p_context     A structure that will contain the
  *                              hardware-specific MAC context
@@ -75,26 +75,26 @@
  * \retval  PSA_SUCCESS
  *          Success.
  */
-typedef psa_status_t (*psa_drv_mac_opaque_setup_t)(void *p_context,
-                                                   psa_key_slot_t key_slot,
-                                                   psa_algorithm_t algorithm);
+typedef psa_status_t (*psa_drv_se_mac_setup_t)(void *p_context,
+                                               psa_key_slot_number_t key_slot,
+                                               psa_algorithm_t algorithm);
 
-/** \brief A function that continues a previously started MAC operation using
- * an opaque key
+/** \brief A function that continues a previously started secure element MAC
+ * operation
  *
  * \param[in,out] p_context     A hardware-specific structure for the
  *                              previously-established MAC operation to be
- *                              continued
+ *                              updated
  * \param[in] p_input           A buffer containing the message to be appended
  *                              to the MAC operation
  * \param[in] input_length  The size in bytes of the input message buffer
  */
-typedef psa_status_t (*psa_drv_mac_opaque_update_t)(void *p_context,
-                                                    const uint8_t *p_input,
-                                                    size_t input_length);
+typedef psa_status_t (*psa_drv_se_mac_update_t)(void *p_context,
+                                                const uint8_t *p_input,
+                                                size_t input_length);
 
-/** \brief a function that completes a previously started MAC operation by
- * returning the resulting MAC using an opaque key
+/** \brief a function that completes a previously started secure element MAC
+ * operation by returning the resulting MAC.
  *
  * \param[in,out] p_context     A hardware-specific structure for the
  *                              previously started MAC operation to be
@@ -109,13 +109,13 @@
  * \retval PSA_SUCCESS
  *          Success.
  */
-typedef psa_status_t (*psa_drv_mac_opaque_finish_t)(void *p_context,
-                                                    uint8_t *p_mac,
-                                                    size_t mac_size,
-                                                    size_t *p_mac_length);
+typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *p_context,
+                                                uint8_t *p_mac,
+                                                size_t mac_size,
+                                                size_t *p_mac_length);
 
-/** \brief A function that completes a previously started MAC operation by
- * comparing the resulting MAC against a known value using an opaque key
+/** \brief A function that completes a previously started secure element MAC
+ * operation by comparing the resulting MAC against a provided value
  *
  * \param[in,out] p_context A hardware-specific structure for the previously
  *                          started MAC operation to be fiinished
@@ -130,19 +130,20 @@
  *         The operation completed successfully, but the calculated MAC did
  *         not match the provided MAC
  */
-typedef psa_status_t (*psa_drv_mac_opaque_finish_verify_t)(void *p_context,
-                                                           const uint8_t *p_mac,
-                                                           size_t mac_length);
+typedef psa_status_t (*psa_drv_se_mac_finish_verify_t)(void *p_context,
+                                                       const uint8_t *p_mac,
+                                                       size_t mac_length);
 
-/** \brief A function that aborts a previous started opaque-key MAC operation
-
+/** \brief A function that aborts a previous started secure element MAC
+ * operation
+ *
  * \param[in,out] p_context A hardware-specific structure for the previously
  *                          started MAC operation to be aborted
  */
-typedef psa_status_t (*psa_drv_mac_opaque_abort_t)(void *p_context);
+typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *p_context);
 
-/** \brief A function that performs a MAC operation in one command and returns
- * the calculated MAC using an opaque key
+/** \brief A function that performs a secure element MAC operation in one
+ * command and returns the calculated MAC
  *
  * \param[in] p_input           A buffer containing the message to be MACed
  * \param[in] input_length      The size in bytes of `p_input`
@@ -158,16 +159,16 @@
  * \retval PSA_SUCCESS
  *         Success.
  */
-typedef psa_status_t (*psa_drv_mac_opaque_generate_t)(const uint8_t *p_input,
-                                                      size_t input_length,
-                                                      psa_key_slot_t key_slot,
-                                                      psa_algorithm_t alg,
-                                                      uint8_t *p_mac,
-                                                      size_t mac_size,
-                                                      size_t *p_mac_length);
+typedef psa_status_t (*psa_drv_se_mac_generate_t)(const uint8_t *p_input,
+                                                  size_t input_length,
+                                                  psa_key_slot_number_t key_slot,
+                                                  psa_algorithm_t alg,
+                                                  uint8_t *p_mac,
+                                                  size_t mac_size,
+                                                  size_t *p_mac_length);
 
-/** \brief A function that performs an MAC operation in one command and
- * compare the resulting MAC against a known value using an opaque key
+/** \brief A function that performs a secure element MAC operation in one
+ * command and compares the resulting MAC against a provided value
  *
  * \param[in] p_input       A buffer containing the message to be MACed
  * \param[in] input_length  The size in bytes of `input`
@@ -185,21 +186,21 @@
  *         The operation completed successfully, but the calculated MAC did
  *         not match the provided MAC
  */
-typedef psa_status_t (*psa_drv_mac_opaque_verify_t)(const uint8_t *p_input,
-                                                    size_t input_length,
-                                                    psa_key_slot_t key_slot,
-                                                    psa_algorithm_t alg,
-                                                    const uint8_t *p_mac,
-                                                    size_t mac_length);
+typedef psa_status_t (*psa_drv_se_mac_verify_t)(const uint8_t *p_input,
+                                                size_t input_length,
+                                                psa_key_slot_number_t key_slot,
+                                                psa_algorithm_t alg,
+                                                const uint8_t *p_mac,
+                                                size_t mac_length);
 
 /** \brief A struct containing all of the function pointers needed to
- * implement MAC operations using opaque keys.
+ * perform secure element MAC operations
  *
  * PSA Crypto API implementations should populate the table as appropriate
  * upon startup.
  *
  * If one of the functions is not implemented (such as
- * `psa_drv_mac_opaque_generate_t`), it should be set to NULL.
+ * `psa_drv_se_mac_generate_t`), it should be set to NULL.
  *
  * Driver implementers should ensure that they implement all of the functions
  * that make sense for their hardware, and that they provide a full solution
@@ -208,57 +209,59 @@
  *
  */
 typedef struct {
-    /**The size in bytes of the hardware-specific Opaque-MAC Context structure
+    /**The size in bytes of the hardware-specific secure element MAC context
+     * structure
     */
-    size_t                              context_size;
-    /** Function that performs the setup operation
+    size_t                    context_size;
+    /** Function that performs a MAC setup operation
      */
-    psa_drv_mac_opaque_setup_t          *p_setup;
-    /** Function that performs the update operation
+    psa_drv_se_mac_setup_t          p_setup;
+    /** Function that performs a MAC update operation
      */
-    psa_drv_mac_opaque_update_t         *p_update;
-    /** Function that completes the operation
+    psa_drv_se_mac_update_t         p_update;
+    /** Function that completes a MAC operation
      */
-    psa_drv_mac_opaque_finish_t         *p_finish;
-    /** Function that completed a MAC operation with a verify check
+    psa_drv_se_mac_finish_t         p_finish;
+    /** Function that completes a MAC operation with a verify check
      */
-    psa_drv_mac_opaque_finish_verify_t  *p_finish_verify;
-    /** Function that aborts a previoustly started operation
+    psa_drv_se_mac_finish_verify_t  p_finish_verify;
+    /** Function that aborts a previoustly started MAC operation
      */
-    psa_drv_mac_opaque_abort_t          *p_abort;
-    /** Function that performs the MAC operation in one call
+    psa_drv_se_mac_abort_t          p_abort;
+    /** Function that performs a MAC operation in one call
      */
-    psa_drv_mac_opaque_generate_t       *p_mac;
-    /** Function that performs the MAC and verify operation in one call
+    psa_drv_se_mac_generate_t       p_mac;
+    /** Function that performs a MAC and verify operation in one call
      */
-    psa_drv_mac_opaque_verify_t         *p_mac_verify;
-} psa_drv_mac_opaque_t;
+    psa_drv_se_mac_verify_t         p_mac_verify;
+} psa_drv_se_mac_t;
 /**@}*/
 
-/** \defgroup opaque_cipher Opaque Symmetric Ciphers
+/** \defgroup se_cipher Secure Element Symmetric Ciphers
  *
- * Encryption and Decryption using opaque keys in block modes other than ECB
- * must be done in multiple parts, using the following flow:
- * - `psa_drv_cipher_opaque_setup_t`
- * - `psa_drv_cipher_opaque_set_iv_t` (optional depending upon block mode)
- * - `psa_drv_cipher_opaque_update_t`
+ * Encryption and Decryption using secure element keys in block modes other
+ * than ECB must be done in multiple parts, using the following flow:
+ * - `psa_drv_se_cipher_setup_t`
+ * - `psa_drv_se_cipher_set_iv_t` (optional depending upon block mode)
+ * - `psa_drv_se_cipher_update_t`
+ * - `psa_drv_se_cipher_update_t`
  * - ...
- * - `psa_drv_cipher_opaque_finish_t`
-
- * If a previously started Opaque Cipher operation needs to be terminated, it
- * should be done so by the `psa_drv_cipher_opaque_abort_t`. Failure to do so may
- * result in allocated resources not being freed or in other undefined
- * behavior.
+ * - `psa_drv_se_cipher_finish_t`
+ *
+ * If a previously started secure element Cipher operation needs to be
+ * terminated, it should be done so by the `psa_drv_se_cipher_abort_t`. Failure
+ * to do so may result in allocated resources not being freed or in other
+ * undefined behavior.
  *
  * In situations where a PSA Cryptographic API implementation is using a block
  * mode not-supported by the underlying hardware or driver, it can construct
- * the block mode itself, while calling the `psa_drv_cipher_opaque_ecb_t` function
- * pointer for the cipher operations.
+ * the block mode itself, while calling the `psa_drv_se_cipher_ecb_t` function
+ * for the cipher operations.
  */
 /**@{*/
 
-/** \brief A function pointer that provides the cipher setup function for
- * opaque-key operations
+/** \brief A function that provides the cipher setup function for a
+ * secure element driver
  *
  * \param[in,out] p_context     A structure that will contain the
  *                              hardware-specific cipher context.
@@ -272,16 +275,16 @@
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_NOT_SUPPORTED
  */
-typedef psa_status_t (*psa_drv_cipher_opaque_setup_t)(void *p_context,
-                                                      psa_key_slot_t key_slot,
-                                                      psa_algorithm_t algorithm,
-                                                      psa_encrypt_or_decrypt_t direction);
+typedef psa_status_t (*psa_drv_se_cipher_setup_t)(void *p_context,
+                                                  psa_key_slot_number_t key_slot,
+                                                  psa_algorithm_t algorithm,
+                                                  psa_encrypt_or_decrypt_t direction);
 
-/** \brief A function pointer that sets the initialization vector (if
- * necessary) for an opaque cipher operation
+/** \brief A function that sets the initialization vector (if
+ * necessary) for an secure element cipher operation
  *
- * Rationale: The `psa_cipher_*` function in the PSA Cryptographic API has two
- * IV functions: one to set the IV, and one to generate it internally. The
+ * Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has
+ * two IV functions: one to set the IV, and one to generate it internally. The
  * generate function is not necessary for the drivers to implement as the PSA
  * Crypto implementation can do the generation using its RNG features.
  *
@@ -292,11 +295,11 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_opaque_set_iv_t)(void *p_context,
-                                                       const uint8_t *p_iv,
-                                                       size_t iv_length);
+typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *p_context,
+                                                   const uint8_t *p_iv,
+                                                   size_t iv_length);
 
-/** \brief A function that continues a previously started opaque-key cipher
+/** \brief A function that continues a previously started secure element cipher
  * operation
  *
  * \param[in,out] p_context         A hardware-specific structure for the
@@ -314,14 +317,14 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_opaque_update_t)(void *p_context,
-                                                       const uint8_t *p_input,
-                                                       size_t input_size,
-                                                       uint8_t *p_output,
-                                                       size_t output_size,
-                                                       size_t *p_output_length);
+typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *p_context,
+                                                   const uint8_t *p_input,
+                                                   size_t input_size,
+                                                   uint8_t *p_output,
+                                                   size_t output_size,
+                                                   size_t *p_output_length);
 
-/** \brief A function that completes a previously started opaque-key cipher
+/** \brief A function that completes a previously started secure element cipher
  * operation
  *
  * \param[in,out] p_context     A hardware-specific structure for the
@@ -335,21 +338,21 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_cipher_opaque_finish_t)(void *p_context,
-                                                       uint8_t *p_output,
-                                                       size_t output_size,
-                                                       size_t *p_output_length);
+typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *p_context,
+                                                   uint8_t *p_output,
+                                                   size_t output_size,
+                                                   size_t *p_output_length);
 
-/** \brief A function that aborts a previously started opaque-key cipher
+/** \brief A function that aborts a previously started secure element cipher
  * operation
  *
  * \param[in,out] p_context     A hardware-specific structure for the
  *                              previously started cipher operation
  */
-typedef psa_status_t (*psa_drv_cipher_opaque_abort_t)(void *p_context);
+typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *p_context);
 
-/** \brief A function that performs the ECB block mode for opaque-key cipher
- * operations
+/** \brief A function that performs the ECB block mode for secure element
+ * cipher operations
  *
  * Note: this function should only be used with implementations that do not
  * provide a needed higher-level operation.
@@ -370,58 +373,59 @@
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_NOT_SUPPORTED
  */
-typedef psa_status_t (*psa_drv_cipher_opaque_ecb_t)(psa_key_slot_t key_slot,
-                                                    psa_algorithm_t algorithm,
-                                                    psa_encrypt_or_decrypt_t direction,
-                                                    const uint8_t *p_input,
-                                                    size_t input_size,
-                                                    uint8_t *p_output,
-                                                    size_t output_size);
+typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_key_slot_number_t key_slot,
+                                                psa_algorithm_t algorithm,
+                                                psa_encrypt_or_decrypt_t direction,
+                                                const uint8_t *p_input,
+                                                size_t input_size,
+                                                uint8_t *p_output,
+                                                size_t output_size);
 
 /**
  * \brief A struct containing all of the function pointers needed to implement
- * cipher operations using opaque keys.
+ * cipher operations using secure elements.
  *
  * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup.
+ * appropriate upon startup or at build time.
  *
  * If one of the functions is not implemented (such as
- * `psa_drv_cipher_opaque_ecb_t`), it should be set to NULL.
+ * `psa_drv_se_cipher_ecb_t`), it should be set to NULL.
  */
 typedef struct {
-    /** The size in bytes of the hardware-specific Opaque Cipher context
-     * structure
+    /** The size in bytes of the hardware-specific secure element cipher
+     * context structure
      */
-    size_t                         size;
-    /** Function that performs the setup operation */
-    psa_drv_cipher_opaque_setup_t  *p_setup;
-    /** Function that sets the IV (if necessary) */
-    psa_drv_cipher_opaque_set_iv_t *p_set_iv;
-    /** Function that performs the update operation */
-    psa_drv_cipher_opaque_update_t *p_update;
-    /** Function that completes the operation */
-    psa_drv_cipher_opaque_finish_t *p_finish;
-    /** Function that aborts the operation */
-    psa_drv_cipher_opaque_abort_t  *p_abort;
-    /** Function that performs ECB mode for the cipher
+    size_t               context_size;
+    /** Function that performs a cipher setup operation */
+    psa_drv_se_cipher_setup_t  p_setup;
+    /** Function that sets a cipher IV (if necessary) */
+    psa_drv_se_cipher_set_iv_t p_set_iv;
+    /** Function that performs a cipher update operation */
+    psa_drv_se_cipher_update_t p_update;
+    /** Function that completes a cipher operation */
+    psa_drv_se_cipher_finish_t p_finish;
+    /** Function that aborts a cipher operation */
+    psa_drv_se_cipher_abort_t  p_abort;
+    /** Function that performs ECB mode for a cipher operation
      * (Danger: ECB mode should not be used directly by clients of the PSA
      * Crypto Client API)
      */
-    psa_drv_cipher_opaque_ecb_t    *p_ecb;
-} psa_drv_cipher_opaque_t;
+    psa_drv_se_cipher_ecb_t    p_ecb;
+} psa_drv_se_cipher_t;
 
 /**@}*/
 
-/** \defgroup opaque_asymmetric Opaque Asymmetric Cryptography
+/** \defgroup se_asymmetric Secure Element Asymmetric Cryptography
  *
  * Since the amount of data that can (or should) be encrypted or signed using
  * asymmetric keys is limited by the key size, asymmetric key operations using
- * opaque keys must be done in single function calls.
+ * keys in a secure element must be done in single function calls.
  */
 /**@{*/
 
 /**
- * \brief A function that signs a hash or short message with a private key
+ * \brief A function that signs a hash or short message with a private key in
+ * a secure element
  *
  * \param[in] key_slot              Key slot of an asymmetric key pair
  * \param[in] alg                   A signature algorithm that is compatible
@@ -435,17 +439,17 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_asymmetric_opaque_sign_t)(psa_key_slot_t key_slot,
-                                                         psa_algorithm_t alg,
-                                                         const uint8_t *p_hash,
-                                                         size_t hash_length,
-                                                         uint8_t *p_signature,
-                                                         size_t signature_size,
-                                                         size_t *p_signature_length);
+typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_key_slot_number_t key_slot,
+                                                     psa_algorithm_t alg,
+                                                     const uint8_t *p_hash,
+                                                     size_t hash_length,
+                                                     uint8_t *p_signature,
+                                                     size_t signature_size,
+                                                     size_t *p_signature_length);
 
 /**
  * \brief A function that verifies the signature a hash or short message using
- * an asymmetric public key
+ * an asymmetric public key in a secure element
  *
  * \param[in] key_slot          Key slot of a public key or an asymmetric key
  *                              pair
@@ -459,16 +463,16 @@
  * \retval PSA_SUCCESS
  *         The signature is valid.
  */
-typedef psa_status_t (*psa_drv_asymmetric_opaque_verify_t)(psa_key_slot_t key_slot,
-                                                           psa_algorithm_t alg,
-                                                           const uint8_t *p_hash,
-                                                           size_t hash_length,
-                                                           const uint8_t *p_signature,
-                                                           size_t signature_length);
+typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_key_slot_number_t key_slot,
+                                                       psa_algorithm_t alg,
+                                                       const uint8_t *p_hash,
+                                                       size_t hash_length,
+                                                       const uint8_t *p_signature,
+                                                       size_t signature_length);
 
 /**
  * \brief A function that encrypts a short message with an asymmetric public
- * key
+ * key in a secure element
  *
  * \param[in] key_slot          Key slot of a public key or an asymmetric key
  *                              pair
@@ -495,18 +499,19 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_asymmetric_opaque_encrypt_t)(psa_key_slot_t key_slot,
-                                                            psa_algorithm_t alg,
-                                                            const uint8_t *p_input,
-                                                            size_t input_length,
-                                                            const uint8_t *p_salt,
-                                                            size_t salt_length,
-                                                            uint8_t *p_output,
-                                                            size_t output_size,
-                                                            size_t *p_output_length);
+typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_key_slot_number_t key_slot,
+                                                        psa_algorithm_t alg,
+                                                        const uint8_t *p_input,
+                                                        size_t input_length,
+                                                        const uint8_t *p_salt,
+                                                        size_t salt_length,
+                                                        uint8_t *p_output,
+                                                        size_t output_size,
+                                                        size_t *p_output_length);
 
 /**
- * \brief Decrypt a short message with an asymmetric private key.
+ * \brief A function that decrypts a short message with an asymmetric private
+ * key in a secure element.
  *
  * \param[in] key_slot          Key slot of an asymmetric key pair
  * \param[in] alg               An asymmetric encryption algorithm that is
@@ -532,48 +537,49 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_asymmetric_opaque_decrypt_t)(psa_key_slot_t key_slot,
-                                                            psa_algorithm_t alg,
-                                                            const uint8_t *p_input,
-                                                            size_t input_length,
-                                                            const uint8_t *p_salt,
-                                                            size_t salt_length,
-                                                            uint8_t *p_output,
-                                                            size_t output_size,
-                                                            size_t *p_output_length);
+typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_key_slot_number_t key_slot,
+                                                        psa_algorithm_t alg,
+                                                        const uint8_t *p_input,
+                                                        size_t input_length,
+                                                        const uint8_t *p_salt,
+                                                        size_t salt_length,
+                                                        uint8_t *p_output,
+                                                        size_t output_size,
+                                                        size_t *p_output_length);
 
 /**
  * \brief A struct containing all of the function pointers needed to implement
- * asymmetric cryptographic operations using opaque keys.
+ * asymmetric cryptographic operations using secure elements.
  *
  * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup.
+ * appropriate upon startup or at build time.
  *
  * If one of the functions is not implemented, it should be set to NULL.
  */
 typedef struct {
-    /** Function that performs the asymmetric sign operation */
-    psa_drv_asymmetric_opaque_sign_t    *p_sign;
-    /** Function that performs the asymmetric verify operation */
-    psa_drv_asymmetric_opaque_verify_t  *p_verify;
-    /** Function that performs the asymmetric encrypt operation */
-    psa_drv_asymmetric_opaque_encrypt_t *p_encrypt;
-    /** Function that performs the asymmetric decrypt operation */
-    psa_drv_asymmetric_opaque_decrypt_t *p_decrypt;
-} psa_drv_asymmetric_opaque_t;
+    /** Function that performs an asymmetric sign operation */
+    psa_drv_se_asymmetric_sign_t    p_sign;
+    /** Function that performs an asymmetric verify operation */
+    psa_drv_se_asymmetric_verify_t  p_verify;
+    /** Function that performs an asymmetric encrypt operation */
+    psa_drv_se_asymmetric_encrypt_t p_encrypt;
+    /** Function that performs an asymmetric decrypt operation */
+    psa_drv_se_asymmetric_decrypt_t p_decrypt;
+} psa_drv_se_asymmetric_t;
 
 /**@}*/
 
-/** \defgroup aead_opaque AEAD Opaque
- * Authenticated Encryption with Additional Data (AEAD) operations with opaque
- * keys must be done in one function call. While this creates a burden for
+/** \defgroup se_aead Secure Element Authenticated Encryption with Additional Data
+ * Authenticated Encryption with Additional Data (AEAD) operations with secure
+ * elements must be done in one function call. While this creates a burden for
  * implementers as there must be sufficient space in memory for the entire
  * message, it prevents decrypted data from being made available before the
  * authentication operation is complete and the data is known to be authentic.
  */
 /**@{*/
 
-/** \brief Process an authenticated encryption operation using an opaque key
+/** \brief A function that performs a secure element authenticated encryption
+ * operation
  *
  * \param[in] key_slot                  Slot containing the key to use.
  * \param[in] algorithm                 The AEAD algorithm to compute
@@ -602,19 +608,19 @@
  * \retval #PSA_SUCCESS
  *         Success.
  */
-typedef psa_status_t (*psa_drv_aead_opaque_encrypt_t)(psa_key_slot_t key_slot,
-                                                      psa_algorithm_t algorithm,
-                                                      const uint8_t *p_nonce,
-                                                      size_t nonce_length,
-                                                      const uint8_t *p_additional_data,
-                                                      size_t additional_data_length,
-                                                      const uint8_t *p_plaintext,
-                                                      size_t plaintext_length,
-                                                      uint8_t *p_ciphertext,
-                                                      size_t ciphertext_size,
-                                                      size_t *p_ciphertext_length);
+typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_key_slot_number_t key_slot,
+                                                  psa_algorithm_t algorithm,
+                                                  const uint8_t *p_nonce,
+                                                  size_t nonce_length,
+                                                  const uint8_t *p_additional_data,
+                                                  size_t additional_data_length,
+                                                  const uint8_t *p_plaintext,
+                                                  size_t plaintext_length,
+                                                  uint8_t *p_ciphertext,
+                                                  size_t ciphertext_size,
+                                                  size_t *p_ciphertext_length);
 
-/** Process an authenticated decryption operation using an opaque key
+/** A function that peforms a secure element authenticated decryption operation
  *
  * \param[in] key_slot                  Slot containing the key to use
  * \param[in] algorithm                 The AEAD algorithm to compute
@@ -642,21 +648,21 @@
  * \retval #PSA_SUCCESS
  *         Success.
  */
-typedef psa_status_t (*psa_drv_aead_opaque_decrypt_t)(psa_key_slot_t key_slot,
-                                                      psa_algorithm_t algorithm,
-                                                      const uint8_t *p_nonce,
-                                                      size_t nonce_length,
-                                                      const uint8_t *p_additional_data,
-                                                      size_t additional_data_length,
-                                                      const uint8_t *p_ciphertext,
-                                                      size_t ciphertext_length,
-                                                      uint8_t *p_plaintext,
-                                                      size_t plaintext_size,
-                                                      size_t *p_plaintext_length);
+typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_key_slot_number_t key_slot,
+                                                  psa_algorithm_t algorithm,
+                                                  const uint8_t *p_nonce,
+                                                  size_t nonce_length,
+                                                  const uint8_t *p_additional_data,
+                                                  size_t additional_data_length,
+                                                  const uint8_t *p_ciphertext,
+                                                  size_t ciphertext_length,
+                                                  uint8_t *p_plaintext,
+                                                  size_t plaintext_size,
+                                                  size_t *p_plaintext_length);
 
 /**
  * \brief A struct containing all of the function pointers needed to implement
- * Authenticated Encryption with Additional Data operations using opaque keys
+ * secure element Authenticated Encryption with Additional Data operations
  *
  * PSA Crypto API implementations should populate instances of the table as
  * appropriate upon startup.
@@ -665,13 +671,13 @@
  */
 typedef struct {
     /** Function that performs the AEAD encrypt operation */
-    psa_drv_aead_opaque_encrypt_t *p_encrypt;
+    psa_drv_se_aead_encrypt_t p_encrypt;
     /** Function that performs the AEAD decrypt operation */
-    psa_drv_aead_opaque_decrypt_t *p_decrypt;
-} psa_drv_aead_opaque_t;
+    psa_drv_se_aead_decrypt_t p_decrypt;
+} psa_drv_se_aead_t;
 /**@}*/
 
-/** \defgroup driver_key_management Key Management
+/** \defgroup se_key_management Secure Element Key Management
  * Currently, key management is limited to importing keys in the clear,
  * destroying keys, and exporting keys in the clear.
  * Whether a key may be exported is determined by the key policies in place
@@ -679,7 +685,7 @@
  */
 /**@{*/
 
-/** \brief Import a key in binary format
+/** \brief A function that imports a key into a secure element in binary format
  *
  * This function can support any output from psa_export_key(). Refer to the
  * documentation of psa_export_key() for the format for each key type.
@@ -687,6 +693,7 @@
  * \param[in] key_slot      Slot where the key will be stored
  *                          This must be a valid slot for a key of the chosen
  *                          type. It must be unoccupied.
+ * \param[in] lifetime      The required lifetime of the key storage
  * \param[in] type          Key type (a \c PSA_KEY_TYPE_XXX value)
  * \param[in] algorithm     Key algorithm (a \c PSA_ALG_XXX value)
  * \param[in] usage         The allowed uses of the key
@@ -696,33 +703,33 @@
  * \retval #PSA_SUCCESS
  *         Success.
  */
-typedef psa_status_t (*psa_drv_opaque_import_key_t)(psa_key_slot_t key_slot,
-                                                    psa_key_type_t type,
-                                                    psa_algorithm_t algorithm,
-                                                    psa_key_usage_t usage,
-                                                    const uint8_t *p_data,
-                                                    size_t data_length);
+typedef psa_status_t (*psa_drv_se_import_key_t)(psa_key_slot_number_t key_slot,
+                                                psa_key_lifetime_t lifetime,
+                                                psa_key_type_t type,
+                                                psa_algorithm_t algorithm,
+                                                psa_key_usage_t usage,
+                                                const uint8_t *p_data,
+                                                size_t data_length);
 
 /**
- * \brief Destroy a key and restore the slot to its default state
+ * \brief A function that destroys a secure element key and restore the slot to
+ * its default state
  *
- * This function destroys the content of the key slot from both volatile
- * memory and, if applicable, non-volatile storage. Implementations shall
- * make a best effort to ensure that any previous content of the slot is
- * unrecoverable.
+ * This function destroys the content of the key from a secure element.
+ * Implementations shall make a best effort to ensure that any previous content
+ * of the slot is unrecoverable.
  *
- * This function also erases any metadata such as policies. It returns the
- * specified slot to its default state.
+ * This function returns the specified slot to its default state.
  *
  * \param[in] key_slot        The key slot to erase.
  *
  * \retval #PSA_SUCCESS
  *         The slot's content, if any, has been erased.
  */
-typedef psa_status_t (*psa_drv_destroy_key_t)(psa_key_slot_t key);
+typedef psa_status_t (*psa_drv_se_destroy_key_t)(psa_key_slot_number_t key);
 
 /**
- * \brief Export a key in binary format
+ * \brief A function that exports a secure element key in binary format
  *
  * The output of this function can be passed to psa_import_key() to
  * create an equivalent object.
@@ -732,19 +739,9 @@
  * identical: the implementation may choose a different representation
  * of the same key if the format permits it.
  *
- * For standard key types, the output format is as follows:
- *
- * - For symmetric keys (including MAC keys), the format is the
- *   raw bytes of the key.
- * - For DES, the key data consists of 8 bytes. The parity bits must be
- *   correct.
- * - For Triple-DES, the format is the concatenation of the
- *   two or three DES keys.
- * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEYPAIR), the format
- *   is the non-encrypted DER representation defined by PKCS\#1 (RFC 8017)
- *   as RSAPrivateKey.
- * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the format
- *   is the DER representation defined by RFC 5280 as SubjectPublicKeyInfo.
+ * This function should generate output in the same format that
+ * `psa_export_key()` does. Refer to the
+ * documentation of `psa_export_key()` for the format for each key type.
  *
  * \param[in] key               Slot whose content is to be exported. This must
  *                              be an occupied key slot.
@@ -754,67 +751,79 @@
  *                              that make up the key data.
  *
  * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  * \retval #PSA_ERROR_NOT_PERMITTED
  * \retval #PSA_ERROR_NOT_SUPPORTED
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
-typedef psa_status_t (*psa_drv_export_key_t)(psa_key_slot_t key,
-                                             uint8_t *p_data,
-                                             size_t data_size,
-                                             size_t *p_data_length);
+typedef psa_status_t (*psa_drv_se_export_key_t)(psa_key_slot_number_t key,
+                                                uint8_t *p_data,
+                                                size_t data_size,
+                                                size_t *p_data_length);
 
 /**
- * \brief Export a public key or the public part of a key pair in binary format
+ * \brief A function that generates a symmetric or asymmetric key on a secure
+ * element
  *
- * The output of this function can be passed to psa_import_key() to
- * create an object that is equivalent to the public key.
+ * If \p type is asymmetric (`#PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) == 1`),
+ * the public component of the generated key will be placed in `p_pubkey_out`.
+ * The format of the public key information will match the format specified for
+ * the psa_export_key() function for the key type.
  *
- * For standard key types, the output format is as follows:
- *
- * - For RSA keys (#PSA_KEY_TYPE_RSA_KEYPAIR or #PSA_KEY_TYPE_RSA_PUBLIC_KEY),
- *   the format is the DER representation of the public key defined by RFC 5280
- *   as SubjectPublicKeyInfo.
- *
- * \param[in] key_slot          Slot whose content is to be exported. This must
- *                              be an occupied key slot.
- * \param[out] p_data           Buffer where the key data is to be written.
- * \param[in] data_size         Size of the `data` buffer in bytes.
- * \param[out] p_data_length    On success, the number of bytes
- *                              that make up the key data.
- *
- * \retval #PSA_SUCCESS
+ * \param[in] key_slot      Slot where the generated key will be placed
+ * \param[in] type          The type of the key to be generated
+ * \param[in] usage         The prescribed usage of the generated key
+ *                          Note: Not all Secure Elements support the same
+ *                          restrictions that PSA Crypto does (and vice versa).
+ *                          Driver developers should endeavor to match the
+ *                          usages as close as possible.
+ * \param[in] bits          The size in bits of the key to be generated.
+ * \param[in] extra         Extra parameters for key generation. The
+ *                          interpretation of this parameter should match the
+ *                          interpretation in the `extra` parameter is the
+ *                          `psa_generate_key` function
+ * \param[in] extra_size    The size in bytes of the \p extra buffer
+ * \param[out] p_pubkey_out The buffer where the public key information will
+ *                          be placed
+ * \param[in] pubkey_out_size   The size in bytes of the `p_pubkey_out` buffer
+ * \param[out] p_pubkey_length  Upon successful completion, will contain the
+ *                              size of the data placed in `p_pubkey_out`.
  */
-typedef psa_status_t (*psa_drv_export_public_key_t)(psa_key_slot_t key,
-                                                    uint8_t *p_data,
-                                                    size_t data_size,
-                                                    size_t *p_data_length);
+typedef psa_status_t (*psa_drv_se_generate_key_t)(psa_key_slot_number_t key_slot,
+                                                  psa_key_type_t type,
+                                                  psa_key_usage_t usage,
+                                                  size_t bits,
+                                                  const void *extra,
+                                                  size_t extra_size,
+                                                  uint8_t *p_pubkey_out,
+                                                  size_t pubkey_out_size,
+                                                  size_t *p_pubkey_length);
 
 /**
- * \brief A struct containing all of the function pointers needed to for key
- * management using opaque keys
+ * \brief A struct containing all of the function pointers needed to for secure
+ * element key management
  *
  * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup.
+ * appropriate upon startup or at build time.
  *
  * If one of the functions is not implemented, it should be set to NULL.
  */
 typedef struct {
-    /** Function that performs the key import operation */
-    psa_drv_opaque_import_key_t *p_import;
-    /** Function that performs the key destroy operation */
-    psa_drv_destroy_key_t       *p_destroy;
-    /** Function that performs the key export operation */
-    psa_drv_export_key_t        *p_export;
-    /** Function that perforsm the public key export operation */
-    psa_drv_export_public_key_t *p_export_public;
-} psa_drv_key_management_t;
+    /** Function that performs a key import operation */
+    psa_drv_se_import_key_t     p_import;
+    /** Function that performs a generation */
+    psa_drv_se_generate_key_t   p_generate;
+    /** Function that performs a key destroy operation */
+    psa_drv_se_destroy_key_t    p_destroy;
+    /** Function that performs a key export operation */
+    psa_drv_se_export_key_t     p_export;
+} psa_drv_se_key_management_t;
 
 /**@}*/
 
-/** \defgroup driver_derivation Key Derivation and Agreement
+/** \defgroup driver_derivation Secure Element Key Derivation and Agreement
  * Key derivation is the process of generating new key material using an
  * existing key and additional parameters, iterating through a basic
  * cryptographic function, such as a hash.
@@ -825,53 +834,46 @@
  * for both of the flows.
  *
  * There are two different final functions for the flows,
- * `psa_drv_key_derivation_derive` and `psa_drv_key_derivation_export`.
- * `psa_drv_key_derivation_derive` is used when the key material should be placed
- * in a slot on the hardware and not exposed to the caller.
- * `psa_drv_key_derivation_export` is used when the key material should be returned
- * to the PSA Cryptographic API implementation.
+ * `psa_drv_se_key_derivation_derive` and `psa_drv_se_key_derivation_export`.
+ * `psa_drv_se_key_derivation_derive` is used when the key material should be
+ * placed in a slot on the hardware and not exposed to the caller.
+ * `psa_drv_se_key_derivation_export` is used when the key material should be
+ * returned to the PSA Cryptographic API implementation.
  *
  * Different key derivation algorithms require a different number of inputs.
  * Instead of having an API that takes as input variable length arrays, which
  * can be problemmatic to manage on embedded platforms, the inputs are passed
- * to the driver via a function, `psa_drv_key_derivation_collateral`, that is
- * called multiple times with different `collateral_id`s. Thus, for a key
+ * to the driver via a function, `psa_drv_se_key_derivation_collateral`, that
+ * is called multiple times with different `collateral_id`s. Thus, for a key
  * derivation algorithm that required 3 paramter inputs, the flow would look
  * something like:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
- * psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_0,
- *                                   p_collateral_0,
- *                                   collateral_0_size);
- * psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_1,
- *                                   p_collateral_1,
- *                                   collateral_1_size);
- * psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_2,
- *                                   p_collateral_2,
- *                                   collateral_2_size);
- * psa_drv_key_derivation_derive();
+ * psa_drv_se_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
+ * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_0,
+ *                                      p_collateral_0,
+ *                                      collateral_0_size);
+ * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_1,
+ *                                      p_collateral_1,
+ *                                      collateral_1_size);
+ * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_2,
+ *                                      p_collateral_2,
+ *                                      collateral_2_size);
+ * psa_drv_se_key_derivation_derive();
  * ~~~~~~~~~~~~~
  *
  * key agreement example:
  * ~~~~~~~~~~~~~{.c}
- * psa_drv_key_derivation_setup(alg, source_key. dest_key_size_bytes);
- * psa_drv_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);
- * psa_drv_key_derivation_export(p_session_key,
- *                               session_key_size,
- *                               &session_key_length);
+ * psa_drv_se_key_derivation_setup(alg, source_key. dest_key_size_bytes);
+ * psa_drv_se_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);
+ * psa_drv_se_key_derivation_export(p_session_key,
+ *                                  session_key_size,
+ *                                  &session_key_length);
  * ~~~~~~~~~~~~~
  */
 /**@{*/
 
-/** \brief The hardware-specific key derivation context structure
- *
- * The contents of this structure are implementation dependent and are
- * therefore not described here
- */
-typedef struct psa_drv_key_derivation_context_s psa_drv_key_derivation_context_t;
-
-/** \brief Set up a key derivation operation by specifying the algorithm and
- * the source key sot
+/** \brief A function that Sets up a secure element key derivation operation by
+ * specifying the algorithm and the source key sot
  *
  * \param[in,out] p_context A hardware-specific structure containing any
  *                          context information for the implementation
@@ -881,12 +883,12 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_key_derivation_setup_t)(psa_drv_key_derivation_context_t *p_context,
-                                                       psa_algorithm_t kdf_alg,
-                                                       psa_key_slot_t source_key);
+typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(void *p_context,
+                                                          psa_algorithm_t kdf_alg,
+                                                          psa_key_slot_number_t source_key);
 
-/** \brief Provide collateral (parameters) needed for a key derivation or key
- * agreement operation
+/** \brief A function that provides collateral (parameters) needed for a secure
+ * element key derivation or key agreement operation
  *
  * Since many key derivation algorithms require multiple parameters, it is
  * expeced that this function may be called multiple times for the same
@@ -900,13 +902,14 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_key_derivation_collateral_t)(psa_drv_key_derivation_context_t *p_context,
-                                                            uint32_t collateral_id,
-                                                            const uint8_t *p_collateral,
-                                                            size_t collateral_size);
+typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *p_context,
+                                                               uint32_t collateral_id,
+                                                               const uint8_t *p_collateral,
+                                                               size_t collateral_size);
 
-/** \brief Perform the final key derivation step and place the generated key
- * material in a slot
+/** \brief A function that performs the final secure element key derivation
+ * step and place the generated key material in a slot
+ *
  * \param[in,out] p_context     A hardware-specific structure containing any
  *                              context information for the implementation
  * \param[in] dest_key          The slot where the generated key material
@@ -914,11 +917,11 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_key_derivation_derive_t)(psa_drv_key_derivation_context_t *p_context,
-                                                        psa_key_slot_t dest_key);
+typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *p_context,
+                                                          psa_key_slot_number_t dest_key);
 
-/** \brief Perform the final step of a key agreement and place the generated
- * key material in a buffer
+/** \brief A function that performs the final step of a secure element key
+ * agreement and place the generated key material in a buffer
  *
  * \param[out] p_output         Buffer in which to place the generated key
  *                              material
@@ -928,13 +931,14 @@
  *
  * \retval PSA_SUCCESS
  */
-typedef psa_status_t (*psa_drv_key_derivation_export_t)(uint8_t *p_output,
-                                                        size_t output_size,
-                                                        size_t *p_output_length);
+typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *p_context,
+                                                           uint8_t *p_output,
+                                                           size_t output_size,
+                                                           size_t *p_output_length);
 
 /**
- * \brief A struct containing all of the function pointers needed to for key
- * derivation and agreement
+ * \brief A struct containing all of the function pointers needed to for secure
+ * element key derivation and agreement
  *
  * PSA Crypto API implementations should populate instances of the table as
  * appropriate upon startup.
@@ -942,16 +946,18 @@
  * If one of the functions is not implemented, it should be set to NULL.
  */
 typedef struct {
-    /** Function that performs the key derivation setup */
-    psa_drv_key_derivation_setup_t      *p_setup;
-    /** Function that sets the key derivation collateral */
-    psa_drv_key_derivation_collateral_t *p_collateral;
-    /** Function that performs the final key derivation step */
-    psa_drv_key_derivation_derive_t     *p_derive;
-    /** Function that perforsm the final key derivation or agreement and
+    /** The driver-specific size of the key derivation context */
+    size_t                           context_size;
+    /** Function that performs a key derivation setup */
+    psa_drv_se_key_derivation_setup_t      p_setup;
+    /** Function that sets key derivation collateral */
+    psa_drv_se_key_derivation_collateral_t p_collateral;
+    /** Function that performs a final key derivation step */
+    psa_drv_se_key_derivation_derive_t     p_derive;
+    /** Function that perforsm a final key derivation or agreement and
      * exports the key */
-    psa_drv_key_derivation_export_t     *p_export;
-} psa_drv_key_derivation_t;
+    psa_drv_se_key_derivation_export_t     p_export;
+} psa_drv_se_key_derivation_t;
 
 /**@}*/
 
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index e1ac630..f0f31e6 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -53,6 +53,9 @@
 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
 
+#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
+    (((length) + (block_size) - 1) / (block_size) * (block_size))
+
 /** The size of the output of psa_hash_finish(), in bytes.
  *
  * This is also the hash size that psa_hash_verify() expects.
@@ -187,6 +190,47 @@
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
 #endif
 
+/** Bit size associated with an elliptic curve.
+ *
+ * \param curve     An elliptic curve (value of type #psa_ecc_curve_t).
+ *
+ * \return          The size associated with \p curve, in bits.
+ *                  This may be 0 if the implementation does not support
+ *                  the specified curve.
+ */
+#define PSA_ECC_CURVE_BITS(curve)               \
+    ((curve) == PSA_ECC_CURVE_SECT163K1        ? 163 : \
+     (curve) == PSA_ECC_CURVE_SECT163R1        ? 163 : \
+     (curve) == PSA_ECC_CURVE_SECT163R2        ? 163 : \
+     (curve) == PSA_ECC_CURVE_SECT193R1        ? 193 : \
+     (curve) == PSA_ECC_CURVE_SECT193R2        ? 193 : \
+     (curve) == PSA_ECC_CURVE_SECT233K1        ? 233 : \
+     (curve) == PSA_ECC_CURVE_SECT233R1        ? 233 : \
+     (curve) == PSA_ECC_CURVE_SECT239K1        ? 239 : \
+     (curve) == PSA_ECC_CURVE_SECT283K1        ? 283 : \
+     (curve) == PSA_ECC_CURVE_SECT283R1        ? 283 : \
+     (curve) == PSA_ECC_CURVE_SECT409K1        ? 409 : \
+     (curve) == PSA_ECC_CURVE_SECT409R1        ? 409 : \
+     (curve) == PSA_ECC_CURVE_SECT571K1        ? 571 : \
+     (curve) == PSA_ECC_CURVE_SECT571R1        ? 571 : \
+     (curve) == PSA_ECC_CURVE_SECP160K1        ? 160 : \
+     (curve) == PSA_ECC_CURVE_SECP160R1        ? 160 : \
+     (curve) == PSA_ECC_CURVE_SECP160R2        ? 160 : \
+     (curve) == PSA_ECC_CURVE_SECP192K1        ? 192 : \
+     (curve) == PSA_ECC_CURVE_SECP192R1        ? 192 : \
+     (curve) == PSA_ECC_CURVE_SECP224K1        ? 224 : \
+     (curve) == PSA_ECC_CURVE_SECP224R1        ? 224 : \
+     (curve) == PSA_ECC_CURVE_SECP256K1        ? 256 : \
+     (curve) == PSA_ECC_CURVE_SECP256R1        ? 256 : \
+     (curve) == PSA_ECC_CURVE_SECP384R1        ? 384 : \
+     (curve) == PSA_ECC_CURVE_SECP521R1        ? 521 : \
+     (curve) == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
+     (curve) == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
+     (curve) == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
+     (curve) == PSA_ECC_CURVE_CURVE25519       ? 255 : \
+     (curve) == PSA_ECC_CURVE_CURVE448         ? 448 : \
+     0)
+
 /** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
  *
  * This macro returns the maximum length of the PSK supported
@@ -268,27 +312,6 @@
      (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) :              \
      0)
 
-/** The maximum size of the output of psa_aead_finish(), in bytes.
- *
- * If the size of the ciphertext buffer is at least this large, it is
- * guaranteed that psa_aead_finish() will not fail due to an
- * insufficient buffer size. Depending on the algorithm, the actual size of
- * the ciphertext may be smaller.
- *
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return                    The maximum trailing ciphertext size for the
- *                            specified algorithm.
- *                            If the AEAD algorithm is not recognized, return 0.
- *                            An implementation may return either 0 or a
- *                            correct size for an AEAD algorithm that it
- *                            recognizes, but does not support.
- */
-#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg)      \
-    ((size_t)0)
-
 /** The maximum size of the output of psa_aead_decrypt(), in bytes.
  *
  * If the size of the plaintext buffer is at least this large, it is
@@ -310,12 +333,86 @@
  */
 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length)      \
     (PSA_AEAD_TAG_LENGTH(alg) != 0 ?                              \
-     (plaintext_length) - PSA_AEAD_TAG_LENGTH(alg) :              \
+     (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) :             \
      0)
 
-#define PSA_RSA_MINIMUM_PADDING_SIZE(alg)                               \
-    (PSA_ALG_IS_RSA_OAEP(alg) ?                                         \
-     2 * PSA_HASH_FINAL_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 :      \
+/** A sufficient output buffer size for psa_aead_update().
+ *
+ * If the size of the output buffer is at least this large, it is
+ * guaranteed that psa_aead_update() will not fail due to an
+ * insufficient buffer size. The actual size of the output may be smaller
+ * in any given call.
+ *
+ * \param alg                 An AEAD algorithm
+ *                            (\c PSA_ALG_XXX value such that
+ *                            #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param input_length        Size of the input in bytes.
+ *
+ * \return                    A sufficient output buffer size for the specified
+ *                            algorithm.
+ *                            If the AEAD algorithm is not recognized, return 0.
+ *                            An implementation may return either 0 or a
+ *                            correct size for an AEAD algorithm that it
+ *                            recognizes, but does not support.
+ */
+/* For all the AEAD modes defined in this specification, it is possible
+ * to emit output without delay. However, hardware may not always be
+ * capable of this. So for modes based on a block cipher, allow the
+ * implementation to delay the output until it has a full block. */
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length)                  \
+    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?                             \
+     PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
+     (input_length))
+
+/** A sufficient ciphertext buffer size for psa_aead_finish().
+ *
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_aead_finish() will not fail due to an
+ * insufficient ciphertext buffer size. The actual size of the output may
+ * be smaller in any given call.
+ *
+ * \param alg                 An AEAD algorithm
+ *                            (\c PSA_ALG_XXX value such that
+ *                            #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return                    A sufficient ciphertext buffer size for the
+ *                            specified algorithm.
+ *                            If the AEAD algorithm is not recognized, return 0.
+ *                            An implementation may return either 0 or a
+ *                            correct size for an AEAD algorithm that it
+ *                            recognizes, but does not support.
+ */
+#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg)                                \
+    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?                             \
+     PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE :                                  \
+     0)
+
+/** A sufficient plaintext buffer size for psa_aead_verify().
+ *
+ * If the size of the plaintext buffer is at least this large, it is
+ * guaranteed that psa_aead_verify() will not fail due to an
+ * insufficient plaintext buffer size. The actual size of the output may
+ * be smaller in any given call.
+ *
+ * \param alg                 An AEAD algorithm
+ *                            (\c PSA_ALG_XXX value such that
+ *                            #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return                    A sufficient plaintext buffer size for the
+ *                            specified algorithm.
+ *                            If the AEAD algorithm is not recognized, return 0.
+ *                            An implementation may return either 0 or a
+ *                            correct size for an AEAD algorithm that it
+ *                            recognizes, but does not support.
+ */
+#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg)                                \
+    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?                             \
+     PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE :                                  \
+     0)
+
+#define PSA_RSA_MINIMUM_PADDING_SIZE(alg)                         \
+    (PSA_ALG_IS_RSA_OAEP(alg) ?                                   \
+     2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 :      \
      11 /*PKCS#1v1.5*/)
 
 /**
@@ -329,9 +426,9 @@
 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)    \
     (PSA_BITS_TO_BYTES(curve_bits) * 2)
 
-/** Safe signature buffer size for psa_asymmetric_sign().
+/** Sufficient signature buffer size for psa_asymmetric_sign().
  *
- * This macro returns a safe buffer size for a signature using a key
+ * This macro returns a sufficient buffer size for a signature using a key
  * of the specified type and size, with the specified algorithm.
  * Note that the actual size of the signature may be smaller
  * (some algorithms produce a variable-size signature).
@@ -350,7 +447,7 @@
  *         psa_asymmetric_sign() will not fail with
  *         #PSA_ERROR_BUFFER_TOO_SMALL.
  *         If the parameters are a valid combination that is not supported
- *         by the implementation, this macro either shall return either a
+ *         by the implementation, this macro shall return either a
  *         sensible size or 0.
  *         If the parameters are not valid, the
  *         return value is unspecified.
@@ -360,9 +457,9 @@
      PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
      ((void)alg, 0))
 
-/** Safe output buffer size for psa_asymmetric_encrypt().
+/** Sufficient output buffer size for psa_asymmetric_encrypt().
  *
- * This macro returns a safe buffer size for a ciphertext produced using
+ * This macro returns a sufficient buffer size for a ciphertext produced using
  * a key of the specified type and size, with the specified algorithm.
  * Note that the actual size of the ciphertext may be smaller, depending
  * on the algorithm.
@@ -381,7 +478,7 @@
  *         psa_asymmetric_encrypt() will not fail with
  *         #PSA_ERROR_BUFFER_TOO_SMALL.
  *         If the parameters are a valid combination that is not supported
- *         by the implementation, this macro either shall return either a
+ *         by the implementation, this macro shall return either a
  *         sensible size or 0.
  *         If the parameters are not valid, the
  *         return value is unspecified.
@@ -391,9 +488,9 @@
      ((void)alg, PSA_BITS_TO_BYTES(key_bits)) :                         \
      0)
 
-/** Safe output buffer size for psa_asymmetric_decrypt().
+/** Sufficient output buffer size for psa_asymmetric_decrypt().
  *
- * This macro returns a safe buffer size for a ciphertext produced using
+ * This macro returns a sufficient buffer size for a ciphertext produced using
  * a key of the specified type and size, with the specified algorithm.
  * Note that the actual size of the ciphertext may be smaller, depending
  * on the algorithm.
@@ -412,7 +509,7 @@
  *         psa_asymmetric_decrypt() will not fail with
  *         #PSA_ERROR_BUFFER_TOO_SMALL.
  *         If the parameters are a valid combination that is not supported
- *         by the implementation, this macro either shall return either a
+ *         by the implementation, this macro shall return either a
  *         sensible size or 0.
  *         If the parameters are not valid, the
  *         return value is unspecified.
@@ -438,25 +535,16 @@
 /* Maximum size of the export encoding of an RSA public key.
  * Assumes that the public exponent is less than 2^32.
  *
- * SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *      algorithm            AlgorithmIdentifier,
- *      subjectPublicKey     BIT STRING  } -- contains RSAPublicKey
- * AlgorithmIdentifier  ::=  SEQUENCE  {
- *      algorithm               OBJECT IDENTIFIER,
- *      parameters              NULL  }
  * RSAPublicKey  ::=  SEQUENCE  {
  *    modulus            INTEGER,    -- n
  *    publicExponent     INTEGER  }  -- e
  *
- * - 3 * 4 bytes of SEQUENCE overhead;
- * - 1 + 1 + 9 bytes of algorithm (RSA OID);
- * - 2 bytes of NULL;
- * - 4 bytes of BIT STRING overhead;
+ * - 4 bytes of SEQUENCE overhead;
  * - n : INTEGER;
  * - 7 bytes for the public exponent.
  */
 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36)
+    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
 
 /* Maximum size of the export encoding of an RSA key pair.
  * Assumes thatthe public exponent is less than 2^32 and that the size
@@ -480,7 +568,7 @@
  *   overapproximated as 9 half-size INTEGERS;
  * - 7 bytes for the public exponent.
  */
-#define PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits)   \
+#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits)   \
     (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
 
 /* Maximum size of the export encoding of a DSA public key.
@@ -518,40 +606,30 @@
  * - 3 full-size INTEGERs (p, g, y);
  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
  */
-#define PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits)   \
+#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits)   \
     (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
 
 /* Maximum size of the export encoding of an ECC public key.
  *
- * SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *      algorithm            AlgorithmIdentifier,
- *      subjectPublicKey     BIT STRING  } -- contains ECPoint
- * AlgorithmIdentifier  ::=  SEQUENCE  {
- *      algorithm               OBJECT IDENTIFIER,
- *      parameters              OBJECT IDENTIFIER } -- namedCurve
- * ECPoint ::= ...
- *    -- first 8 bits: 0x04;
- *    -- then x_P as a `ceiling(m/8)`-byte string, big endian;
- *    -- then y_P as a `ceiling(m/8)`-byte string, big endian;
- *    -- where `m` is the bit size associated with the curve.
+ * The representation of an ECC public key is:
+ *      - The byte 0x04;
+ *      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+ *      - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
+ *      - where m is the bit size associated with the curve.
  *
- * - 2 * 4 bytes of SEQUENCE overhead;
- * - 1 + 1 + 7 bytes of algorithm (id-ecPublicKey OID);
- * - 1 + 1 + 12 bytes of namedCurve OID;
- * - 4 bytes of BIT STRING overhead;
- * - 1 byte + 2 * point size in ECPoint.
+ * - 1 byte + 2 * point size.
  */
 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (2 * PSA_BITS_TO_BYTES(key_bits) + 36)
+    (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
 
 /* Maximum size of the export encoding of an ECC key pair.
  *
  * An ECC key pair is represented by the secret value.
  */
-#define PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits)   \
+#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits)   \
     (PSA_BITS_TO_BYTES(key_bits))
 
-/** Safe output buffer size for psa_export_key() or psa_export_public_key().
+/** Sufficient output buffer size for psa_export_key() or psa_export_public_key().
  *
  * This macro returns a compile-time constant if its arguments are
  * compile-time constants.
@@ -563,32 +641,36 @@
  * The following code illustrates how to allocate enough memory to export
  * a key by querying the key type and size at runtime.
  * \code{c}
- * psa_key_type_t key_type;
- * size_t key_bits;
+ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
  * psa_status_t status;
- * status = psa_get_key_information(key, &key_type, &key_bits);
+ * status = psa_get_key_attributes(key, &attributes);
  * if (status != PSA_SUCCESS) handle_error(...);
+ * psa_key_type_t key_type = psa_get_key_type(&attributes);
+ * size_t key_bits = psa_get_key_bits(&attributes);
  * size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits);
+ * psa_reset_key_attributes(&attributes);
  * unsigned char *buffer = malloc(buffer_size);
- * if (buffer != NULL) handle_error(...);
+ * if (buffer == NULL) handle_error(...);
  * size_t buffer_length;
  * status = psa_export_key(key, buffer, buffer_size, &buffer_length);
  * if (status != PSA_SUCCESS) handle_error(...);
  * \endcode
  *
  * For psa_export_public_key(), calculate the buffer size from the
- * public key type. You can use the macro #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR
+ * public key type. You can use the macro #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR
  * to convert a key pair type to the corresponding public key type.
  * \code{c}
- * psa_key_type_t key_type;
- * size_t key_bits;
+ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
  * psa_status_t status;
- * status = psa_get_key_information(key, &key_type, &key_bits);
+ * status = psa_get_key_attributes(key, &attributes);
  * if (status != PSA_SUCCESS) handle_error(...);
- * psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(key_type);
+ * psa_key_type_t key_type = psa_get_key_type(&attributes);
+ * psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
+ * size_t key_bits = psa_get_key_bits(&attributes);
  * size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(public_key_type, key_bits);
+ * psa_reset_key_attributes(&attributes);
  * unsigned char *buffer = malloc(buffer_size);
- * if (buffer != NULL) handle_error(...);
+ * if (buffer == NULL) handle_error(...);
  * size_t buffer_length;
  * status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
  * if (status != PSA_SUCCESS) handle_error(...);
@@ -602,18 +684,18 @@
  *         psa_asymmetric_sign() will not fail with
  *         #PSA_ERROR_BUFFER_TOO_SMALL.
  *         If the parameters are a valid combination that is not supported
- *         by the implementation, this macro either shall return either a
+ *         by the implementation, this macro shall return either a
  *         sensible size or 0.
  *         If the parameters are not valid, the
  *         return value is unspecified.
  */
 #define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits)                     \
     (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
-     (key_type) == PSA_KEY_TYPE_RSA_KEYPAIR ? PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) : \
+     (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
      (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
-     (key_type) == PSA_KEY_TYPE_DSA_KEYPAIR ? PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) : \
+     (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
      (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
-     PSA_KEY_TYPE_IS_ECC_KEYPAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) : \
+     PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
      PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
      0)
 
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 2414ad5..885d908 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -186,16 +186,16 @@
 #endif
     uint8_t offset_in_block;
     uint8_t block_number;
-    uint8_t state : 2;
-    uint8_t info_set : 1;
-} psa_hkdf_generator_t;
+    unsigned int state : 2;
+    unsigned int info_set : 1;
+} psa_hkdf_key_derivation_t;
 #endif /* MBEDTLS_MD_C */
 
 #if defined(MBEDTLS_MD_C)
-typedef struct psa_tls12_prf_generator_s
+typedef struct psa_tls12_prf_key_derivation_s
 {
     /* The TLS 1.2 PRF uses the key for each HMAC iteration,
-     * hence we must store it for the lifetime of the generator.
+     * hence we must store it for the lifetime of the operation.
      * This is different from HKDF, where the key is only used
      * in the extraction phase, but not during expansion. */
     unsigned char *key;
@@ -219,10 +219,10 @@
     /* The 1-based number of the block. */
     uint8_t block_number;
 
-} psa_tls12_prf_generator_t;
+} psa_tls12_prf_key_derivation_t;
 #endif /* MBEDTLS_MD_C */
 
-struct psa_crypto_generator_s
+struct psa_key_derivation_s
 {
     psa_algorithm_t alg;
     size_t capacity;
@@ -234,16 +234,16 @@
             size_t size;
         } buffer;
 #if defined(MBEDTLS_MD_C)
-        psa_hkdf_generator_t hkdf;
-        psa_tls12_prf_generator_t tls12_prf;
+        psa_hkdf_key_derivation_t hkdf;
+        psa_tls12_prf_key_derivation_t tls12_prf;
 #endif
     } ctx;
 };
 
-#define PSA_CRYPTO_GENERATOR_INIT {0, 0, {{0, 0}}}
-static inline struct psa_crypto_generator_s psa_crypto_generator_init( void )
+#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {{0, 0}}}
+static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
 {
-    const struct psa_crypto_generator_s v = PSA_CRYPTO_GENERATOR_INIT;
+    const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
     return( v );
 }
 
@@ -252,6 +252,7 @@
     psa_key_usage_t usage;
     psa_algorithm_t alg;
 };
+typedef struct psa_key_policy_s psa_key_policy_t;
 
 #define PSA_KEY_POLICY_INIT {0, 0}
 static inline struct psa_key_policy_s psa_key_policy_init( void )
@@ -260,4 +261,117 @@
     return( v );
 }
 
+struct psa_key_attributes_s
+{
+    psa_key_id_t id;
+    psa_key_lifetime_t lifetime;
+    psa_key_policy_t policy;
+    psa_key_type_t type;
+    size_t bits;
+    void *domain_parameters;
+    size_t domain_parameters_size;
+};
+
+#define PSA_KEY_ATTRIBUTES_INIT {0, 0, {0, 0}, 0, 0, NULL, 0}
+static inline struct psa_key_attributes_s psa_key_attributes_init( void )
+{
+    const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
+    return( v );
+}
+
+static inline void psa_set_key_id(psa_key_attributes_t *attributes,
+                                  psa_key_id_t id)
+{
+    attributes->id = id;
+    if( attributes->lifetime == PSA_KEY_LIFETIME_VOLATILE )
+        attributes->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+}
+
+static inline psa_key_id_t psa_get_key_id(
+    const psa_key_attributes_t *attributes)
+{
+    return( attributes->id );
+}
+
+static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
+                                        psa_key_lifetime_t lifetime)
+{
+    attributes->lifetime = lifetime;
+    if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
+        attributes->id = 0;
+}
+
+static inline psa_key_lifetime_t psa_get_key_lifetime(
+    const psa_key_attributes_t *attributes)
+{
+    return( attributes->lifetime );
+}
+
+static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
+                                           psa_key_usage_t usage_flags)
+{
+    attributes->policy.usage = usage_flags;
+}
+
+static inline psa_key_usage_t psa_get_key_usage_flags(
+    const psa_key_attributes_t *attributes)
+{
+    return( attributes->policy.usage );
+}
+
+static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
+                                         psa_algorithm_t alg)
+{
+    attributes->policy.alg = alg;
+}
+
+static inline psa_algorithm_t psa_get_key_algorithm(
+    const psa_key_attributes_t *attributes)
+{
+    return( attributes->policy.alg );
+}
+
+/* This function is declared in crypto_extra.h, which comes after this
+ * header file, but we need the function here, so repeat the declaration. */
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+                                           psa_key_type_t type,
+                                           const uint8_t *data,
+                                           size_t data_length);
+
+static inline void psa_set_key_type(psa_key_attributes_t *attributes,
+                                    psa_key_type_t type)
+{
+    if( attributes->domain_parameters == NULL )
+    {
+        /* Common case: quick path */
+        attributes->type = type;
+    }
+    else
+    {
+        /* Call the bigger function to free the old domain paramteres.
+         * Ignore any errors which may arise due to type requiring
+         * non-default domain parameters, since this function can't
+         * report errors. */
+        (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
+    }
+}
+
+static inline psa_key_type_t psa_get_key_type(
+    const psa_key_attributes_t *attributes)
+{
+    return( attributes->type );
+}
+
+static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
+                                    size_t bits)
+{
+    attributes->bits = bits;
+}
+
+static inline size_t psa_get_key_bits(
+    const psa_key_attributes_t *attributes)
+{
+    return( attributes->bits );
+}
+
 #endif /* PSA_CRYPTO_STRUCT_H */
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 637e07c..7f0f38c 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -45,10 +45,15 @@
  * \brief Function return status.
  *
  * This is either #PSA_SUCCESS (which is zero), indicating success,
- * or a nonzero value indicating that an error occurred. Errors are
- * encoded as one of the \c PSA_ERROR_xxx values defined here.
+ * or a small negative value indicating that an error occurred. Errors are
+ * encoded as one of the \c PSA_ERROR_xxx values defined here. */
+/* If #PSA_SUCCESS is already defined, it means that #psa_status_t
+ * is also defined in an external header, so prevent its multiple
+ * definition.
  */
+#ifndef PSA_SUCCESS
 typedef int32_t psa_status_t;
+#endif
 
 /**@}*/
 
@@ -63,6 +68,9 @@
 /** The type of PSA elliptic curve identifiers. */
 typedef uint16_t psa_ecc_curve_t;
 
+/** The type of PSA Diffie-Hellman group identifiers. */
+typedef uint16_t psa_dh_group_t;
+
 /** \brief Encoding of a cryptographic algorithm.
  *
  * For algorithms that can be applied to multiple key types, this type
@@ -80,12 +88,39 @@
  */
 
 /** Encoding of key lifetimes.
+ *
+ * The lifetime of a key indicates where it is stored and what system actions
+ * may create and destroy it.
+ *
+ * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically
+ * destroyed when the application terminates or on a power reset.
+ *
+ * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said
+ * to be _persistent_.
+ * Persistent keys are preserved if the application or the system restarts.
+ * Persistent keys have a key identifier of type #psa_key_id_t.
+ * The application can call psa_open_key() to open a persistent key that
+ * it created previously.
  */
 typedef uint32_t psa_key_lifetime_t;
 
 /** Encoding of identifiers of persistent keys.
+ *
+ * - Applications may freely choose key identifiers in the range
+ *   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
+ * - Implementations may define additional key identifiers in the range
+ *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
+ * - 0 is reserved as an invalid key identifier.
+ * - Key identifiers outside these ranges are reserved for future use.
  */
+/* Implementation-specific quirk: The Mbed Crypto library can be built as
+ * part of a multi-client service that exposes the PSA Crypto API in each
+ * client and encodes the client identity in the key id argument of functions
+ * such as psa_open_key(). In this build configuration, we define
+ * psa_key_id_t in crypto_platform.h instead of here. */
+#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
 typedef uint32_t psa_key_id_t;
+#endif
 
 /**@}*/
 
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index e0cc544..e9fb9ad 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -40,25 +40,17 @@
  * @{
  */
 
-#if !defined(PSA_SUCCESS)
-/* If PSA_SUCCESS is defined, assume that PSA crypto is being used
- * together with PSA IPC, which also defines the identifier
- * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case;
- * the other error code names don't clash. This is a temporary hack
- * until we unify error reporting in PSA IPC and PSA crypto.
- *
- * Note that psa_defs.h must be included before this header!
- */
+/* PSA error codes */
+
 /** The action was completed successfully. */
 #define PSA_SUCCESS ((psa_status_t)0)
-#endif /* !defined(PSA_SUCCESS) */
 
 /** An error occurred that does not correspond to any defined
  * failure cause.
  *
  * Implementations may use this error code if none of the other standard
  * error codes are applicable. */
-#define PSA_ERROR_UNKNOWN_ERROR         ((psa_status_t)1)
+#define PSA_ERROR_GENERIC_ERROR         ((psa_status_t)-132)
 
 /** The requested operation or a parameter is not supported
  * by this implementation.
@@ -67,7 +59,7 @@
  * parameter such as a key type, algorithm, etc. is not recognized.
  * If a combination of parameters is recognized and identified as
  * not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */
-#define PSA_ERROR_NOT_SUPPORTED         ((psa_status_t)2)
+#define PSA_ERROR_NOT_SUPPORTED         ((psa_status_t)-134)
 
 /** The requested action is denied by a policy.
  *
@@ -80,7 +72,7 @@
  * not valid or not supported, it is unspecified whether the function
  * returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or
  * #PSA_ERROR_INVALID_ARGUMENT. */
-#define PSA_ERROR_NOT_PERMITTED         ((psa_status_t)3)
+#define PSA_ERROR_NOT_PERMITTED         ((psa_status_t)-133)
 
 /** An output buffer is too small.
  *
@@ -92,23 +84,19 @@
  * buffer would succeed. However implementations may return this
  * error if a function has invalid or unsupported parameters in addition
  * to the parameters that determine the necessary output buffer size. */
-#define PSA_ERROR_BUFFER_TOO_SMALL      ((psa_status_t)4)
+#define PSA_ERROR_BUFFER_TOO_SMALL      ((psa_status_t)-138)
 
-/** A slot is occupied, but must be empty to carry out the
- * requested action.
+/** Asking for an item that already exists
  *
- * If a handle is invalid, it does not designate an occupied slot.
- * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
- */
-#define PSA_ERROR_OCCUPIED_SLOT         ((psa_status_t)5)
+ * Implementations should return this error, when attempting
+ * to write an item (like a key) that already exists. */
+#define PSA_ERROR_ALREADY_EXISTS        ((psa_status_t)-139)
 
-/** A slot is empty, but must be occupied to carry out the
- * requested action.
+/** Asking for an item that doesn't exist
  *
- * If a handle is invalid, it does not designate an empty slot.
- * The error for an invalid handle is #PSA_ERROR_INVALID_HANDLE.
- */
-#define PSA_ERROR_EMPTY_SLOT            ((psa_status_t)6)
+ * Implementations should return this error, if a requested item (like
+ * a key) does not exist. */
+#define PSA_ERROR_DOES_NOT_EXIST        ((psa_status_t)-140)
 
 /** The requested action cannot be performed in the current state.
  *
@@ -117,32 +105,31 @@
  * descriptions for permitted sequencing of functions.
  *
  * Implementations shall not return this error code to indicate
- * that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
- * as applicable. */
-#define PSA_ERROR_BAD_STATE             ((psa_status_t)7)
+ * that a key either exists or not,
+ * but shall instead return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
+ * as applicable.
+ *
+ * Implementations shall not return this error code to indicate that a
+ * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
+ * instead. */
+#define PSA_ERROR_BAD_STATE             ((psa_status_t)-137)
 
 /** The parameters passed to the function are invalid.
  *
  * Implementations may return this error any time a parameter or
  * combination of parameters are recognized as invalid.
  *
- * Implementations shall not return this error code to indicate
- * that a key slot is occupied when it needs to be free or vice versa,
- * but shall return #PSA_ERROR_OCCUPIED_SLOT or #PSA_ERROR_EMPTY_SLOT
- * as applicable.
- *
- * Implementation shall not return this error code to indicate that a
+ * Implementations shall not return this error code to indicate that a
  * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
  * instead.
  */
-#define PSA_ERROR_INVALID_ARGUMENT      ((psa_status_t)8)
+#define PSA_ERROR_INVALID_ARGUMENT      ((psa_status_t)-135)
 
 /** There is not enough runtime memory.
  *
  * If the action is carried out across multiple security realms, this
  * error can refer to available memory in any of the security realms. */
-#define PSA_ERROR_INSUFFICIENT_MEMORY   ((psa_status_t)9)
+#define PSA_ERROR_INSUFFICIENT_MEMORY   ((psa_status_t)-141)
 
 /** There is not enough persistent storage.
  *
@@ -151,7 +138,7 @@
  * many functions that do not otherwise access storage may return this
  * error code if the implementation requires a mandatory log entry for
  * the requested action and the log storage space is full. */
-#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)10)
+#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)-142)
 
 /** There was a communication failure inside the implementation.
  *
@@ -168,13 +155,13 @@
  * cryptoprocessor but there was a breakdown of communication before
  * the cryptoprocessor could report the status to the application.
  */
-#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)
+#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
 
 /** There was a storage failure that may have led to data loss.
  *
  * This error indicates that some persistent storage is corrupted.
  * It should not be used for a corruption of volatile memory
- * (use #PSA_ERROR_TAMPERING_DETECTED), for a communication error
+ * (use #PSA_ERROR_CORRUPTION_DETECTED), for a communication error
  * between the cryptoprocessor and its external storage (use
  * #PSA_ERROR_COMMUNICATION_FAILURE), or when the storage is
  * in a valid state but is full (use #PSA_ERROR_INSUFFICIENT_STORAGE).
@@ -193,13 +180,13 @@
  * permanent storage corruption. However application writers should
  * keep in mind that transient errors while reading the storage may be
  * reported using this error code. */
-#define PSA_ERROR_STORAGE_FAILURE       ((psa_status_t)12)
+#define PSA_ERROR_STORAGE_FAILURE       ((psa_status_t)-146)
 
 /** A hardware failure was detected.
  *
  * A hardware failure may be transient or permanent depending on the
  * cause. */
-#define PSA_ERROR_HARDWARE_FAILURE      ((psa_status_t)13)
+#define PSA_ERROR_HARDWARE_FAILURE      ((psa_status_t)-147)
 
 /** A tampering attempt was detected.
  *
@@ -230,7 +217,7 @@
  * This error indicates an attack against the application. Implementations
  * shall not return this error code as a consequence of the behavior of
  * the application itself. */
-#define PSA_ERROR_TAMPERING_DETECTED    ((psa_status_t)14)
+#define PSA_ERROR_CORRUPTION_DETECTED    ((psa_status_t)-151)
 
 /** There is not enough entropy to generate random data needed
  * for the requested action.
@@ -249,7 +236,7 @@
  * secure pseudorandom generator (PRNG). However implementations may return
  * this error at any time if a policy requires the PRNG to be reseeded
  * during normal operation. */
-#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)15)
+#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)-148)
 
 /** The signature, MAC or hash is incorrect.
  *
@@ -259,7 +246,7 @@
  *
  * If the value to verify has an invalid size, implementations may return
  * either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */
-#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)16)
+#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)-149)
 
 /** The decrypted padding is incorrect.
  *
@@ -275,17 +262,15 @@
  * as close as possible to indistinguishable to an external observer.
  * In particular, the timing of a decryption operation should not
  * depend on the validity of the padding. */
-#define PSA_ERROR_INVALID_PADDING       ((psa_status_t)17)
+#define PSA_ERROR_INVALID_PADDING       ((psa_status_t)-150)
 
-/** The generator has insufficient capacity left.
- *
- * Once a function returns this error, attempts to read from the
- * generator will always return this error. */
-#define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)
+/** Return this error when there's insufficient data when attempting
+ * to read from a resource. */
+#define PSA_ERROR_INSUFFICIENT_DATA     ((psa_status_t)-143)
 
 /** The key handle is not valid.
  */
-#define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)19)
+#define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)-136)
 
 /**@}*/
 
@@ -338,7 +323,7 @@
     (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
 /** Whether a key type is a key pair containing a private part and a public
  * part. */
-#define PSA_KEY_TYPE_IS_KEYPAIR(type)                                   \
+#define PSA_KEY_TYPE_IS_KEY_PAIR(type)                                   \
     (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
 /** The key pair type corresponding to a public key type.
  *
@@ -350,7 +335,7 @@
  *                  If \p type is not a public key or a key pair,
  *                  the return value is undefined.
  */
-#define PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY(type)        \
+#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type)        \
     ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
 /** The public key type corresponding to a key pair type.
  *
@@ -362,7 +347,7 @@
  *                  If \p type is not a public key or a key pair,
  *                  the return value is undefined.
  */
-#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type)        \
+#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type)        \
     ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
 
 /** Raw data.
@@ -388,7 +373,7 @@
  */
 #define PSA_KEY_TYPE_DERIVE                     ((psa_key_type_t)0x52000000)
 
-/** Key for an cipher, AEAD or MAC algorithm based on the AES block cipher.
+/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
  *
  * The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
  * 32 bytes (AES-256).
@@ -406,7 +391,7 @@
  */
 #define PSA_KEY_TYPE_DES                        ((psa_key_type_t)0x40000002)
 
-/** Key for an cipher, AEAD or MAC algorithm based on the
+/** Key for a cipher, AEAD or MAC algorithm based on the
  * Camellia block cipher. */
 #define PSA_KEY_TYPE_CAMELLIA                   ((psa_key_type_t)0x40000003)
 
@@ -416,40 +401,41 @@
  * legacy protocols. */
 #define PSA_KEY_TYPE_ARC4                       ((psa_key_type_t)0x40000004)
 
+/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
+ *
+ * ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
+ *
+ * Implementations must support 12-byte nonces, may support 8-byte nonces,
+ * and should reject other sizes.
+ */
+#define PSA_KEY_TYPE_CHACHA20                   ((psa_key_type_t)0x40000005)
+
 /** RSA public key. */
 #define PSA_KEY_TYPE_RSA_PUBLIC_KEY             ((psa_key_type_t)0x60010000)
 /** RSA key pair (private and public key). */
-#define PSA_KEY_TYPE_RSA_KEYPAIR                ((psa_key_type_t)0x70010000)
+#define PSA_KEY_TYPE_RSA_KEY_PAIR                ((psa_key_type_t)0x70010000)
 /** Whether a key type is an RSA key (pair or public-only). */
 #define PSA_KEY_TYPE_IS_RSA(type)                                       \
-    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
-
-/** DSA public key. */
-#define PSA_KEY_TYPE_DSA_PUBLIC_KEY             ((psa_key_type_t)0x60020000)
-/** DSA key pair (private and public key). */
-#define PSA_KEY_TYPE_DSA_KEYPAIR                ((psa_key_type_t)0x70020000)
-/** Whether a key type is an DSA key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_DSA(type)                                       \
-    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
+    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
 
 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE        ((psa_key_type_t)0x60030000)
-#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE           ((psa_key_type_t)0x70030000)
+#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE           ((psa_key_type_t)0x70030000)
 #define PSA_KEY_TYPE_ECC_CURVE_MASK             ((psa_key_type_t)0x0000ffff)
 /** Elliptic curve key pair. */
-#define PSA_KEY_TYPE_ECC_KEYPAIR(curve)         \
-    (PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))
+#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve)         \
+    (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
 /** Elliptic curve public key. */
 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)              \
     (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
 
 /** Whether a key type is an elliptic curve key (pair or public-only). */
 #define PSA_KEY_TYPE_IS_ECC(type)                                       \
-    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) &                        \
+    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &                        \
       ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
 /** Whether a key type is an elliptic curve key pair. */
-#define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type)                               \
+#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)                               \
     (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \
-     PSA_KEY_TYPE_ECC_KEYPAIR_BASE)
+     PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
 /** Whether a key type is an elliptic curve public key. */
 #define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)                            \
     (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \
@@ -494,17 +480,60 @@
 #define PSA_ECC_CURVE_BRAINPOOL_P256R1  ((psa_ecc_curve_t) 0x001a)
 #define PSA_ECC_CURVE_BRAINPOOL_P384R1  ((psa_ecc_curve_t) 0x001b)
 #define PSA_ECC_CURVE_BRAINPOOL_P512R1  ((psa_ecc_curve_t) 0x001c)
+/** Curve25519.
+ *
+ * This is the curve defined in Bernstein et al.,
+ * _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
+ * The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
+ */
 #define PSA_ECC_CURVE_CURVE25519        ((psa_ecc_curve_t) 0x001d)
+/** Curve448
+ *
+ * This is the curve defined in Hamburg,
+ * _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
+ * The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
+ */
 #define PSA_ECC_CURVE_CURVE448          ((psa_ecc_curve_t) 0x001e)
 
-/** Diffie-Hellman key exchange public key. */
-#define PSA_KEY_TYPE_DH_PUBLIC_KEY             ((psa_key_type_t)0x60040000)
-/** Diffie-Hellman key exchange key pair (private and public key). */
-#define PSA_KEY_TYPE_DH_KEYPAIR                ((psa_key_type_t)0x70040000)
-/** Whether a key type is a Diffie-Hellman key exchange key (pair or
- * public-only). */
-#define PSA_KEY_TYPE_IS_DH(type)                                       \
-    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DH_PUBLIC_KEY)
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE         ((psa_key_type_t)0x60040000)
+#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE            ((psa_key_type_t)0x70040000)
+#define PSA_KEY_TYPE_DH_GROUP_MASK              ((psa_key_type_t)0x0000ffff)
+/** Diffie-Hellman key pair. */
+#define PSA_KEY_TYPE_DH_KEY_PAIR(group)          \
+    (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
+/** Diffie-Hellman public key. */
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group)               \
+    (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
+
+/** Whether a key type is a Diffie-Hellman key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_DH(type)                                        \
+    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &                        \
+      ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
+/** Whether a key type is a Diffie-Hellman key pair. */
+#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)                               \
+    (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) ==                         \
+     PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
+/** Whether a key type is a Diffie-Hellman public key. */
+#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)                            \
+    (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) ==                         \
+     PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
+
+/** Extract the group from a Diffie-Hellman key type. */
+#define PSA_KEY_TYPE_GET_GROUP(type)                            \
+    ((psa_dh_group_t) (PSA_KEY_TYPE_IS_DH(type) ?               \
+                       ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) :  \
+                       0))
+
+/* The encoding of group identifiers is currently aligned with the
+ * TLS Supported Groups Registry (formerly known as the
+ * TLS EC Named Curve Registry)
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ * The values are defined by RFC 7919. */
+#define PSA_DH_GROUP_FFDHE2048          ((psa_dh_group_t) 0x0100)
+#define PSA_DH_GROUP_FFDHE3072          ((psa_dh_group_t) 0x0101)
+#define PSA_DH_GROUP_FFDHE4096          ((psa_dh_group_t) 0x0102)
+#define PSA_DH_GROUP_FFDHE6144          ((psa_dh_group_t) 0x0103)
+#define PSA_DH_GROUP_FFDHE8192          ((psa_dh_group_t) 0x0104)
 
 /** The block size of a block cipher.
  *
@@ -663,21 +692,21 @@
 /** SHA3-512 */
 #define PSA_ALG_SHA3_512                        ((psa_algorithm_t)0x01000013)
 
-/** Allow any hash algorithm.
+/** In a hash-and-sign algorithm policy, allow any hash algorithm.
  *
- * This value may only be used to form the algorithm usage field of a policy
- * for a signature algorithm that is parametrized by a hash. That is,
- * suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
+ * This value may be used to form the algorithm usage field of a policy
+ * for a signature algorithm that is parametrized by a hash. The key
+ * may then be used to perform operations using the same signature
+ * algorithm parametrized with any supported hash.
+ *
+ * That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
  * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
- * - #PSA_ALG_DSA, #PSA_ALG_DETERMINISTIC_DSA,
  * - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
- * Then you may create a key as follows:
+ * Then you may create and use a key as follows:
  * - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
  *   ```
- *   psa_key_policy_set_usage(&policy,
- *                            PSA_KEY_USAGE_SIGN, //or PSA_KEY_USAGE_VERIFY
- *                            PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
- *   psa_set_key_policy(handle, &policy);
+ *   psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN); // or VERIFY
+ *   psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
  *   ```
  * - Import or generate key material.
  * - Call psa_asymmetric_sign() or psa_asymmetric_verify(), passing
@@ -691,7 +720,7 @@
  *
  * This value may not be used to build other algorithms that are
  * parametrized over a hash. For any valid use of this macro to build
- * an algorithm `\p alg`, #PSA_ALG_IS_HASH_AND_SIGN(\p alg) is true.
+ * an algorithm \c alg, #PSA_ALG_IS_HASH_AND_SIGN(\c alg) is true.
  *
  * This value may not be used to build an algorithm specification to
  * perform an operation. It is only valid to build policies.
@@ -708,7 +737,7 @@
  *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
  *
  * \return              The corresponding HMAC algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_HMAC(hash_alg)                                  \
@@ -758,7 +787,7 @@
  *          algorithm is considered identical to the untruncated algorithm
  *          for policy comparison purposes.
  *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
  *                      is true). This may be a truncated or untruncated
  *                      MAC algorithm.
@@ -774,14 +803,14 @@
  *                      MAC algorithm or if \p mac_length is too small or
  *                      too large for the specified MAC algorithm.
  */
-#define PSA_ALG_TRUNCATED_MAC(alg, mac_length)                          \
-    (((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) |                           \
+#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length)                      \
+    (((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) |                       \
      ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
 
 /** Macro to build the base MAC algorithm corresponding to a truncated
  * MAC algorithm.
  *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
  *                      is true). This may be a truncated or untruncated
  *                      MAC algorithm.
@@ -790,12 +819,12 @@
  * \return              Unspecified if \p alg is not a supported
  *                      MAC algorithm.
  */
-#define PSA_ALG_FULL_LENGTH_MAC(alg)            \
-    ((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
+#define PSA_ALG_FULL_LENGTH_MAC(mac_alg)        \
+    ((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
 
 /** Length to which a MAC algorithm is truncated.
  *
- * \param alg           A MAC algorithm identifier (value of type
+ * \param mac_alg       A MAC algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
  *                      is true).
  *
@@ -804,8 +833,8 @@
  * \return              Unspecified if \p alg is not a supported
  *                      MAC algorithm.
  */
-#define PSA_MAC_TRUNCATED_LENGTH(alg)           \
-    (((alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
+#define PSA_MAC_TRUNCATED_LENGTH(mac_alg)                               \
+    (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
 
 #define PSA_ALG_CIPHER_MAC_BASE                 ((psa_algorithm_t)0x02c00000)
 #define PSA_ALG_CBC_MAC                         ((psa_algorithm_t)0x02c00001)
@@ -847,6 +876,18 @@
  */
 #define PSA_ALG_ARC4                            ((psa_algorithm_t)0x04800001)
 
+/** The ChaCha20 stream cipher.
+ *
+ * ChaCha20 is defined in RFC 7539.
+ *
+ * The nonce size for psa_cipher_set_iv() or psa_cipher_generate_iv()
+ * must be 12.
+ *
+ * The initial block counter is always 0.
+ *
+ */
+#define PSA_ALG_CHACHA20                        ((psa_algorithm_t)0x04800005)
+
 /** The CTR stream cipher mode.
  *
  * CTR is a stream cipher which is built from a block cipher.
@@ -885,13 +926,39 @@
  */
 #define PSA_ALG_CBC_PKCS7                       ((psa_algorithm_t)0x04600101)
 
+#define PSA_ALG_AEAD_FROM_BLOCK_FLAG            ((psa_algorithm_t)0x00400000)
+
+/** Whether the specified algorithm is an AEAD mode on a block cipher.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is an AEAD algorithm which is an AEAD mode based on
+ *         a block cipher, 0 otherwise.
+ *         This macro may return either 0 or 1 if \p alg is not a supported
+ *         algorithm identifier.
+ */
+#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg)    \
+    (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
+     (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
+
 /** The CCM authenticated encryption algorithm.
  */
-#define PSA_ALG_CCM                             ((psa_algorithm_t)0x06001001)
+#define PSA_ALG_CCM                             ((psa_algorithm_t)0x06401001)
 
 /** The GCM authenticated encryption algorithm.
  */
-#define PSA_ALG_GCM                             ((psa_algorithm_t)0x06001002)
+#define PSA_ALG_GCM                             ((psa_algorithm_t)0x06401002)
+
+/** The Chacha20-Poly1305 AEAD algorithm.
+ *
+ * The ChaCha20_Poly1305 construction is defined in RFC 7539.
+ *
+ * Implementations must support 12-byte nonces, may support 8-byte nonces,
+ * and should reject other sizes.
+ *
+ * Implementations must support 16-byte tags and should reject other sizes.
+ */
+#define PSA_ALG_CHACHA20_POLY1305               ((psa_algorithm_t)0x06001005)
 
 /* In the encoding of a AEAD algorithm, the bits corresponding to
  * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
@@ -907,7 +974,7 @@
  * Depending on the algorithm, the tag length may affect the calculation
  * of the ciphertext.
  *
- * \param alg           A AEAD algorithm identifier (value of type
+ * \param aead_alg      An AEAD algorithm identifier (value of type
  *                      #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
  *                      is true).
  * \param tag_length    Desired length of the authentication tag in bytes.
@@ -918,26 +985,27 @@
  *                      AEAD algorithm or if \p tag_length is not valid
  *                      for the specified AEAD algorithm.
  */
-#define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length)                   \
-    (((alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                          \
+#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length)              \
+    (((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) |                     \
      ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET &                      \
       PSA_ALG_AEAD_TAG_LENGTH_MASK))
 
 /** Calculate the corresponding AEAD algorithm with the default tag length.
  *
- * \param alg   An AEAD algorithm (\c PSA_ALG_XXX value such that
- *              #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param aead_alg      An AEAD algorithm (\c PSA_ALG_XXX value such that
+ *                      #PSA_ALG_IS_AEAD(\p alg) is true).
  *
- * \return      The corresponding AEAD algorithm with the default tag length
- *              for that algorithm.
+ * \return              The corresponding AEAD algorithm with the default
+ *                      tag length for that algorithm.
  */
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg)                       \
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg)                  \
     (                                                                   \
-        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_CCM)   \
-        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_GCM)   \
+        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) \
+        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) \
+        PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
         0)
-#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, ref) \
-    PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, 0) == \
+#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref)      \
+    PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) ==                        \
     PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ?  \
     ref :
 
@@ -954,7 +1022,7 @@
  *                      when specifying the algorithm in a usage policy.
  *
  * \return              The corresponding RSA PKCS#1 v1.5 signature algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)                             \
@@ -985,7 +1053,7 @@
  *                      when specifying the algorithm in a usage policy.
  *
  * \return              The corresponding RSA PSS signature algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_RSA_PSS(hash_alg)                               \
@@ -993,51 +1061,6 @@
 #define PSA_ALG_IS_RSA_PSS(alg)                                 \
     (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
 
-#define PSA_ALG_DSA_BASE                        ((psa_algorithm_t)0x10040000)
-/** DSA signature with hashing.
- *
- * This is the signature scheme defined by FIPS 186-4,
- * with a random per-message secret number (*k*).
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding DSA signature algorithm.
- * \return              Unspecified if \p alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_DSA(hash_alg)                             \
-    (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_DETERMINISTIC_DSA_BASE          ((psa_algorithm_t)0x10050000)
-#define PSA_ALG_DSA_DETERMINISTIC_FLAG          ((psa_algorithm_t)0x00010000)
-/** Deterministic DSA signature with hashing.
- *
- * This is the deterministic variant defined by RFC 6979 of
- * the signature scheme defined by FIPS 186-4.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding DSA signature algorithm.
- * \return              Unspecified if \p alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_DETERMINISTIC_DSA(hash_alg)                             \
-    (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_IS_DSA(alg)                                             \
-    (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \
-     PSA_ALG_DSA_BASE)
-#define PSA_ALG_DSA_IS_DETERMINISTIC(alg)               \
-    (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
-#define PSA_ALG_IS_DETERMINISTIC_DSA(alg)                       \
-    (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
-#define PSA_ALG_IS_RANDOMIZED_DSA(alg)                          \
-    (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
-
 #define PSA_ALG_ECDSA_BASE                      ((psa_algorithm_t)0x10060000)
 /** ECDSA signature with hashing.
  *
@@ -1056,7 +1079,7 @@
  *                      when specifying the algorithm in a usage policy.
  *
  * \return              The corresponding ECDSA signature algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_ECDSA(hash_alg)                                 \
@@ -1091,7 +1114,7 @@
  *
  * \return              The corresponding deterministic ECDSA signature
  *                      algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)                           \
@@ -1121,7 +1144,7 @@
  */
 #define PSA_ALG_IS_HASH_AND_SIGN(alg)                                   \
     (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
-     PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
+     PSA_ALG_IS_ECDSA(alg))
 
 /** Get the hash used by a hash-and-sign signature algorithm.
  *
@@ -1163,7 +1186,7 @@
  *                      for MGF1.
  *
  * \return              The corresponding RSA OAEP signature algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_RSA_OAEP(hash_alg)                              \
@@ -1181,19 +1204,19 @@
  * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
  *
  * This key derivation algorithm uses the following inputs:
- * - #PSA_KDF_STEP_SALT is the salt used in the "extract" step.
+ * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step.
  *   It is optional; if omitted, the derivation uses an empty salt.
- * - #PSA_KDF_STEP_SECRET is the secret key used in the "extract" step.
- * - #PSA_KDF_STEP_INFO is the info string used in the "expand" step.
- * You must pass #PSA_KDF_STEP_SALT before #PSA_KDF_STEP_SECRET.
- * You may pass #PSA_KDF_STEP_INFO at any time after steup and before
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key used in the "extract" step.
+ * - #PSA_KEY_DERIVATION_INPUT_INFO is the info string used in the "expand" step.
+ * You must pass #PSA_KEY_DERIVATION_INPUT_SALT before #PSA_KEY_DERIVATION_INPUT_SECRET.
+ * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before
  * starting to generate output.
  *
  * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
  *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
  *
  * \return              The corresponding HKDF algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_HKDF(hash_alg)                                  \
@@ -1221,11 +1244,14 @@
  * specified in Section 5 of RFC 5246. It is based on HMAC and can be
  * used with either SHA-256 or SHA-384.
  *
- * For the application to TLS-1.2, the salt and label arguments passed
- * to psa_key_derivation() are what's called 'seed' and 'label' in RFC 5246,
- * respectively. For example, for TLS key expansion, the salt is the
+ * This key derivation algorithm uses the following inputs:
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
+ * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
+ * - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
+ *
+ * For the application to TLS-1.2 key expansion, the seed is the
  * concatenation of ServerHello.Random + ClientHello.Random,
- * while the label is "key expansion".
+ * and the label is "key expansion".
  *
  * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
  * TLS 1.2 PRF using HMAC-SHA-256.
@@ -1234,7 +1260,7 @@
  *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
  *
  * \return              The corresponding TLS-1.2 PRF algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_TLS12_PRF(hash_alg)                                  \
@@ -1262,10 +1288,15 @@
  * The latter is based on HMAC and can be used with either SHA-256
  * or SHA-384.
  *
- * For the application to TLS-1.2, the salt passed to psa_key_derivation()
- * (and forwarded to the TLS-1.2 PRF) is the concatenation of the
- * ClientHello.Random + ServerHello.Random, while the label is "master secret"
- * or "extended master secret".
+ * This key derivation algorithm uses the following inputs:
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
+ * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
+ * - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
+ *
+ * For the application to TLS-1.2, the seed (which is
+ * forwarded to the TLS-1.2 PRF) is the concatenation of the
+ * ClientHello.Random + ServerHello.Random,
+ * and the label is "master secret" or "extended master secret".
  *
  * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
  * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
@@ -1274,7 +1305,7 @@
  *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
  *
  * \return              The corresponding TLS-1.2 PSK to MS algorithm.
- * \return              Unspecified if \p alg is not a supported
+ * \return              Unspecified if \p hash_alg is not a supported
  *                      hash algorithm.
  */
 #define PSA_ALG_TLS12_PSK_TO_MS(hash_alg)                                  \
@@ -1293,8 +1324,8 @@
 #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg)                         \
     (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
 
-#define PSA_ALG_KEY_DERIVATION_MASK             ((psa_algorithm_t)0x080fffff)
-#define PSA_ALG_KEY_AGREEMENT_MASK              ((psa_algorithm_t)0x10f00000)
+#define PSA_ALG_KEY_DERIVATION_MASK             ((psa_algorithm_t)0x0803ffff)
+#define PSA_ALG_KEY_AGREEMENT_MASK              ((psa_algorithm_t)0x10fc0000)
 
 /** Macro to build a combined algorithm that chains a key agreement with
  * a key derivation.
@@ -1342,8 +1373,7 @@
 
 /** The finite-field Diffie-Hellman (DH) key agreement algorithm.
  *
- * The shared secret produced by key agreement and passed as input to the
- * derivation or selection algorithm \p kdf_alg is the shared secret
+ * The shared secret produced by key agreement is
  * `g^{ab}` in big-endian format.
  * It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
  * in bits.
@@ -1352,8 +1382,9 @@
 
 /** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
  *
- * This includes every supported key selection or key agreement algorithm
- * for the output of the Diffie-Hellman calculation.
+ * This includes the raw finite field Diffie-Hellman algorithm as well as
+ * finite-field Diffie-Hellman followed by any supporter key derivation
+ * algorithm.
  *
  * \param alg An algorithm identifier (value of type #psa_algorithm_t).
  *
@@ -1394,8 +1425,9 @@
 /** Whether the specified algorithm is an elliptic curve Diffie-Hellman
  * algorithm.
  *
- * This includes every supported key selection or key agreement algorithm
- * for the output of the Diffie-Hellman calculation.
+ * This includes the raw elliptic curve Diffie-Hellman algorithm as well as
+ * elliptic curve Diffie-Hellman followed by any supporter key derivation
+ * algorithm.
  *
  * \param alg An algorithm identifier (value of type #psa_algorithm_t).
  *
@@ -1450,6 +1482,19 @@
  */
 #define PSA_KEY_LIFETIME_PERSISTENT             ((psa_key_lifetime_t)0x00000001)
 
+/** The minimum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_USER_MIN                     ((psa_key_id_t)0x00000001)
+/** The maximum value for a key identifier chosen by the application.
+ */
+#define PSA_KEY_ID_USER_MAX                     ((psa_key_id_t)0x3fffffff)
+/** The minimum value for a key identifier chosen by the implementation.
+ */
+#define PSA_KEY_ID_VENDOR_MIN                   ((psa_key_id_t)0x40000000)
+/** The maximum value for a key identifier chosen by the implementation.
+ */
+#define PSA_KEY_ID_VENDOR_MAX                   ((psa_key_id_t)0x7fffffff)
+
 /**@}*/
 
 /** \defgroup policy Key policies
@@ -1469,6 +1514,22 @@
  */
 #define PSA_KEY_USAGE_EXPORT                    ((psa_key_usage_t)0x00000001)
 
+/** Whether the key may be copied.
+ *
+ * This flag allows the use of psa_copy_key() to make a copy of the key
+ * with the same policy or a more restrictive policy.
+ *
+ * For lifetimes for which the key is located in a secure element which
+ * enforce the non-exportability of keys, copying a key outside the secure
+ * element also requires the usage flag #PSA_KEY_USAGE_EXPORT.
+ * Copying the key inside the secure element is permitted with just
+ * #PSA_KEY_USAGE_COPY if the secure element supports it.
+ * For keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE or
+ * #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
+ * is sufficient to permit the copy.
+ */
+#define PSA_KEY_USAGE_COPY                      ((psa_key_usage_t)0x00000002)
+
 /** Whether the key may be used to encrypt a message.
  *
  * This flag allows the key to be used for a symmetric encryption operation,
@@ -1525,25 +1586,31 @@
  *
  * This must be a key of type #PSA_KEY_TYPE_DERIVE.
  */
-#define PSA_KDF_STEP_SECRET              ((psa_key_derivation_step_t)0x0101)
+#define PSA_KEY_DERIVATION_INPUT_SECRET     ((psa_key_derivation_step_t)0x0101)
 
 /** A label for key derivation.
  *
  * This must be a direct input.
  */
-#define PSA_KDF_STEP_LABEL               ((psa_key_derivation_step_t)0x0201)
+#define PSA_KEY_DERIVATION_INPUT_LABEL      ((psa_key_derivation_step_t)0x0201)
 
 /** A salt for key derivation.
  *
  * This must be a direct input.
  */
-#define PSA_KDF_STEP_SALT                ((psa_key_derivation_step_t)0x0202)
+#define PSA_KEY_DERIVATION_INPUT_SALT       ((psa_key_derivation_step_t)0x0202)
 
 /** An information string for key derivation.
  *
  * This must be a direct input.
  */
-#define PSA_KDF_STEP_INFO                ((psa_key_derivation_step_t)0x0203)
+#define PSA_KEY_DERIVATION_INPUT_INFO       ((psa_key_derivation_step_t)0x0203)
+
+/** A seed for key derivation.
+ *
+ * This must be a direct input.
+ */
+#define PSA_KEY_DERIVATION_INPUT_SEED       ((psa_key_derivation_step_t)0x0204)
 
 /**@}*/
 
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 3b56c44..9039216 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -56,8 +56,7 @@
     psa_crypto.c
     psa_crypto_slot_management.c
     psa_crypto_storage.c
-    psa_crypto_storage_file.c
-    psa_crypto_storage_its.c
+    psa_its_file.c
     ripemd160.c
     rsa.c
     rsa_internal.c
@@ -179,7 +178,7 @@
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
     add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
     target_link_libraries(mbedcrypto ${libs})
     target_include_directories(mbedcrypto
         PUBLIC ${CMAKE_SOURCE_DIR}/include/
@@ -191,11 +190,11 @@
                 PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
     else()
         add_library(mbedx509 SHARED ${src_x509})
-        set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0)
+        set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0)
         target_link_libraries(mbedx509 ${libs} mbedcrypto)
 
         add_library(mbedtls SHARED ${src_tls})
-        set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12)
+        set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12)
         target_link_libraries(mbedtls ${libs} mbedx509)
 
         install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/Makefile b/library/Makefile
index 1822a24..6ed5e68 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -40,7 +40,7 @@
 SOEXT_X509=so.0
 SOEXT_CRYPTO=so.3
 
-# Set AR_DASH= (empty string) to use an ar implentation that does not accept
+# Set AR_DASH= (empty string) to use an ar implementation that does not accept
 # the - prefix for command line options (e.g. llvm-ar)
 AR_DASH ?= -
 
@@ -85,8 +85,7 @@
 		psa_crypto.o					\
 		psa_crypto_slot_management.o			\
 		psa_crypto_storage.o				\
-		psa_crypto_storage_file.o			\
-		psa_crypto_storage_its.o			\
+		psa_its_file.o					\
 		ripemd160.o	rsa_internal.o	rsa.o  		\
 		sha1.o		sha256.o	sha512.o	\
 		threading.o	timing.o	version.o	\
diff --git a/library/aes.c b/library/aes.c
index 3de571e..0543cd7 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -56,6 +56,12 @@
 
 #if !defined(MBEDTLS_AES_ALT)
 
+/* Parameter validation macros based on platform_util.h */
+#define AES_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
+#define AES_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * 32-bit integer manipulation macros (little endian)
  */
@@ -511,6 +517,8 @@
 
 void mbedtls_aes_init( mbedtls_aes_context *ctx )
 {
+    AES_VALIDATE( ctx != NULL );
+
     memset( ctx, 0, sizeof( mbedtls_aes_context ) );
 }
 
@@ -525,12 +533,17 @@
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
 {
+    AES_VALIDATE( ctx != NULL );
+
     mbedtls_aes_init( &ctx->crypt );
     mbedtls_aes_init( &ctx->tweak );
 }
 
 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
 {
+    if( ctx == NULL )
+        return;
+
     mbedtls_aes_free( &ctx->crypt );
     mbedtls_aes_free( &ctx->tweak );
 }
@@ -546,14 +559,8 @@
     unsigned int i;
     uint32_t *RK;
 
-#if !defined(MBEDTLS_AES_ROM_TABLES)
-    if( aes_init_done == 0 )
-    {
-        aes_gen_tables();
-        aes_init_done = 1;
-
-    }
-#endif
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( key != NULL );
 
     switch( keybits )
     {
@@ -563,6 +570,14 @@
         default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
     }
 
+#if !defined(MBEDTLS_AES_ROM_TABLES)
+    if( aes_init_done == 0 )
+    {
+        aes_gen_tables();
+        aes_init_done = 1;
+    }
+#endif
+
 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
     if( aes_padlock_ace == -1 )
         aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
@@ -662,6 +677,9 @@
     uint32_t *RK;
     uint32_t *SK;
 
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( key != NULL );
+
     mbedtls_aes_init( &cty );
 
 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
@@ -752,6 +770,9 @@
     const unsigned char *key1, *key2;
     unsigned int key1bits, key2bits;
 
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( key != NULL );
+
     ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
                                        &key2, &key2bits );
     if( ret != 0 )
@@ -774,6 +795,9 @@
     const unsigned char *key1, *key2;
     unsigned int key1bits, key2bits;
 
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( key != NULL );
+
     ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
                                        &key2, &key2bits );
     if( ret != 0 )
@@ -977,10 +1001,16 @@
  * AES-ECB block encryption/decryption
  */
 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] )
+                           int mode,
+                           const unsigned char input[16],
+                           unsigned char output[16] )
 {
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+                      mode == MBEDTLS_AES_DECRYPT );
+
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
         return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
@@ -1018,6 +1048,13 @@
     int i;
     unsigned char temp[16];
 
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+                      mode == MBEDTLS_AES_DECRYPT );
+    AES_VALIDATE_RET( iv != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+
     if( length % 16 )
         return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
 
@@ -1143,6 +1180,13 @@
     unsigned char prev_tweak[16];
     unsigned char tmp[16];
 
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+                      mode == MBEDTLS_AES_DECRYPT );
+    AES_VALIDATE_RET( data_unit != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+
     /* Data units must be at least 16 bytes long. */
     if( length < 16 )
         return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
@@ -1242,7 +1286,20 @@
                        unsigned char *output )
 {
     int c;
-    size_t n = *iv_off;
+    size_t n;
+
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+                      mode == MBEDTLS_AES_DECRYPT );
+    AES_VALIDATE_RET( iv_off != NULL );
+    AES_VALIDATE_RET( iv != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+
+    n = *iv_off;
+
+    if( n > 15 )
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
 
     if( mode == MBEDTLS_AES_DECRYPT )
     {
@@ -1280,15 +1337,21 @@
  * AES-CFB8 buffer encryption/decryption
  */
 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
+                            int mode,
+                            size_t length,
+                            unsigned char iv[16],
+                            const unsigned char *input,
+                            unsigned char *output )
 {
     unsigned char c;
     unsigned char ov[17];
 
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+                      mode == MBEDTLS_AES_DECRYPT );
+    AES_VALIDATE_RET( iv != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
     while( length-- )
     {
         memcpy( ov, iv, 16 );
@@ -1321,7 +1384,18 @@
                            unsigned char *output )
 {
     int ret = 0;
-    size_t n = *iv_off;
+    size_t n;
+
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( iv_off != NULL );
+    AES_VALIDATE_RET( iv != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+
+    n = *iv_off;
+
+    if( n > 15 )
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
 
     while( length-- )
     {
@@ -1356,7 +1430,16 @@
                        unsigned char *output )
 {
     int c, i;
-    size_t n = *nc_off;
+    size_t n;
+
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( nc_off != NULL );
+    AES_VALIDATE_RET( nonce_counter != NULL );
+    AES_VALIDATE_RET( stream_block != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+
+    n = *nc_off;
 
     if ( n > 0x0F )
         return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
diff --git a/library/aria.c b/library/aria.c
index ca9e147..aff66d6 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -55,6 +55,12 @@
 #define inline __inline
 #endif
 
+/* Parameter validation macros */
+#define ARIA_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
+#define ARIA_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * 32-bit integer manipulation macros (little endian)
  */
@@ -449,9 +455,11 @@
 
     int i;
     uint32_t w[4][4], *w2;
+    ARIA_VALIDATE_RET( ctx != NULL );
+    ARIA_VALIDATE_RET( key != NULL );
 
     if( keybits != 128 && keybits != 192 && keybits != 256 )
-        return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH );
+        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
 
     /* Copy key to W0 (and potential remainder to W1) */
     GET_UINT32_LE( w[0][0], key,  0 );
@@ -503,6 +511,8 @@
                              const unsigned char *key, unsigned int keybits )
 {
     int i, j, k, ret;
+    ARIA_VALIDATE_RET( ctx != NULL );
+    ARIA_VALIDATE_RET( key != NULL );
 
     ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
     if( ret != 0 )
@@ -539,6 +549,9 @@
     int i;
 
     uint32_t a, b, c, d;
+    ARIA_VALIDATE_RET( ctx != NULL );
+    ARIA_VALIDATE_RET( input != NULL );
+    ARIA_VALIDATE_RET( output != NULL );
 
     GET_UINT32_LE( a, input,  0 );
     GET_UINT32_LE( b, input,  4 );
@@ -586,6 +599,7 @@
 /* Initialize context */
 void mbedtls_aria_init( mbedtls_aria_context *ctx )
 {
+    ARIA_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_aria_context ) );
 }
 
@@ -612,6 +626,13 @@
     int i;
     unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
 
+    ARIA_VALIDATE_RET( ctx != NULL );
+    ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
+                       mode == MBEDTLS_ARIA_DECRYPT );
+    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
+    ARIA_VALIDATE_RET( length == 0 || output != NULL );
+    ARIA_VALIDATE_RET( iv != NULL );
+
     if( length % MBEDTLS_ARIA_BLOCKSIZE )
         return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
 
@@ -665,7 +686,23 @@
                                unsigned char *output )
 {
     unsigned char c;
-    size_t n = *iv_off;
+    size_t n;
+
+    ARIA_VALIDATE_RET( ctx != NULL );
+    ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
+                       mode == MBEDTLS_ARIA_DECRYPT );
+    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
+    ARIA_VALIDATE_RET( length == 0 || output != NULL );
+    ARIA_VALIDATE_RET( iv != NULL );
+    ARIA_VALIDATE_RET( iv_off != NULL );
+
+    n = *iv_off;
+
+    /* An overly large value of n can lead to an unlimited
+     * buffer overflow. Therefore, guard against this
+     * outside of parameter validation. */
+    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
+        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
 
     if( mode == MBEDTLS_ARIA_DECRYPT )
     {
@@ -713,7 +750,21 @@
                             unsigned char *output )
 {
     int c, i;
-    size_t n = *nc_off;
+    size_t n;
+
+    ARIA_VALIDATE_RET( ctx != NULL );
+    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
+    ARIA_VALIDATE_RET( length == 0 || output != NULL );
+    ARIA_VALIDATE_RET( nonce_counter != NULL );
+    ARIA_VALIDATE_RET( stream_block  != NULL );
+    ARIA_VALIDATE_RET( nc_off != NULL );
+
+    n = *nc_off;
+    /* An overly large value of n can lead to an unlimited
+     * buffer overflow. Therefore, guard against this
+     * outside of parameter validation. */
+    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
+        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
 
     while( length-- )
     {
diff --git a/library/asn1write.c b/library/asn1write.c
index d617de5..b54e26b 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -290,26 +290,75 @@
     return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
 }
 
+int mbedtls_asn1_write_named_bitstring( unsigned char **p,
+                                        unsigned char *start,
+                                        const unsigned char *buf,
+                                        size_t bits )
+{
+    size_t unused_bits, byte_len;
+    const unsigned char *cur_byte;
+    unsigned char cur_byte_shifted;
+    unsigned char bit;
+
+    byte_len = ( bits + 7 ) / 8;
+    unused_bits = ( byte_len * 8 ) - bits;
+
+    /*
+     * Named bitstrings require that trailing 0s are excluded in the encoding
+     * of the bitstring. Trailing 0s are considered part of the 'unused' bits
+     * when encoding this value in the first content octet
+     */
+    if( bits != 0 )
+    {
+        cur_byte = buf + byte_len - 1;
+        cur_byte_shifted = *cur_byte >> unused_bits;
+
+        for( ; ; )
+        {
+            bit = cur_byte_shifted & 0x1;
+            cur_byte_shifted >>= 1;
+
+            if( bit != 0 )
+                break;
+
+            bits--;
+            if( bits == 0 )
+                break;
+
+            if( bits % 8 == 0 )
+                cur_byte_shifted = *--cur_byte;
+        }
+    }
+
+    return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
+}
+
 int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
                           const unsigned char *buf, size_t bits )
 {
     int ret;
-    size_t len = 0, size;
+    size_t len = 0;
+    size_t unused_bits, byte_len;
 
-    size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
+    byte_len = ( bits + 7 ) / 8;
+    unused_bits = ( byte_len * 8 ) - bits;
 
-    // Calculate byte length
-    //
-    if( *p < start || (size_t)( *p - start ) < size + 1 )
+    if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
         return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-    len = size + 1;
-    (*p) -= size;
-    memcpy( *p, buf, size );
+    len = byte_len + 1;
 
-    // Write unused bits
-    //
-    *--(*p) = (unsigned char) (size * 8 - bits);
+    /* Write the bitstring. Ensure the unused bits are zeroed */
+    if( byte_len > 0 )
+    {
+        byte_len--;
+        *--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
+        ( *p ) -= byte_len;
+        memcpy( *p, buf, byte_len );
+    }
+
+    /* Write unused bits */
+    *--( *p ) = (unsigned char)unused_bits;
 
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
@@ -331,14 +380,36 @@
     return( (int) len );
 }
 
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
+
+/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
+ * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
+static mbedtls_asn1_named_data *asn1_find_named_data(
+                                               mbedtls_asn1_named_data *list,
+                                               const char *oid, size_t len )
+{
+    while( list != NULL )
+    {
+        if( list->oid.len == len &&
+            memcmp( list->oid.p, oid, len ) == 0 )
+        {
+            break;
+        }
+
+        list = list->next;
+    }
+
+    return( list );
+}
+
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
+                                        mbedtls_asn1_named_data **head,
                                         const char *oid, size_t oid_len,
                                         const unsigned char *val,
                                         size_t val_len )
 {
     mbedtls_asn1_named_data *cur;
 
-    if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+    if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
     {
         // Add new entry if not present yet based on OID
         //
diff --git a/library/bignum.c b/library/bignum.c
index ae5e7cf..592aa2e 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -59,6 +59,11 @@
 #define mbedtls_free       free
 #endif
 
+#define MPI_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
+#define MPI_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
 #define biL    (ciL << 3)               /* bits  in limb  */
 #define biH    (ciL << 2)               /* half limb size */
@@ -83,8 +88,7 @@
  */
 void mbedtls_mpi_init( mbedtls_mpi *X )
 {
-    if( X == NULL )
-        return;
+    MPI_VALIDATE( X != NULL );
 
     X->s = 1;
     X->n = 0;
@@ -116,6 +120,7 @@
 int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
 {
     mbedtls_mpi_uint *p;
+    MPI_VALIDATE_RET( X != NULL );
 
     if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
         return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
@@ -147,6 +152,10 @@
 {
     mbedtls_mpi_uint *p;
     size_t i;
+    MPI_VALIDATE_RET( X != NULL );
+
+    if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
+        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
 
     /* Actually resize up in this case */
     if( X->n <= nblimbs )
@@ -183,6 +192,8 @@
 {
     int ret = 0;
     size_t i;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( Y != NULL );
 
     if( X == Y )
         return( 0 );
@@ -222,6 +233,8 @@
 void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
 {
     mbedtls_mpi T;
+    MPI_VALIDATE( X != NULL );
+    MPI_VALIDATE( Y != NULL );
 
     memcpy( &T,  X, sizeof( mbedtls_mpi ) );
     memcpy(  X,  Y, sizeof( mbedtls_mpi ) );
@@ -237,6 +250,8 @@
 {
     int ret = 0;
     size_t i;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( Y != NULL );
 
     /* make sure assign is 0 or 1 in a time-constant manner */
     assign = (assign | (unsigned char)-assign) >> 7;
@@ -266,6 +281,8 @@
     int ret, s;
     size_t i;
     mbedtls_mpi_uint tmp;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( Y != NULL );
 
     if( X == Y )
         return( 0 );
@@ -298,6 +315,7 @@
 int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
 {
     int ret;
+    MPI_VALIDATE_RET( X != NULL );
 
     MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
     memset( X->p, 0, X->n * ciL );
@@ -315,12 +333,18 @@
  */
 int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
 {
+    MPI_VALIDATE_RET( X != NULL );
+
     if( X->n * biL <= pos )
         return( 0 );
 
     return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
 }
 
+/* Get a specific byte, without range checks. */
+#define GET_BYTE( X, i )                                \
+    ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff )
+
 /*
  * Set a bit to a specific value of 0 or 1
  */
@@ -329,6 +353,7 @@
     int ret = 0;
     size_t off = pos / biL;
     size_t idx = pos % biL;
+    MPI_VALIDATE_RET( X != NULL );
 
     if( val != 0 && val != 1 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -355,6 +380,7 @@
 size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
 {
     size_t i, j, count = 0;
+    MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 );
 
     for( i = 0; i < X->n; i++ )
         for( j = 0; j < biL; j++, count++ )
@@ -435,6 +461,8 @@
     size_t i, j, slen, n;
     mbedtls_mpi_uint d;
     mbedtls_mpi T;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( s != NULL );
 
     if( radix < 2 || radix > 16 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -499,26 +527,38 @@
 }
 
 /*
- * Helper to write the digits high-order first
+ * Helper to write the digits high-order first.
  */
-static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
+static int mpi_write_hlp( mbedtls_mpi *X, int radix,
+                          char **p, const size_t buflen )
 {
     int ret;
     mbedtls_mpi_uint r;
+    size_t length = 0;
+    char *p_end = *p + buflen;
 
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    do
+    {
+        if( length >= buflen )
+        {
+            return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+        /*
+         * Write the residue in the current position, as an ASCII character.
+         */
+        if( r < 0xA )
+            *(--p_end) = (char)( '0' + r );
+        else
+            *(--p_end) = (char)( 'A' + ( r - 0xA ) );
 
-    if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
-        MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
+        length++;
+    } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 );
 
-    if( r < 10 )
-        *(*p)++ = (char)( r + 0x30 );
-    else
-        *(*p)++ = (char)( r + 0x37 );
+    memmove( *p, p_end, length );
+    *p += length;
 
 cleanup:
 
@@ -535,6 +575,9 @@
     size_t n;
     char *p;
     mbedtls_mpi T;
+    MPI_VALIDATE_RET( X    != NULL );
+    MPI_VALIDATE_RET( olen != NULL );
+    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
 
     if( radix < 2 || radix > 16 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -588,7 +631,7 @@
         if( T.s == -1 )
             T.s = 1;
 
-        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
+        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) );
     }
 
     *p++ = '\0';
@@ -616,6 +659,12 @@
      */
     char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
 
+    MPI_VALIDATE_RET( X   != NULL );
+    MPI_VALIDATE_RET( fin != NULL );
+
+    if( radix < 2 || radix > 16 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
     memset( s, 0, sizeof( s ) );
     if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
         return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
@@ -647,6 +696,10 @@
      * newline characters and '\0'
      */
     char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
+    MPI_VALIDATE_RET( X != NULL );
+
+    if( radix < 2 || radix > 16 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
     memset( s, 0, sizeof( s ) );
 
@@ -674,13 +727,100 @@
 }
 #endif /* MBEDTLS_FS_IO */
 
+
+/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
+ * into the storage form used by mbedtls_mpi. */
+
+static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x )
+{
+    uint8_t i;
+    mbedtls_mpi_uint tmp = 0;
+    /* This works regardless of the endianness. */
+    for( i = 0; i < ciL; i++, x >>= 8 )
+        tmp |= ( x & 0xFF ) << ( ( ciL - 1 - i ) << 3 );
+    return( tmp );
+}
+
+static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x )
+{
+#if defined(__BYTE_ORDER__)
+
+/* Nothing to do on bigendian systems. */
+#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ )
+    return( x );
+#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */
+
+#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ )
+
+/* For GCC and Clang, have builtins for byte swapping. */
+#if defined(__GNUC__) && defined(__GNUC_PREREQ)
+#if __GNUC_PREREQ(4,3)
+#define have_bswap
+#endif
+#endif
+
+#if defined(__clang__) && defined(__has_builtin)
+#if __has_builtin(__builtin_bswap32)  &&                 \
+    __has_builtin(__builtin_bswap64)
+#define have_bswap
+#endif
+#endif
+
+#if defined(have_bswap)
+    /* The compiler is hopefully able to statically evaluate this! */
+    switch( sizeof(mbedtls_mpi_uint) )
+    {
+        case 4:
+            return( __builtin_bswap32(x) );
+        case 8:
+            return( __builtin_bswap64(x) );
+    }
+#endif
+#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */
+#endif /* __BYTE_ORDER__ */
+
+    /* Fall back to C-based reordering if we don't know the byte order
+     * or we couldn't use a compiler-specific builtin. */
+    return( mpi_uint_bigendian_to_host_c( x ) );
+}
+
+static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs )
+{
+    mbedtls_mpi_uint *cur_limb_left;
+    mbedtls_mpi_uint *cur_limb_right;
+    if( limbs == 0 )
+        return;
+
+    /*
+     * Traverse limbs and
+     * - adapt byte-order in each limb
+     * - swap the limbs themselves.
+     * For that, simultaneously traverse the limbs from left to right
+     * and from right to left, as long as the left index is not bigger
+     * than the right index (it's not a problem if limbs is odd and the
+     * indices coincide in the last iteration).
+     */
+    for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 );
+         cur_limb_left <= cur_limb_right;
+         cur_limb_left++, cur_limb_right-- )
+    {
+        mbedtls_mpi_uint tmp;
+        /* Note that if cur_limb_left == cur_limb_right,
+         * this code effectively swaps the bytes only once. */
+        tmp             = mpi_uint_bigendian_to_host( *cur_limb_left  );
+        *cur_limb_left  = mpi_uint_bigendian_to_host( *cur_limb_right );
+        *cur_limb_right = tmp;
+    }
+}
+
 /*
- * Import X from unsigned binary data, big endian
+ * Import X from unsigned binary data, little endian
  */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
+int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
+                                const unsigned char *buf, size_t buflen )
 {
     int ret;
-    size_t i, j;
+    size_t i;
     size_t const limbs = CHARS_TO_LIMBS( buflen );
 
     /* Ensure that target MPI has exactly the necessary number of limbs */
@@ -693,30 +833,142 @@
 
     MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
 
-    for( i = buflen, j = 0; i > 0; i--, j++ )
-        X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
+    for( i = 0; i < buflen; i++ )
+        X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
 
 cleanup:
 
+    /*
+     * This function is also used to import keys. However, wiping the buffers
+     * upon failure is not necessary because failure only can happen before any
+     * input is copied.
+     */
     return( ret );
 }
 
 /*
+ * Import X from unsigned binary data, big endian
+ */
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
+{
+    int ret;
+    size_t const limbs    = CHARS_TO_LIMBS( buflen );
+    size_t const overhead = ( limbs * ciL ) - buflen;
+    unsigned char *Xp;
+
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
+
+    /* Ensure that target MPI has exactly the necessary number of limbs */
+    if( X->n != limbs )
+    {
+        mbedtls_mpi_free( X );
+        mbedtls_mpi_init( X );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
+    }
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+    /* Avoid calling `memcpy` with NULL source argument,
+     * even if buflen is 0. */
+    if( buf != NULL )
+    {
+        Xp = (unsigned char*) X->p;
+        memcpy( Xp + overhead, buf, buflen );
+
+        mpi_bigendian_to_host( X->p, limbs );
+    }
+
+cleanup:
+
+    /*
+     * This function is also used to import keys. However, wiping the buffers
+     * upon failure is not necessary because failure only can happen before any
+     * input is copied.
+     */
+    return( ret );
+}
+
+/*
+ * Export X into unsigned binary data, little endian
+ */
+int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
+                                 unsigned char *buf, size_t buflen )
+{
+    size_t stored_bytes = X->n * ciL;
+    size_t bytes_to_copy;
+    size_t i;
+
+    if( stored_bytes < buflen )
+    {
+        bytes_to_copy = stored_bytes;
+    }
+    else
+    {
+        bytes_to_copy = buflen;
+
+        /* The output buffer is smaller than the allocated size of X.
+         * However X may fit if its leading bytes are zero. */
+        for( i = bytes_to_copy; i < stored_bytes; i++ )
+        {
+            if( GET_BYTE( X, i ) != 0 )
+                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        }
+    }
+
+    for( i = 0; i < bytes_to_copy; i++ )
+        buf[i] = GET_BYTE( X, i );
+
+    if( stored_bytes < buflen )
+    {
+        /* Write trailing 0 bytes */
+        memset( buf + stored_bytes, 0, buflen - stored_bytes );
+    }
+
+    return( 0 );
+}
+
+/*
  * Export X into unsigned binary data, big endian
  */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X,
+                              unsigned char *buf, size_t buflen )
 {
-    size_t i, j, n;
+    size_t stored_bytes;
+    size_t bytes_to_copy;
+    unsigned char *p;
+    size_t i;
 
-    n = mbedtls_mpi_size( X );
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
 
-    if( buflen < n )
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+    stored_bytes = X->n * ciL;
 
-    memset( buf, 0, buflen );
+    if( stored_bytes < buflen )
+    {
+        /* There is enough space in the output buffer. Write initial
+         * null bytes and record the position at which to start
+         * writing the significant bytes. In this case, the execution
+         * trace of this function does not depend on the value of the
+         * number. */
+        bytes_to_copy = stored_bytes;
+        p = buf + buflen - stored_bytes;
+        memset( buf, 0, buflen - stored_bytes );
+    }
+    else
+    {
+        /* The output buffer is smaller than the allocated size of X.
+         * However X may fit if its leading bytes are zero. */
+        bytes_to_copy = buflen;
+        p = buf;
+        for( i = bytes_to_copy; i < stored_bytes; i++ )
+        {
+            if( GET_BYTE( X, i ) != 0 )
+                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        }
+    }
 
-    for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
-        buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
+    for( i = 0; i < bytes_to_copy; i++ )
+        p[bytes_to_copy - i - 1] = GET_BYTE( X, i );
 
     return( 0 );
 }
@@ -729,6 +981,7 @@
     int ret;
     size_t i, v0, t1;
     mbedtls_mpi_uint r0 = 0, r1;
+    MPI_VALIDATE_RET( X != NULL );
 
     v0 = count / (biL    );
     t1 = count & (biL - 1);
@@ -778,6 +1031,7 @@
 {
     size_t i, v0, v1;
     mbedtls_mpi_uint r0 = 0, r1;
+    MPI_VALIDATE_RET( X != NULL );
 
     v0 = count /  biL;
     v1 = count & (biL - 1);
@@ -820,6 +1074,8 @@
 int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
 {
     size_t i, j;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( Y != NULL );
 
     for( i = X->n; i > 0; i-- )
         if( X->p[i - 1] != 0 )
@@ -850,6 +1106,8 @@
 int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
 {
     size_t i, j;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( Y != NULL );
 
     for( i = X->n; i > 0; i-- )
         if( X->p[i - 1] != 0 )
@@ -884,6 +1142,7 @@
 {
     mbedtls_mpi Y;
     mbedtls_mpi_uint p[1];
+    MPI_VALIDATE_RET( X != NULL );
 
     *p  = ( z < 0 ) ? -z : z;
     Y.s = ( z < 0 ) ? -1 : 1;
@@ -901,6 +1160,9 @@
     int ret;
     size_t i, j;
     mbedtls_mpi_uint *o, *p, c, tmp;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
 
     if( X == B )
     {
@@ -978,6 +1240,9 @@
     mbedtls_mpi TB;
     int ret;
     size_t n;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
 
     if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
         return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
@@ -1018,8 +1283,12 @@
  */
 int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
 {
-    int ret, s = A->s;
+    int ret, s;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
 
+    s = A->s;
     if( A->s * B->s < 0 )
     {
         if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
@@ -1049,8 +1318,12 @@
  */
 int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
 {
-    int ret, s = A->s;
+    int ret, s;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
 
+    s = A->s;
     if( A->s * B->s > 0 )
     {
         if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
@@ -1082,6 +1355,8 @@
 {
     mbedtls_mpi _B;
     mbedtls_mpi_uint p[1];
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
 
     p[0] = ( b < 0 ) ? -b : b;
     _B.s = ( b < 0 ) ? -1 : 1;
@@ -1098,6 +1373,8 @@
 {
     mbedtls_mpi _B;
     mbedtls_mpi_uint p[1];
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
 
     p[0] = ( b < 0 ) ? -b : b;
     _B.s = ( b < 0 ) ? -1 : 1;
@@ -1187,6 +1464,9 @@
     int ret;
     size_t i, j;
     mbedtls_mpi TA, TB;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
 
     mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
 
@@ -1223,6 +1503,8 @@
 {
     mbedtls_mpi _B;
     mbedtls_mpi_uint p[1];
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
 
     _B.s = 1;
     _B.n = 1;
@@ -1331,11 +1613,14 @@
 /*
  * Division by mbedtls_mpi: A = Q * B + R  (HAC 14.20)
  */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+                         const mbedtls_mpi *B )
 {
     int ret;
     size_t i, n, t, k;
     mbedtls_mpi X, Y, Z, T1, T2;
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
 
     if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
         return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
@@ -1446,10 +1731,13 @@
 /*
  * Division by int: A = Q * b + R
  */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
+                         const mbedtls_mpi *A,
+                         mbedtls_mpi_sint b )
 {
     mbedtls_mpi _B;
     mbedtls_mpi_uint p[1];
+    MPI_VALIDATE_RET( A != NULL );
 
     p[0] = ( b < 0 ) ? -b : b;
     _B.s = ( b < 0 ) ? -1 : 1;
@@ -1465,6 +1753,9 @@
 int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
 {
     int ret;
+    MPI_VALIDATE_RET( R != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
 
     if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
         return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
@@ -1489,6 +1780,8 @@
 {
     size_t i;
     mbedtls_mpi_uint x, y, z;
+    MPI_VALIDATE_RET( r != NULL );
+    MPI_VALIDATE_RET( A != NULL );
 
     if( b == 0 )
         return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
@@ -1602,7 +1895,8 @@
 /*
  * Montgomery reduction: A = A * R^-1 mod N
  */
-static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
+static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
+                        mbedtls_mpi_uint mm, const mbedtls_mpi *T )
 {
     mbedtls_mpi_uint z = 1;
     mbedtls_mpi U;
@@ -1616,7 +1910,9 @@
 /*
  * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
  */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
+                         const mbedtls_mpi *E, const mbedtls_mpi *N,
+                         mbedtls_mpi *_RR )
 {
     int ret;
     size_t wbits, wsize, one = 1;
@@ -1626,6 +1922,11 @@
     mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
     int neg;
 
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( E != NULL );
+    MPI_VALIDATE_RET( N != NULL );
+
     if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
@@ -1645,8 +1946,10 @@
     wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
             ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
 
+#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
     if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
         wsize = MBEDTLS_MPI_WINDOW_SIZE;
+#endif
 
     j = N->n + 1;
     MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
@@ -1830,6 +2133,10 @@
     size_t lz, lzt;
     mbedtls_mpi TG, TA, TB;
 
+    MPI_VALIDATE_RET( G != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
+
     mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
 
     MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
@@ -1885,16 +2192,28 @@
                      void *p_rng )
 {
     int ret;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    size_t const limbs = CHARS_TO_LIMBS( size );
+    size_t const overhead = ( limbs * ciL ) - size;
+    unsigned char *Xp;
 
-    if( size > MBEDTLS_MPI_MAX_SIZE )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    MPI_VALIDATE_RET( X     != NULL );
+    MPI_VALIDATE_RET( f_rng != NULL );
 
-    MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
+    /* Ensure that target MPI has exactly the necessary number of limbs */
+    if( X->n != limbs )
+    {
+        mbedtls_mpi_free( X );
+        mbedtls_mpi_init( X );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
+    }
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+    Xp = (unsigned char*) X->p;
+    f_rng( p_rng, Xp + overhead, size );
+
+    mpi_bigendian_to_host( X->p, limbs );
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
     return( ret );
 }
 
@@ -1905,6 +2224,9 @@
 {
     int ret;
     mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( N != NULL );
 
     if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -2064,7 +2386,11 @@
     size_t i, j, k, s;
     mbedtls_mpi W, R, T, A, RR;
 
-    mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
+    MPI_VALIDATE_RET( X     != NULL );
+    MPI_VALIDATE_RET( f_rng != NULL );
+
+    mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R );
+    mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
     mbedtls_mpi_init( &RR );
 
     /*
@@ -2136,7 +2462,8 @@
     }
 
 cleanup:
-    mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
+    mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R );
+    mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
     mbedtls_mpi_free( &RR );
 
     return( ret );
@@ -2151,6 +2478,8 @@
 {
     int ret;
     mbedtls_mpi XX;
+    MPI_VALIDATE_RET( X     != NULL );
+    MPI_VALIDATE_RET( f_rng != NULL );
 
     XX.s = 1;
     XX.n = X->n;
@@ -2182,12 +2511,15 @@
                   int (*f_rng)(void *, unsigned char *, size_t),
                   void *p_rng )
 {
+    MPI_VALIDATE_RET( X     != NULL );
+    MPI_VALIDATE_RET( f_rng != NULL );
+
     /*
      * In the past our key generation aimed for an error rate of at most
      * 2^-80. Since this function is deprecated, aim for the same certainty
      * here as well.
      */
-    return mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng );
+    return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) );
 }
 #endif
 
@@ -2215,6 +2547,9 @@
     mbedtls_mpi_uint r;
     mbedtls_mpi Y;
 
+    MPI_VALIDATE_RET( X     != NULL );
+    MPI_VALIDATE_RET( f_rng != NULL );
+
     if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
diff --git a/library/blowfish.c b/library/blowfish.c
index 5b6bb98..cbf9238 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -40,6 +40,12 @@
 
 #if !defined(MBEDTLS_BLOWFISH_ALT)
 
+/* Parameter validation macros */
+#define BLOWFISH_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA )
+#define BLOWFISH_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * 32-bit integer manipulation macros (big endian)
  */
@@ -153,6 +159,7 @@
 
 void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
 {
+    BLOWFISH_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
 }
 
@@ -167,16 +174,20 @@
 /*
  * Blowfish key schedule
  */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
-                     unsigned int keybits )
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
+                             const unsigned char *key,
+                             unsigned int keybits )
 {
     unsigned int i, j, k;
     uint32_t data, datal, datar;
+    BLOWFISH_VALIDATE_RET( ctx != NULL );
+    BLOWFISH_VALIDATE_RET( key != NULL );
 
-    if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
-        ( keybits % 8 ) )
+    if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS    ||
+        keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS    ||
+        keybits % 8 != 0 )
     {
-        return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH );
+        return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
     }
 
     keybits >>= 3;
@@ -231,6 +242,11 @@
                     unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
 {
     uint32_t X0, X1;
+    BLOWFISH_VALIDATE_RET( ctx != NULL );
+    BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+                           mode == MBEDTLS_BLOWFISH_DECRYPT );
+    BLOWFISH_VALIDATE_RET( input  != NULL );
+    BLOWFISH_VALIDATE_RET( output != NULL );
 
     GET_UINT32_BE( X0, input,  0 );
     GET_UINT32_BE( X1, input,  4 );
@@ -263,6 +279,12 @@
 {
     int i;
     unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
+    BLOWFISH_VALIDATE_RET( ctx != NULL );
+    BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+                           mode == MBEDTLS_BLOWFISH_DECRYPT );
+    BLOWFISH_VALIDATE_RET( iv != NULL );
+    BLOWFISH_VALIDATE_RET( length == 0 || input  != NULL );
+    BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
 
     if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
         return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
@@ -317,7 +339,19 @@
                        unsigned char *output )
 {
     int c;
-    size_t n = *iv_off;
+    size_t n;
+
+    BLOWFISH_VALIDATE_RET( ctx != NULL );
+    BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+                           mode == MBEDTLS_BLOWFISH_DECRYPT );
+    BLOWFISH_VALIDATE_RET( iv     != NULL );
+    BLOWFISH_VALIDATE_RET( iv_off != NULL );
+    BLOWFISH_VALIDATE_RET( length == 0 || input  != NULL );
+    BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
+
+    n = *iv_off;
+    if( n >= 8 )
+        return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
 
     if( mode == MBEDTLS_BLOWFISH_DECRYPT )
     {
@@ -365,7 +399,17 @@
                        unsigned char *output )
 {
     int c, i;
-    size_t n = *nc_off;
+    size_t n;
+    BLOWFISH_VALIDATE_RET( ctx != NULL );
+    BLOWFISH_VALIDATE_RET( nonce_counter != NULL );
+    BLOWFISH_VALIDATE_RET( stream_block  != NULL );
+    BLOWFISH_VALIDATE_RET( nc_off != NULL );
+    BLOWFISH_VALIDATE_RET( length == 0 || input  != NULL );
+    BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
+
+    n = *nc_off;
+    if( n >= 8 )
+        return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
 
     while( length-- )
     {
diff --git a/library/camellia.c b/library/camellia.c
index 41b7da0..22262b8 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -49,6 +49,12 @@
 
 #if !defined(MBEDTLS_CAMELLIA_ALT)
 
+/* Parameter validation macros */
+#define CAMELLIA_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
+#define CAMELLIA_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * 32-bit integer manipulation macros (big endian)
  */
@@ -321,6 +327,7 @@
 
 void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
 {
+    CAMELLIA_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
 }
 
@@ -335,8 +342,9 @@
 /*
  * Camellia key schedule (encryption)
  */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits )
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
+                                 const unsigned char *key,
+                                 unsigned int keybits )
 {
     int idx;
     size_t i;
@@ -346,6 +354,9 @@
     uint32_t KC[16];
     uint32_t TK[20];
 
+    CAMELLIA_VALIDATE_RET( ctx != NULL );
+    CAMELLIA_VALIDATE_RET( key != NULL );
+
     RK = ctx->rk;
 
     memset( t, 0, 64 );
@@ -356,7 +367,7 @@
         case 128: ctx->nr = 3; idx = 0; break;
         case 192:
         case 256: ctx->nr = 4; idx = 1; break;
-        default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
+        default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
     }
 
     for( i = 0; i < keybits / 8; ++i )
@@ -440,14 +451,17 @@
 /*
  * Camellia key schedule (decryption)
  */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits )
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
+                                 const unsigned char *key,
+                                 unsigned int keybits )
 {
     int idx, ret;
     size_t i;
     mbedtls_camellia_context cty;
     uint32_t *RK;
     uint32_t *SK;
+    CAMELLIA_VALIDATE_RET( ctx != NULL );
+    CAMELLIA_VALIDATE_RET( key != NULL );
 
     mbedtls_camellia_init( &cty );
 
@@ -495,6 +509,11 @@
 {
     int NR;
     uint32_t *RK, X[4];
+    CAMELLIA_VALIDATE_RET( ctx != NULL );
+    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+                           mode == MBEDTLS_CAMELLIA_DECRYPT );
+    CAMELLIA_VALIDATE_RET( input  != NULL );
+    CAMELLIA_VALIDATE_RET( output != NULL );
 
     ( (void) mode );
 
@@ -552,14 +571,20 @@
  * Camellia-CBC buffer encryption/decryption
  */
 int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output )
+                                int mode,
+                                size_t length,
+                                unsigned char iv[16],
+                                const unsigned char *input,
+                                unsigned char *output )
 {
     int i;
     unsigned char temp[16];
+    CAMELLIA_VALIDATE_RET( ctx != NULL );
+    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+                           mode == MBEDTLS_CAMELLIA_DECRYPT );
+    CAMELLIA_VALIDATE_RET( iv != NULL );
+    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
+    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
 
     if( length % 16 )
         return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
@@ -614,7 +639,18 @@
                        unsigned char *output )
 {
     int c;
-    size_t n = *iv_off;
+    size_t n;
+    CAMELLIA_VALIDATE_RET( ctx != NULL );
+    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+                           mode == MBEDTLS_CAMELLIA_DECRYPT );
+    CAMELLIA_VALIDATE_RET( iv     != NULL );
+    CAMELLIA_VALIDATE_RET( iv_off != NULL );
+    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
+    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+
+    n = *iv_off;
+    if( n >= 16 )
+        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
 
     if( mode == MBEDTLS_CAMELLIA_DECRYPT )
     {
@@ -662,7 +698,17 @@
                        unsigned char *output )
 {
     int c, i;
-    size_t n = *nc_off;
+    size_t n;
+    CAMELLIA_VALIDATE_RET( ctx != NULL );
+    CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
+    CAMELLIA_VALIDATE_RET( stream_block  != NULL );
+    CAMELLIA_VALIDATE_RET( nc_off != NULL );
+    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
+    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+
+    n = *nc_off;
+    if( n >= 16 )
+        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
 
     while( length-- )
     {
diff --git a/library/ccm.c b/library/ccm.c
index 90cab8e..2c87b3e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -52,6 +52,11 @@
 
 #if !defined(MBEDTLS_CCM_ALT)
 
+#define CCM_VALIDATE_RET( cond ) \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
+#define CCM_VALIDATE( cond ) \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #define CCM_ENCRYPT 0
 #define CCM_DECRYPT 1
 
@@ -60,6 +65,7 @@
  */
 void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
 {
+    CCM_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
 }
 
@@ -71,7 +77,11 @@
     int ret;
     const mbedtls_cipher_info_t *cipher_info;
 
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( key != NULL );
+
+    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
+                                                   MBEDTLS_MODE_ECB );
     if( cipher_info == NULL )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
@@ -97,6 +107,8 @@
  */
 void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
 {
+    if( ctx == NULL )
+        return;
     mbedtls_cipher_free( &ctx->cipher_ctx );
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
 }
@@ -310,6 +322,12 @@
                          const unsigned char *input, unsigned char *output,
                          unsigned char *tag, size_t tag_len )
 {
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+    CCM_VALIDATE_RET( length == 0 || input != NULL );
+    CCM_VALIDATE_RET( length == 0 || output != NULL );
+    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
     return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
                             add, add_len, input, output, tag, tag_len ) );
 }
@@ -320,6 +338,12 @@
                          const unsigned char *input, unsigned char *output,
                          unsigned char *tag, size_t tag_len )
 {
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+    CCM_VALIDATE_RET( length == 0 || input != NULL );
+    CCM_VALIDATE_RET( length == 0 || output != NULL );
+    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
     if( tag_len == 0 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
@@ -341,6 +365,13 @@
     unsigned char i;
     int diff;
 
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+    CCM_VALIDATE_RET( length == 0 || input != NULL );
+    CCM_VALIDATE_RET( length == 0 || output != NULL );
+    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
     if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
                                 iv, iv_len, add, add_len,
                                 input, output, check_tag, tag_len ) ) != 0 )
@@ -367,6 +398,13 @@
                       const unsigned char *input, unsigned char *output,
                       const unsigned char *tag, size_t tag_len )
 {
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+    CCM_VALIDATE_RET( length == 0 || input != NULL );
+    CCM_VALIDATE_RET( length == 0 || output != NULL );
+    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
     if( tag_len == 0 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
@@ -386,34 +424,34 @@
 /*
  * The data is the same for all tests, only the used length changes
  */
-static const unsigned char key[] = {
+static const unsigned char key_test_data[] = {
     0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
     0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
 };
 
-static const unsigned char iv[] = {
+static const unsigned char iv_test_data[] = {
     0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
     0x18, 0x19, 0x1a, 0x1b
 };
 
-static const unsigned char ad[] = {
+static const unsigned char ad_test_data[] = {
     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
     0x10, 0x11, 0x12, 0x13
 };
 
-static const unsigned char msg[CCM_SELFTEST_PT_MAX_LEN] = {
+static const unsigned char msg_test_data[CCM_SELFTEST_PT_MAX_LEN] = {
     0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
     0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
     0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
 };
 
-static const size_t iv_len [NB_TESTS] = { 7, 8,  12 };
-static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
-static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
-static const size_t tag_len[NB_TESTS] = { 4, 6,  8  };
+static const size_t iv_len_test_data [NB_TESTS] = { 7, 8,  12 };
+static const size_t add_len_test_data[NB_TESTS] = { 8, 16, 20 };
+static const size_t msg_len_test_data[NB_TESTS] = { 4, 16, 24 };
+static const size_t tag_len_test_data[NB_TESTS] = { 4, 6,  8  };
 
-static const unsigned char res[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
+static const unsigned char res_test_data[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
     {   0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
     {   0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
         0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
@@ -439,7 +477,8 @@
 
     mbedtls_ccm_init( &ctx );
 
-    if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 )
+    if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
+                            8 * sizeof key_test_data ) != 0 )
     {
         if( verbose != 0 )
             mbedtls_printf( "  CCM: setup failed" );
@@ -454,15 +493,18 @@
 
         memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
         memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
-        memcpy( plaintext, msg, msg_len[i] );
+        memcpy( plaintext, msg_test_data, msg_len_test_data[i] );
 
-        ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len[i],
-                                           iv, iv_len[i], ad, add_len[i],
+        ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i],
+                                           iv_test_data, iv_len_test_data[i],
+                                           ad_test_data, add_len_test_data[i],
                                            plaintext, ciphertext,
-                                           ciphertext + msg_len[i], tag_len[i] );
+                                           ciphertext + msg_len_test_data[i],
+                                           tag_len_test_data[i] );
 
         if( ret != 0 ||
-            memcmp( ciphertext, res[i], msg_len[i] + tag_len[i] ) != 0 )
+            memcmp( ciphertext, res_test_data[i],
+                    msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed\n" );
@@ -471,13 +513,15 @@
         }
         memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
 
-        ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len[i],
-                                        iv, iv_len[i], ad, add_len[i],
+        ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i],
+                                        iv_test_data, iv_len_test_data[i],
+                                        ad_test_data, add_len_test_data[i],
                                         ciphertext, plaintext,
-                                        ciphertext + msg_len[i], tag_len[i] );
+                                        ciphertext + msg_len_test_data[i],
+                                        tag_len_test_data[i] );
 
         if( ret != 0 ||
-            memcmp( plaintext, msg, msg_len[i] ) != 0 )
+            memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed\n" );
diff --git a/library/certs.c b/library/certs.c
index ff0f11e..b54ff61 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -116,7 +116,6 @@
 #endif /* MBEDTLS_ECDSA_C */
 
 #if defined(MBEDTLS_RSA_C)
-
 #if defined(MBEDTLS_SHA256_C)
 #define TEST_CA_CRT_RSA_SHA256                                          \
 "-----BEGIN CERTIFICATE-----\r\n"                                       \
@@ -141,13 +140,11 @@
 "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n"      \
 "-----END CERTIFICATE-----\r\n"
 
+static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
 const char   mbedtls_test_ca_crt_rsa[]   = TEST_CA_CRT_RSA_SHA256;
 const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
 #define TEST_CA_CRT_RSA_SOME
-
-static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
-
-#endif
+#endif /* MBEDTLS_SHA256_C */
 
 #if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C)
 #define TEST_CA_CRT_RSA_SHA1                                            \
@@ -173,14 +170,72 @@
 "7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n"      \
 "-----END CERTIFICATE-----\r\n"
 
+static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
+
 #if !defined (TEST_CA_CRT_RSA_SOME)
 const char   mbedtls_test_ca_crt_rsa[]   = TEST_CA_CRT_RSA_SHA1;
 const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
-#endif
+#endif /* !TEST_CA_CRT_RSA_SOME */
+#endif /* !TEST_CA_CRT_RSA_COME || MBEDTLS_SHA1_C */
 
-static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
+#if defined(MBEDTLS_SHA256_C)
+/* tests/data_files/server2-sha256.crt */
+#define TEST_SRV_CRT_RSA_SHA256                                          \
+"-----BEGIN CERTIFICATE-----\r\n"                                        \
+"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n"   \
+"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"   \
+"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"   \
+"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"   \
+"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"   \
+"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"   \
+"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"   \
+"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"   \
+"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"   \
+"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"   \
+"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"   \
+"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAGGEshT5\r\n"   \
+"kvnRmLVScVeUEdwIrvW7ezbGbUvJ8VxeJ79/HSjlLiGbMc4uUathwtzEdi9R/4C5\r\n"   \
+"DXBNeEPTkbB+fhG1W06iHYj/Dp8+aaG7fuDxKVKHVZSqBnmQLn73ymyclZNHii5A\r\n"   \
+"3nTS8WUaHAzxN/rajOtoM7aH1P9tULpHrl+7HOeLMpxUnwI12ZqZaLIzxbcdJVcr\r\n"   \
+"ra2F00aXCGkYVLvyvbZIq7LC+yVysej5gCeQYD7VFOEks0jhFjrS06gP0/XnWv6v\r\n"   \
+"eBoPez9d+CCjkrhseiWzXOiriIMICX48EloO/DrsMRAtvlwq7EDz4QhILz6ffndm\r\n"   \
+"e4K1cVANRPN2o9Y=\r\n"                                                   \
+"-----END CERTIFICATE-----\r\n"
 
-#endif
+const char mbedtls_test_srv_crt_rsa[]     =  TEST_SRV_CRT_RSA_SHA256;
+const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
+#define TEST_SRV_CRT_RSA_SOME
+#endif /* MBEDTLS_SHA256_C */
+
+#if !defined(TEST_SRV_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C)
+/* tests/data_files/server2.crt */
+#define TEST_SRV_CRT_RSA_SHA1                                          \
+"-----BEGIN CERTIFICATE-----\r\n"                                      \
+"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
+"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
+"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
+"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
+"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
+"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
+"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
+"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
+"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAAFzC0rF\r\n" \
+"y6De8WMcdgQrEw3AhBHFjzqnxZw1ene4IBSC7lTw8rBSy3jOWQdPUWn+0y/pCeeF\r\n" \
+"kti6sevFdl1hLemGtd4q+T9TKEKGg3ND4ARfB5AUZZ9uEHq8WBkiwus5clGS17Qd\r\n" \
+"dS/TOisB59tQruLx1E1bPLtBKyqk4koC5WAULJwfpswGSyWJTpYwIpxcWE3D2tBu\r\n" \
+"UB6MZfXZFzWmWEOyKbeoXjXe8GBCGgHLywvYDsGQ36HSGtEsAvR2QaTLSxWYcfk1\r\n" \
+"fbDn4jSWkb4yZy1r01UEigFQtONieGwRFaUqEcFJHJvEEGVgh9keaVlOj2vrwf5r\r\n" \
+"4mN4lW7gLdenN6g=\r\n"                                                 \
+"-----END CERTIFICATE-----\r\n";
+
+#if !defined(TEST_SRV_CRT_RSA_SOME)
+const char mbedtls_test_srv_crt_rsa[]     =  TEST_SRV_CRT_RSA_SHA1;
+const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
+#endif /* TEST_SRV_CRT_RSA_SOME */
+#endif /* !TEST_CA_CRT_RSA_SOME || MBEDTLS_SHA1_C */
 
 const char mbedtls_test_ca_key_rsa[] =
 "-----BEGIN RSA PRIVATE KEY-----\r\n"
@@ -218,31 +273,6 @@
 const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
 const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
 
-/* tests/data_files/server2.crt */
-const char mbedtls_test_srv_crt_rsa[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
-"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
-"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
-"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
-"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
-"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
-"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
-"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
-"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAAFzC0rF\r\n"
-"y6De8WMcdgQrEw3AhBHFjzqnxZw1ene4IBSC7lTw8rBSy3jOWQdPUWn+0y/pCeeF\r\n"
-"kti6sevFdl1hLemGtd4q+T9TKEKGg3ND4ARfB5AUZZ9uEHq8WBkiwus5clGS17Qd\r\n"
-"dS/TOisB59tQruLx1E1bPLtBKyqk4koC5WAULJwfpswGSyWJTpYwIpxcWE3D2tBu\r\n"
-"UB6MZfXZFzWmWEOyKbeoXjXe8GBCGgHLywvYDsGQ36HSGtEsAvR2QaTLSxWYcfk1\r\n"
-"fbDn4jSWkb4yZy1r01UEigFQtONieGwRFaUqEcFJHJvEEGVgh9keaVlOj2vrwf5r\r\n"
-"4mN4lW7gLdenN6g=\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
-
-/* tests/data_files/server2.key */
 const char mbedtls_test_srv_key_rsa[] =
 "-----BEGIN RSA PRIVATE KEY-----\r\n"
 "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n"
diff --git a/library/chacha20.c b/library/chacha20.c
index d14a51e..0757163 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -53,6 +53,12 @@
 #define inline __inline
 #endif
 
+/* Parameter validation macros */
+#define CHACHA20_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
+#define CHACHA20_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #define BYTES_TO_U32_LE( data, offset )                           \
     ( (uint32_t) data[offset]                                     \
           | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 )   \
@@ -181,14 +187,13 @@
 
 void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
 {
-    if( ctx != NULL )
-    {
-        mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
-        mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+    CHACHA20_VALIDATE( ctx != NULL );
 
-        /* Initially, there's no keystream bytes available */
-        ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
-    }
+    mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
+    mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+
+    /* Initially, there's no keystream bytes available */
+    ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
 }
 
 void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
@@ -202,10 +207,8 @@
 int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
                             const unsigned char key[32] )
 {
-    if( ( ctx == NULL ) || ( key == NULL ) )
-    {
-        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    }
+    CHACHA20_VALIDATE_RET( ctx != NULL );
+    CHACHA20_VALIDATE_RET( key != NULL );
 
     /* ChaCha20 constants - the string "expand 32-byte k" */
     ctx->state[0] = 0x61707865;
@@ -230,10 +233,8 @@
                              const unsigned char nonce[12],
                              uint32_t counter )
 {
-    if( ( ctx == NULL ) || ( nonce == NULL ) )
-    {
-        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    }
+    CHACHA20_VALIDATE_RET( ctx != NULL );
+    CHACHA20_VALIDATE_RET( nonce != NULL );
 
     /* Counter */
     ctx->state[12] = counter;
@@ -259,15 +260,9 @@
     size_t offset = 0U;
     size_t i;
 
-    if( ctx == NULL )
-    {
-        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    }
-    else if( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
-    {
-        /* input and output pointers are allowed to be NULL only if size == 0 */
-        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    }
+    CHACHA20_VALIDATE_RET( ctx != NULL );
+    CHACHA20_VALIDATE_RET( size == 0 || input  != NULL );
+    CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
 
     /* Use leftover keystream bytes, if available */
     while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
@@ -332,6 +327,11 @@
     mbedtls_chacha20_context ctx;
     int ret;
 
+    CHACHA20_VALIDATE_RET( key != NULL );
+    CHACHA20_VALIDATE_RET( nonce != NULL );
+    CHACHA20_VALIDATE_RET( data_len == 0 || input  != NULL );
+    CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
+
     mbedtls_chacha20_init( &ctx );
 
     ret = mbedtls_chacha20_setkey( &ctx, key );
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 860f877..dc643dd 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -44,6 +44,12 @@
 
 #if !defined(MBEDTLS_CHACHAPOLY_ALT)
 
+/* Parameter validation macros */
+#define CHACHAPOLY_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
+#define CHACHAPOLY_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #define CHACHAPOLY_STATE_INIT       ( 0 )
 #define CHACHAPOLY_STATE_AAD        ( 1 )
 #define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
@@ -90,39 +96,35 @@
 
 void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
 {
-    if( ctx != NULL )
-    {
-        mbedtls_chacha20_init( &ctx->chacha20_ctx );
-        mbedtls_poly1305_init( &ctx->poly1305_ctx );
-        ctx->aad_len        = 0U;
-        ctx->ciphertext_len = 0U;
-        ctx->state          = CHACHAPOLY_STATE_INIT;
-        ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
-    }
+    CHACHAPOLY_VALIDATE( ctx != NULL );
+
+    mbedtls_chacha20_init( &ctx->chacha20_ctx );
+    mbedtls_poly1305_init( &ctx->poly1305_ctx );
+    ctx->aad_len        = 0U;
+    ctx->ciphertext_len = 0U;
+    ctx->state          = CHACHAPOLY_STATE_INIT;
+    ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
 }
 
 void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
 {
-    if( ctx != NULL )
-    {
-        mbedtls_chacha20_free( &ctx->chacha20_ctx );
-        mbedtls_poly1305_free( &ctx->poly1305_ctx );
-        ctx->aad_len        = 0U;
-        ctx->ciphertext_len = 0U;
-        ctx->state          = CHACHAPOLY_STATE_INIT;
-        ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
-    }
+    if( ctx == NULL )
+        return;
+
+    mbedtls_chacha20_free( &ctx->chacha20_ctx );
+    mbedtls_poly1305_free( &ctx->poly1305_ctx );
+    ctx->aad_len        = 0U;
+    ctx->ciphertext_len = 0U;
+    ctx->state          = CHACHAPOLY_STATE_INIT;
+    ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
 }
 
 int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
                                const unsigned char key[32] )
 {
     int ret;
-
-    if( ( ctx == NULL ) || ( key == NULL ) )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
+    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+    CHACHAPOLY_VALIDATE_RET( key != NULL );
 
     ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
 
@@ -135,11 +137,8 @@
 {
     int ret;
     unsigned char poly1305_key[64];
-
-    if( ( ctx == NULL ) || ( nonce == NULL ) )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
+    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+    CHACHAPOLY_VALIDATE_RET( nonce != NULL );
 
     /* Set counter = 0, will be update to 1 when generating Poly1305 key */
     ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
@@ -176,19 +175,11 @@
                                    const unsigned char *aad,
                                    size_t aad_len )
 {
-    if( ctx == NULL )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
-    else if( ( aad_len > 0U ) && ( aad == NULL ) )
-    {
-        /* aad pointer is allowed to be NULL if aad_len == 0 */
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
-    else if( ctx->state != CHACHAPOLY_STATE_AAD )
-    {
+    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+    CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
+
+    if( ctx->state != CHACHAPOLY_STATE_AAD )
         return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
-    }
 
     ctx->aad_len += aad_len;
 
@@ -201,18 +192,12 @@
                                unsigned char *output )
 {
     int ret;
+    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+    CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
+    CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
 
-    if( ctx == NULL )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
-    else if( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
-    {
-        /* input and output pointers are allowed to be NULL if len == 0 */
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
-    else if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
-              ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
+    if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
+        ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
     {
         return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
@@ -257,12 +242,10 @@
 {
     int ret;
     unsigned char len_block[16];
+    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+    CHACHAPOLY_VALIDATE_RET( mac != NULL );
 
-    if( ( ctx == NULL ) || ( mac == NULL ) )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
-    else if( ctx->state == CHACHAPOLY_STATE_INIT )
+    if( ctx->state == CHACHAPOLY_STATE_INIT )
     {
         return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
@@ -350,6 +333,13 @@
                                         unsigned char *output,
                                         unsigned char tag[16] )
 {
+    CHACHAPOLY_VALIDATE_RET( ctx   != NULL );
+    CHACHAPOLY_VALIDATE_RET( nonce != NULL );
+    CHACHAPOLY_VALIDATE_RET( tag   != NULL );
+    CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad    != NULL );
+    CHACHAPOLY_VALIDATE_RET( length  == 0 || input  != NULL );
+    CHACHAPOLY_VALIDATE_RET( length  == 0 || output != NULL );
+
     return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       length, nonce, aad, aad_len,
                                       input, output, tag ) );
@@ -368,9 +358,12 @@
     unsigned char check_tag[16];
     size_t i;
     int diff;
-
-    if( tag == NULL )
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    CHACHAPOLY_VALIDATE_RET( ctx   != NULL );
+    CHACHAPOLY_VALIDATE_RET( nonce != NULL );
+    CHACHAPOLY_VALIDATE_RET( tag   != NULL );
+    CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad    != NULL );
+    CHACHAPOLY_VALIDATE_RET( length  == 0 || input  != NULL );
+    CHACHAPOLY_VALIDATE_RET( length  == 0 || output != NULL );
 
     if( ( ret = chachapoly_crypt_and_tag( ctx,
                         MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
diff --git a/library/cipher.c b/library/cipher.c
index 1cc0beb..11f6f8e 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -70,6 +70,11 @@
 #define mbedtls_free   free
 #endif
 
+#define CIPHER_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
+#define CIPHER_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /* Compare the contents of two buffers in constant time.
  * Returns 0 if the contents are bitwise identical, otherwise returns
@@ -87,7 +92,7 @@
     for( diff = 0, i = 0; i < len; i++ )
         diff |= p1[i] ^ p2[i];
 
-    return (int)diff;
+    return( (int)diff );
 }
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
@@ -159,6 +164,7 @@
 
 void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
 {
+    CIPHER_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
 }
 
@@ -208,7 +214,8 @@
 int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
                           const mbedtls_cipher_info_t *cipher_info )
 {
-    if( NULL == cipher_info || NULL == ctx )
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    if( cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
     memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
@@ -269,17 +276,12 @@
                            int key_bitlen,
                            const mbedtls_operation_t operation )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info ||
-        NULL == ctx->cipher_ctx )
-    {
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( key != NULL );
+    CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
+                         operation == MBEDTLS_DECRYPT );
+    if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    if( operation != MBEDTLS_DECRYPT &&
-        operation != MBEDTLS_ENCRYPT )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
@@ -302,12 +304,18 @@
         if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-        /* Find a fresh key slot to use. */
-        status = mbedtls_psa_get_free_key_slot( &cipher_psa->slot );
+        key_type = mbedtls_psa_translate_cipher_type(
+            ctx->cipher_info->type );
+        if( key_type == 0 )
+            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+        /* Allocate a key slot to use. */
+        status = psa_allocate_key( &cipher_psa->slot );
         if( status != PSA_SUCCESS )
             return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-         /* Indicate that we own the key slot and need to
-          * destroy it in mbedtls_cipher_free(). */
+
+        /* Indicate that we own the key slot and need to
+         * destroy it in mbedtls_cipher_free(). */
         cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
 
         /* From that point on, the responsibility for destroying the
@@ -316,7 +324,7 @@
          * mbedtls_cipher_free() needs to be called in any case. */
 
         /* Setup policy for the new key slot. */
-        psa_key_policy_init( &key_policy );
+        key_policy = psa_key_policy_init();
 
         /* Mbed TLS' cipher layer doesn't enforce the mode of operation
          * (encrypt vs. decrypt): it is possible to setup a key for encryption
@@ -330,11 +338,7 @@
             return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
 
         /* Populate new key slot. */
-        key_type = mbedtls_psa_translate_cipher_type(
-            ctx->cipher_info->type );
-        if( key_type == 0 )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-        status = psa_import_key( cipher_psa->slot,
+        status = psa_import_key_to_handle( cipher_psa->slot,
                                  key_type, key, key_bytelen );
         if( status != PSA_SUCCESS )
             return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
@@ -362,27 +366,27 @@
         MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
         MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
     {
-        return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
-                                                        ctx->key_bitlen );
+        return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
+                                                         ctx->key_bitlen ) );
     }
 
     if( MBEDTLS_DECRYPT == operation )
-        return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
-                                                        ctx->key_bitlen );
-
+        return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
+                                                         ctx->key_bitlen ) );
 
     return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 }
 
 int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                   const unsigned char *iv, size_t iv_len )
+                           const unsigned char *iv,
+                           size_t iv_len )
 {
     size_t actual_iv_size;
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    else if( NULL == iv && iv_len != 0  )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
+    if( ctx->cipher_info == NULL )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
     {
@@ -393,9 +397,6 @@
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( NULL == iv && iv_len == 0 )
-        ctx->iv_size = 0;
-
     /* avoid buffer overflow in ctx->iv */
     if( iv_len > MBEDTLS_MAX_IV_LENGTH )
         return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
@@ -434,7 +435,8 @@
 
 int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -455,7 +457,9 @@
 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info )
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
+    if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -471,8 +475,8 @@
 #if defined(MBEDTLS_GCM_C)
     if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
     {
-        return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
-                           ctx->iv, ctx->iv_size, ad, ad_len );
+        return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
+                                    ctx->iv, ctx->iv_size, ad, ad_len ) );
     }
 #endif
 
@@ -492,8 +496,8 @@
         if ( result != 0 )
             return( result );
 
-        return mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                          ad, ad_len );
+        return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
+                                               ad, ad_len ) );
     }
 #endif
 
@@ -505,12 +509,14 @@
                    size_t ilen, unsigned char *output, size_t *olen )
 {
     int ret;
-    size_t block_size = 0;
+    size_t block_size;
 
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
-    {
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+    CIPHER_VALIDATE_RET( output != NULL );
+    CIPHER_VALIDATE_RET( olen != NULL );
+    if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
@@ -545,8 +551,8 @@
     if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
     {
         *olen = ilen;
-        return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
-                           output );
+        return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
+                                    output ) );
     }
 #endif
 
@@ -554,14 +560,14 @@
     if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
     {
         *olen = ilen;
-        return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                      ilen, input, output );
+        return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
+                                           ilen, input, output ) );
     }
 #endif
 
     if ( 0 == block_size )
     {
-        return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+        return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
     }
 
     if( input == output &&
@@ -624,7 +630,7 @@
         {
             if( 0 == block_size )
             {
-                return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+                return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
             }
 
             /* Encryption: only cache partial blocks
@@ -925,7 +931,10 @@
 int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
                    unsigned char *output, size_t *olen )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( output != NULL );
+    CIPHER_VALIDATE_RET( olen != NULL );
+    if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1005,8 +1014,8 @@
 
         /* Set output size for decryption */
         if( MBEDTLS_DECRYPT == ctx->operation )
-            return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
-                                     olen );
+            return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
+                                      olen ) );
 
         /* Set output size for encryption */
         *olen = mbedtls_cipher_get_block_size( ctx );
@@ -1023,8 +1032,9 @@
 int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
                                      mbedtls_cipher_padding_t mode )
 {
-    if( NULL == ctx ||
-        MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
+    CIPHER_VALIDATE_RET( ctx != NULL );
+
+    if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
     {
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
@@ -1085,7 +1095,9 @@
 int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
                       unsigned char *tag, size_t tag_len )
 {
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+    if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
     if( MBEDTLS_ENCRYPT != ctx->operation )
@@ -1098,8 +1110,6 @@
          * operations, we currently don't make it
          * accessible through the cipher layer. */
         return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-        return( 0 );
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -1130,8 +1140,12 @@
     unsigned char check_tag[16];
     int ret;
 
-    if( NULL == ctx || NULL == ctx->cipher_info ||
-        MBEDTLS_DECRYPT != ctx->operation )
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+    if( ctx->cipher_info == NULL )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if( MBEDTLS_DECRYPT != ctx->operation )
     {
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
@@ -1204,6 +1218,12 @@
     int ret;
     size_t finish_olen;
 
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
+    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+    CIPHER_VALIDATE_RET( output != NULL );
+    CIPHER_VALIDATE_RET( olen != NULL );
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
     {
@@ -1216,7 +1236,7 @@
             (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
 
         psa_status_t status;
-        psa_cipher_operation_t cipher_op;
+        psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
         size_t part_len;
 
         if( ctx->operation == MBEDTLS_DECRYPT )
@@ -1292,6 +1312,14 @@
                          unsigned char *output, size_t *olen,
                          unsigned char *tag, size_t tag_len )
 {
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( iv != NULL );
+    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
+    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+    CIPHER_VALIDATE_RET( output != NULL );
+    CIPHER_VALIDATE_RET( olen != NULL );
+    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
     {
@@ -1371,6 +1399,14 @@
                          unsigned char *output, size_t *olen,
                          const unsigned char *tag, size_t tag_len )
 {
+    CIPHER_VALIDATE_RET( ctx != NULL );
+    CIPHER_VALIDATE_RET( iv != NULL );
+    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
+    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+    CIPHER_VALIDATE_RET( output != NULL );
+    CIPHER_VALIDATE_RET( olen != NULL );
+    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
     {
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index fead18f..0db7beb 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -102,7 +102,8 @@
     /*
      * Initialize with an empty key
      */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
+                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
     {
         return( ret );
     }
@@ -120,8 +121,9 @@
                    const unsigned char *custom,
                    size_t len )
 {
-    return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len,
-                                       MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
+    return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy,
+                                               custom, len,
+                                               MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
 }
 
 void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
@@ -136,17 +138,20 @@
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
 }
 
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
+                                                 int resistance )
 {
     ctx->prediction_resistance = resistance;
 }
 
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, size_t len )
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
+                                       size_t len )
 {
     ctx->entropy_len = len;
 }
 
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, int interval )
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
+                                           int interval )
 {
     ctx->reseed_interval = interval;
 }
@@ -154,7 +159,8 @@
 static int block_cipher_df( unsigned char *output,
                             const unsigned char *data, size_t data_len )
 {
-    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
+    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
+                      MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
     unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
     unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
     unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
@@ -168,7 +174,8 @@
     if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
         return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
 
-    memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
+    memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
+            MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
     mbedtls_aes_init( &aes_ctx );
 
     /*
@@ -193,7 +200,8 @@
     for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
         key[i] = i;
 
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key,
+                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
     {
         goto exit;
     }
@@ -215,7 +223,8 @@
             use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
                        MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
 
-            if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ) ) != 0 )
+            if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                               chain, chain ) ) != 0 )
             {
                 goto exit;
             }
@@ -232,7 +241,8 @@
     /*
      * Do final encryption with reduced data
      */
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp,
+                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
     {
         goto exit;
     }
@@ -241,7 +251,8 @@
 
     for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
     {
-        if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ) ) != 0 )
+        if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                           iv, iv ) ) != 0 )
         {
             goto exit;
         }
@@ -277,7 +288,7 @@
  *   ctx->counter = V
  */
 static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
-                              const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
+                          const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
 {
     unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
     unsigned char *p = tmp;
@@ -298,9 +309,10 @@
         /*
          * Crypt counter block
          */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 )
+        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                           ctx->counter, p ) ) != 0 )
         {
-            return( ret );
+            goto exit;
         }
 
         p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
@@ -312,13 +324,17 @@
     /*
      * Update key and counter
      */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp,
+                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
     {
-        return( ret );
+        goto exit;
     }
-    memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+    memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
+            MBEDTLS_CTR_DRBG_BLOCKSIZE );
 
-    return( 0 );
+exit:
+    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+    return( ret );
 }
 
 /* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@@ -333,23 +349,39 @@
  * and with outputs
  *   ctx = initial_working_state
  */
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
-                      const unsigned char *additional, size_t add_len )
+int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
+                                 const unsigned char *additional,
+                                 size_t add_len )
 {
     unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
+    int ret;
 
-    if( add_len > 0 )
-    {
-        /* MAX_INPUT would be more logical here, but we have to match
-         * block_cipher_df()'s limits since we can't propagate errors */
-        if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-            add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
+    if( add_len == 0 )
+        return( 0 );
 
-        block_cipher_df( add_input, additional, add_len );
-        ctr_drbg_update_internal( ctx, add_input );
-    }
+    if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
+        goto exit;
+    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+        goto exit;
+
+exit:
+    mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
+    return( ret );
 }
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+                              const unsigned char *additional,
+                              size_t add_len )
+{
+    /* MAX_INPUT would be more logical here, but we have to match
+     * block_cipher_df()'s limits since we can't propagate errors */
+    if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+        add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
+    (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len );
+}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
 /* CTR_DRBG_Reseed with derivation function (SP 800-90A &sect;10.2.1.4.2)
  * mbedtls_ctr_drbg_reseed(ctx, additional, len)
  * implements
@@ -399,20 +431,18 @@
      * Reduce to 384 bits
      */
     if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
-    {
-        return( ret );
-    }
+        goto exit;
 
     /*
      * Update state
      */
     if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
-    {
-        return( ret );
-    }
+        goto exit;
     ctx->reseed_counter = 1;
 
-    return( 0 );
+exit:
+    mbedtls_platform_zeroize( seed, sizeof( seed ) );
+    return( ret );
 }
 
 /* CTR_DRBG_Generate with derivation function (SP 800-90A &sect;10.2.1.5.2)
@@ -467,13 +497,9 @@
     if( add_len > 0 )
     {
         if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
-        {
-            return( ret );
-        }
+            goto exit;
         if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
-        {
-            return( ret );
-        }
+            goto exit;
     }
 
     while( output_len > 0 )
@@ -488,13 +514,14 @@
         /*
          * Crypt counter block
          */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 )
+        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                           ctx->counter, tmp ) ) != 0 )
         {
-            return( ret );
+            goto exit;
         }
 
-        use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE :
-                                                       output_len;
+        use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE )
+            ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;
         /*
          * Copy random block to destination
          */
@@ -504,16 +531,18 @@
     }
 
     if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
-    {
-        return( ret );
-    }
+        goto exit;
 
     ctx->reseed_counter++;
 
+exit:
+    mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
+    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
     return( 0 );
 }
 
-int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
+int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
+                             size_t output_len )
 {
     int ret;
     mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
@@ -534,7 +563,8 @@
 }
 
 #if defined(MBEDTLS_FS_IO)
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
+                                      const char *path )
 {
     int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
     FILE *f;
@@ -543,13 +573,19 @@
     if( ( f = fopen( path, "wb" ) ) == NULL )
         return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
 
-    if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
+    if( ( ret = mbedtls_ctr_drbg_random( ctx, buf,
+                                         MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
         goto exit;
 
-    if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT )
+    if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) !=
+        MBEDTLS_CTR_DRBG_MAX_INPUT )
+    {
         ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+    }
     else
+    {
         ret = 0;
+    }
 
 exit:
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
@@ -558,38 +594,40 @@
     return( ret );
 }
 
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
+                                       const char *path )
 {
     int ret = 0;
-    FILE *f;
+    FILE *f = NULL;
     size_t n;
     unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+    unsigned char c;
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
         return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
 
-    fseek( f, 0, SEEK_END );
-    n = (size_t) ftell( f );
-    fseek( f, 0, SEEK_SET );
-
-    if( n > MBEDTLS_CTR_DRBG_MAX_INPUT )
+    n = fread( buf, 1, sizeof( buf ), f );
+    if( fread( &c, 1, 1, f ) != 0 )
     {
-        fclose( f );
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+        ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+        goto exit;
     }
-
-    if( fread( buf, 1, n, f ) != n )
+    if( n == 0 || ferror( f ) )
+    {
         ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-    else
-        mbedtls_ctr_drbg_update( ctx, buf, n );
-
+        goto exit;
+    }
     fclose( f );
+    f = NULL;
 
+    ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
+
+exit:
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
+    if( f != NULL )
+        fclose( f );
     if( ret != 0 )
         return( ret );
-
     return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
 }
 #endif /* MBEDTLS_FS_IO */
@@ -671,7 +709,7 @@
 
     test_offset = 0;
     CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
-                                (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+                         (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
     mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
     CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
     CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
@@ -692,7 +730,7 @@
 
     test_offset = 0;
     CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
-                            (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+                     (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
     CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
     CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
     CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
diff --git a/library/debug.c b/library/debug.c
index db3924a..0c46c06 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -35,6 +35,7 @@
 #define mbedtls_free        free
 #define mbedtls_time_t      time_t
 #define mbedtls_snprintf    snprintf
+#define mbedtls_vsnprintf   vsnprintf
 #endif
 
 #include "mbedtls/debug.h"
@@ -86,24 +87,16 @@
     char str[DEBUG_BUF_SIZE];
     int ret;
 
-    if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold )
+    if( NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        level > debug_threshold )
+    {
         return;
+    }
 
     va_start( argp, format );
-#if defined(_WIN32)
-#if defined(_TRUNCATE) && !defined(__MINGW32__)
-    ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
-#else
-    ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
-    if( ret < 0 || (size_t) ret == DEBUG_BUF_SIZE )
-    {
-        str[DEBUG_BUF_SIZE-1] = '\0';
-        ret = -1;
-    }
-#endif
-#else
-    ret = vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
-#endif
+    ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
     va_end( argp );
 
     if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
@@ -121,8 +114,13 @@
 {
     char str[DEBUG_BUF_SIZE];
 
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+    if( NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        level > debug_threshold )
+    {
         return;
+    }
 
     /*
      * With non-blocking I/O and examples that just retry immediately,
@@ -146,8 +144,13 @@
     char txt[17];
     size_t i, idx = 0;
 
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+    if( NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        level > debug_threshold )
+    {
         return;
+    }
 
     mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
               text, (unsigned int) len );
@@ -199,8 +202,13 @@
 {
     char str[DEBUG_BUF_SIZE];
 
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+    if( NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        level > debug_threshold )
+    {
         return;
+    }
 
     mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
     mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
@@ -219,8 +227,14 @@
     int j, k, zeros = 1;
     size_t i, n, idx = 0;
 
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
+    if( NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        NULL == X                ||
+        level > debug_threshold )
+    {
         return;
+    }
 
     for( n = X->n - 1; n > 0; n-- )
         if( X->p[n] != 0 )
@@ -345,8 +359,14 @@
     char str[DEBUG_BUF_SIZE];
     int i = 0;
 
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
+    if( NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        NULL == crt              ||
+        level > debug_threshold )
+    {
         return;
+    }
 
     while( crt != NULL )
     {
@@ -365,4 +385,54 @@
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+#if defined(MBEDTLS_ECDH_C)
+static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
+                                                int level, const char *file,
+                                                int line,
+                                                const mbedtls_ecdh_context *ecdh,
+                                                mbedtls_debug_ecdh_attr attr )
+{
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    const mbedtls_ecdh_context* ctx = ecdh;
+#else
+    const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh;
+#endif
+
+    switch( attr )
+    {
+        case MBEDTLS_DEBUG_ECDH_Q:
+            mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q",
+                                     &ctx->Q );
+            break;
+        case MBEDTLS_DEBUG_ECDH_QP:
+            mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp",
+                                     &ctx->Qp );
+            break;
+        case MBEDTLS_DEBUG_ECDH_Z:
+            mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z",
+                                     &ctx->z );
+            break;
+        default:
+            break;
+    }
+}
+
+void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
+                                const char *file, int line,
+                                const mbedtls_ecdh_context *ecdh,
+                                mbedtls_debug_ecdh_attr attr )
+{
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr );
+#else
+    switch( ecdh->var )
+    {
+        default:
+            mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh,
+                                                attr );
+    }
+#endif
+}
+#endif /* MBEDTLS_ECDH_C */
+
 #endif /* MBEDTLS_DEBUG_C */
diff --git a/library/dhm.c b/library/dhm.c
index 82cbb0c..fb6937e 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -60,6 +60,11 @@
 
 #if !defined(MBEDTLS_DHM_ALT)
 
+#define DHM_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
+#define DHM_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * helper to validate the mbedtls_mpi size and import it
  */
@@ -121,6 +126,7 @@
 
 void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
 {
+    DHM_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
 }
 
@@ -132,6 +138,9 @@
                      const unsigned char *end )
 {
     int ret;
+    DHM_VALIDATE_RET( ctx != NULL );
+    DHM_VALIDATE_RET( p != NULL && *p != NULL );
+    DHM_VALIDATE_RET( end != NULL );
 
     if( ( ret = dhm_read_bignum( &ctx->P,  p, end ) ) != 0 ||
         ( ret = dhm_read_bignum( &ctx->G,  p, end ) ) != 0 ||
@@ -157,6 +166,10 @@
     int ret, count = 0;
     size_t n1, n2, n3;
     unsigned char *p;
+    DHM_VALIDATE_RET( ctx != NULL );
+    DHM_VALIDATE_RET( output != NULL );
+    DHM_VALIDATE_RET( olen != NULL );
+    DHM_VALIDATE_RET( f_rng != NULL );
 
     if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
         return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -227,9 +240,9 @@
                            const mbedtls_mpi *G )
 {
     int ret;
-
-    if( ctx == NULL || P == NULL || G == NULL )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+    DHM_VALIDATE_RET( ctx != NULL );
+    DHM_VALIDATE_RET( P != NULL );
+    DHM_VALIDATE_RET( G != NULL );
 
     if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
         ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
@@ -248,8 +261,10 @@
                      const unsigned char *input, size_t ilen )
 {
     int ret;
+    DHM_VALIDATE_RET( ctx != NULL );
+    DHM_VALIDATE_RET( input != NULL );
 
-    if( ctx == NULL || ilen < 1 || ilen > ctx->len )
+    if( ilen < 1 || ilen > ctx->len )
         return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
 
     if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
@@ -267,8 +282,11 @@
                      void *p_rng )
 {
     int ret, count = 0;
+    DHM_VALIDATE_RET( ctx != NULL );
+    DHM_VALIDATE_RET( output != NULL );
+    DHM_VALIDATE_RET( f_rng != NULL );
 
-    if( ctx == NULL || olen < 1 || olen > ctx->len )
+    if( olen < 1 || olen > ctx->len )
         return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
 
     if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
@@ -380,8 +398,11 @@
 {
     int ret;
     mbedtls_mpi GYb;
+    DHM_VALIDATE_RET( ctx != NULL );
+    DHM_VALIDATE_RET( output != NULL );
+    DHM_VALIDATE_RET( olen != NULL );
 
-    if( ctx == NULL || output_size < ctx->len )
+    if( output_size < ctx->len )
         return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
 
     if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
@@ -428,11 +449,19 @@
  */
 void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
 {
-    mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->K  ); mbedtls_mpi_free( &ctx->GY );
-    mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X  );
-    mbedtls_mpi_free( &ctx->G  ); mbedtls_mpi_free( &ctx->P  );
+    if( ctx == NULL )
+        return;
+
+    mbedtls_mpi_free( &ctx->pX );
+    mbedtls_mpi_free( &ctx->Vf );
+    mbedtls_mpi_free( &ctx->Vi );
+    mbedtls_mpi_free( &ctx->RP );
+    mbedtls_mpi_free( &ctx->K  );
+    mbedtls_mpi_free( &ctx->GY );
+    mbedtls_mpi_free( &ctx->GX );
+    mbedtls_mpi_free( &ctx->X  );
+    mbedtls_mpi_free( &ctx->G  );
+    mbedtls_mpi_free( &ctx->P  );
 
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
 }
@@ -449,7 +478,12 @@
     unsigned char *p, *end;
 #if defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pem_context pem;
+#endif /* MBEDTLS_PEM_PARSE_C */
 
+    DHM_VALIDATE_RET( dhm != NULL );
+    DHM_VALIDATE_RET( dhmin != NULL );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pem_init( &pem );
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
@@ -596,6 +630,8 @@
     int ret;
     size_t n;
     unsigned char *buf;
+    DHM_VALIDATE_RET( dhm != NULL );
+    DHM_VALIDATE_RET( path != NULL );
 
     if( ( ret = load_file( path, &buf, &n ) ) != 0 )
         return( ret );
diff --git a/library/ecdh.c b/library/ecdh.c
index e6ae999..eecae91 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -35,9 +35,30 @@
 #if defined(MBEDTLS_ECDH_C)
 
 #include "mbedtls/ecdh.h"
+#include "mbedtls/platform_util.h"
 
 #include <string.h>
 
+/* Parameter validation macros based on platform_util.h */
+#define ECDH_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECDH_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
+#endif
+
+static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
+    const mbedtls_ecdh_context *ctx )
+{
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ctx->grp.id );
+#else
+    return( ctx->grp_id );
+#endif
+}
+
 #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
 /*
  * Generate public key (restartable version)
@@ -74,6 +95,10 @@
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng )
 {
+    ECDH_VALIDATE_RET( grp != NULL );
+    ECDH_VALIDATE_RET( d != NULL );
+    ECDH_VALIDATE_RET( Q != NULL );
+    ECDH_VALIDATE_RET( f_rng != NULL );
     return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
 }
 #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
@@ -119,48 +144,94 @@
                          int (*f_rng)(void *, unsigned char *, size_t),
                          void *p_rng )
 {
+    ECDH_VALIDATE_RET( grp != NULL );
+    ECDH_VALIDATE_RET( Q != NULL );
+    ECDH_VALIDATE_RET( d != NULL );
+    ECDH_VALIDATE_RET( z != NULL );
     return( ecdh_compute_shared_restartable( grp, z, Q, d,
                                              f_rng, p_rng, NULL ) );
 }
 #endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
 
-/*
- * Initialize context
- */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
+static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
 {
     mbedtls_ecp_group_init( &ctx->grp );
     mbedtls_mpi_init( &ctx->d  );
     mbedtls_ecp_point_init( &ctx->Q   );
     mbedtls_ecp_point_init( &ctx->Qp  );
     mbedtls_mpi_init( &ctx->z  );
-    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
-    mbedtls_ecp_point_init( &ctx->Vi  );
-    mbedtls_ecp_point_init( &ctx->Vf  );
-    mbedtls_mpi_init( &ctx->_d );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    ctx->restart_enabled = 0;
     mbedtls_ecp_restart_init( &ctx->rs );
 #endif
 }
 
 /*
- * Free context
+ * Initialize context
  */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
+void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
 {
-    if( ctx == NULL )
-        return;
+    ECDH_VALIDATE( ctx != NULL );
 
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    ecdh_init_internal( ctx );
+    mbedtls_ecp_point_init( &ctx->Vi  );
+    mbedtls_ecp_point_init( &ctx->Vf  );
+    mbedtls_mpi_init( &ctx->_d );
+#else
+    memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
+
+    ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
+#endif
+    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    ctx->restart_enabled = 0;
+#endif
+}
+
+static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
+                                mbedtls_ecp_group_id grp_id )
+{
+    int ret;
+
+    ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
+    if( ret != 0 )
+    {
+        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Setup context
+ */
+int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
+{
+    ECDH_VALIDATE_RET( ctx != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_setup_internal( ctx, grp_id ) );
+#else
+    switch( grp_id )
+    {
+        default:
+            ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+            ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
+            ctx->grp_id = grp_id;
+            ecdh_init_internal( &ctx->ctx.mbed_ecdh );
+            return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
+    }
+#endif
+}
+
+static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
+{
     mbedtls_ecp_group_free( &ctx->grp );
     mbedtls_mpi_free( &ctx->d  );
     mbedtls_ecp_point_free( &ctx->Q   );
     mbedtls_ecp_point_free( &ctx->Qp  );
     mbedtls_mpi_free( &ctx->z  );
-    mbedtls_ecp_point_free( &ctx->Vi  );
-    mbedtls_ecp_point_free( &ctx->Vf  );
-    mbedtls_mpi_free( &ctx->_d );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     mbedtls_ecp_restart_free( &ctx->rs );
@@ -173,21 +244,49 @@
  */
 void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
 {
+    ECDH_VALIDATE( ctx != NULL );
+
     ctx->restart_enabled = 1;
 }
 #endif
 
 /*
- * Setup and write the ServerKeyExhange parameters (RFC 4492)
- *      struct {
- *          ECParameters    curve_params;
- *          ECPoint         public;
- *      } ServerECDHParams;
+ * Free context
  */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    mbedtls_ecp_point_free( &ctx->Vi );
+    mbedtls_ecp_point_free( &ctx->Vf );
+    mbedtls_mpi_free( &ctx->_d );
+    ecdh_free_internal( ctx );
+#else
+    switch( ctx->var )
+    {
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            ecdh_free_internal( &ctx->ctx.mbed_ecdh );
+            break;
+        default:
+            break;
+    }
+
+    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+    ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
+    ctx->grp_id = MBEDTLS_ECP_DP_NONE;
+#endif
+}
+
+static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
+                                      size_t *olen, int point_format,
+                                      unsigned char *buf, size_t blen,
+                                      int (*f_rng)(void *,
+                                                   unsigned char *,
+                                                   size_t),
+                                      void *p_rng,
+                                      int restart_enabled )
 {
     int ret;
     size_t grp_len, pt_len;
@@ -195,12 +294,14 @@
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx == NULL || ctx->grp.pbits == 0 )
+    if( ctx->grp.pbits == 0 )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ctx->restart_enabled )
+    if( restart_enabled )
         rs_ctx = &ctx->rs;
+#else
+    (void) restart_enabled;
 #endif
 
 
@@ -214,14 +315,14 @@
         return( ret );
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-    if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
-                != 0 )
+    if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf,
+                                             blen ) ) != 0 )
         return( ret );
 
     buf += grp_len;
     blen -= grp_len;
 
-    if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
+    if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format,
                                              &pt_len, buf, blen ) ) != 0 )
         return( ret );
 
@@ -230,6 +331,55 @@
 }
 
 /*
+ * Setup and write the ServerKeyExhange parameters (RFC 4492)
+ *      struct {
+ *          ECParameters    curve_params;
+ *          ECPoint         public;
+ *      } ServerECDHParams;
+ */
+int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                              unsigned char *buf, size_t blen,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng )
+{
+    int restart_enabled = 0;
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( olen != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+    ECDH_VALIDATE_RET( f_rng != NULL );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    restart_enabled = ctx->restart_enabled;
+#else
+    (void) restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
+                                       f_rng, p_rng, restart_enabled ) );
+#else
+    switch( ctx->var )
+    {
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
+                                               ctx->point_format, buf, blen,
+                                               f_rng, p_rng,
+                                               restart_enabled ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
+}
+
+static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
+                                      const unsigned char **buf,
+                                      const unsigned char *end )
+{
+    return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
+                                        end - *buf ) );
+}
+
+/*
  * Read the ServerKeyExhange parameters (RFC 4492)
  *      struct {
  *          ECParameters    curve_params;
@@ -237,31 +387,43 @@
  *      } ServerECDHParams;
  */
 int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                      const unsigned char **buf, const unsigned char *end )
+                              const unsigned char **buf,
+                              const unsigned char *end )
 {
     int ret;
+    mbedtls_ecp_group_id grp_id;
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+    ECDH_VALIDATE_RET( *buf != NULL );
+    ECDH_VALIDATE_RET( end != NULL );
 
-    if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
+    if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
+            != 0 )
         return( ret );
 
-    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
-                != 0 )
+    if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
         return( ret );
 
-    return( 0 );
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_read_params_internal( ctx, buf, end ) );
+#else
+    switch( ctx->var )
+    {
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
+                                               buf, end ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
 }
 
-/*
- * Get parameters from a keypair
- */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
-                     mbedtls_ecdh_side side )
+static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
+                                     const mbedtls_ecp_keypair *key,
+                                     mbedtls_ecdh_side side )
 {
     int ret;
 
-    if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
-        return( ret );
-
     /* If it's not our key, just import the public part as Qp */
     if( side == MBEDTLS_ECDH_THEIRS )
         return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
@@ -278,29 +440,75 @@
 }
 
 /*
- * Setup and export the client public value
+ * Get parameters from a keypair
  */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
+                             const mbedtls_ecp_keypair *key,
+                             mbedtls_ecdh_side side )
+{
+    int ret;
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( key != NULL );
+    ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
+                       side == MBEDTLS_ECDH_THEIRS );
+
+    if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
+    {
+        /* This is the first call to get_params(). Set up the context
+         * for use with the group. */
+        if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
+            return( ret );
+    }
+    else
+    {
+        /* This is not the first call to get_params(). Check that the
+         * current key's group is the same as the context's, which was set
+         * from the first key's group. */
+        if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
+            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_get_params_internal( ctx, key, side ) );
+#else
+    switch( ctx->var )
+    {
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
+                                              key, side ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
+}
+
+static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
+                                      size_t *olen, int point_format,
+                                      unsigned char *buf, size_t blen,
+                                      int (*f_rng)(void *,
+                                                   unsigned char *,
+                                                   size_t),
+                                      void *p_rng,
+                                      int restart_enabled )
 {
     int ret;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx == NULL || ctx->grp.pbits == 0 )
+    if( ctx->grp.pbits == 0 )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ctx->restart_enabled )
+    if( restart_enabled )
         rs_ctx = &ctx->rs;
+#else
+    (void) restart_enabled;
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
-                    f_rng, p_rng, rs_ctx ) ) != 0 )
+                                             f_rng, p_rng, rs_ctx ) ) != 0 )
         return( ret );
 #else
     if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
@@ -308,23 +516,53 @@
         return( ret );
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-    return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
-                                olen, buf, blen );
+    return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen,
+                                        buf, blen );
 }
 
 /*
- * Parse and import the client's public value
+ * Setup and export the client public value
  */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                      const unsigned char *buf, size_t blen )
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+                              unsigned char *buf, size_t blen,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng )
+{
+    int restart_enabled = 0;
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( olen != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+    ECDH_VALIDATE_RET( f_rng != NULL );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    restart_enabled = ctx->restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
+                                       f_rng, p_rng, restart_enabled ) );
+#else
+    switch( ctx->var )
+    {
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
+                                               ctx->point_format, buf, blen,
+                                               f_rng, p_rng,
+                                               restart_enabled ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
+}
+
+static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
+                                      const unsigned char *buf, size_t blen )
 {
     int ret;
     const unsigned char *p = buf;
 
-    if( ctx == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 )
+    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
+                                            blen ) ) != 0 )
         return( ret );
 
     if( (size_t)( p - buf ) != blen )
@@ -334,12 +572,36 @@
 }
 
 /*
- * Derive and export the shared secret
+ * Parse and import the client's public value
  */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
+                              const unsigned char *buf, size_t blen )
+{
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_read_public_internal( ctx, buf, blen ) );
+#else
+    switch( ctx->var )
+    {
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
+                                                       buf, blen ) );
+        default:
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+#endif
+}
+
+static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
+                                      size_t *olen, unsigned char *buf,
+                                      size_t blen,
+                                      int (*f_rng)(void *,
+                                                   unsigned char *,
+                                                   size_t),
+                                      void *p_rng,
+                                      int restart_enabled )
 {
     int ret;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -350,13 +612,16 @@
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ctx->restart_enabled )
+    if( restart_enabled )
         rs_ctx = &ctx->rs;
+#else
+    (void) restart_enabled;
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_compute_shared_restartable( &ctx->grp,
-                    &ctx->z, &ctx->Qp, &ctx->d, f_rng, p_rng, rs_ctx ) ) != 0 )
+    if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp,
+                                                 &ctx->d, f_rng, p_rng,
+                                                 rs_ctx ) ) != 0 )
     {
         return( ret );
     }
@@ -372,7 +637,44 @@
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
     *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
+
+    if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+        return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen );
+
     return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
 }
 
+/*
+ * Derive and export the shared secret
+ */
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+                              unsigned char *buf, size_t blen,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng )
+{
+    int restart_enabled = 0;
+    ECDH_VALIDATE_RET( ctx != NULL );
+    ECDH_VALIDATE_RET( olen != NULL );
+    ECDH_VALIDATE_RET( buf != NULL );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    restart_enabled = ctx->restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
+                                       restart_enabled ) );
+#else
+    switch( ctx->var )
+    {
+        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+            return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
+                                               blen, f_rng, p_rng,
+                                               restart_enabled ) );
+        default:
+            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+#endif
+}
+
 #endif /* MBEDTLS_ECDH_C */
diff --git a/library/ecdsa.c b/library/ecdsa.c
index a62c14c..dc19384 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -50,6 +50,14 @@
 #define mbedtls_free       free
 #endif
 
+#include "mbedtls/platform_util.h"
+
+/* Parameter validation macros based on platform_util.h */
+#define ECDSA_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECDSA_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 
 /*
@@ -377,6 +385,13 @@
                 const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
+    ECDSA_VALIDATE_RET( grp   != NULL );
+    ECDSA_VALIDATE_RET( r     != NULL );
+    ECDSA_VALIDATE_RET( s     != NULL );
+    ECDSA_VALIDATE_RET( d     != NULL );
+    ECDSA_VALIDATE_RET( f_rng != NULL );
+    ECDSA_VALIDATE_RET( buf   != NULL || blen == 0 );
+
     return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
                                     f_rng, p_rng, NULL ) );
 }
@@ -456,6 +471,12 @@
                     const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
                     mbedtls_md_type_t md_alg )
 {
+    ECDSA_VALIDATE_RET( grp   != NULL );
+    ECDSA_VALIDATE_RET( r     != NULL );
+    ECDSA_VALIDATE_RET( s     != NULL );
+    ECDSA_VALIDATE_RET( d     != NULL );
+    ECDSA_VALIDATE_RET( buf   != NULL || blen == 0 );
+
     return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, NULL ) );
 }
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@@ -574,9 +595,17 @@
  * Verify ECDSA signature of hashed message
  */
 int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                  const unsigned char *buf, size_t blen,
-                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s)
+                          const unsigned char *buf, size_t blen,
+                          const mbedtls_ecp_point *Q,
+                          const mbedtls_mpi *r,
+                          const mbedtls_mpi *s)
 {
+    ECDSA_VALIDATE_RET( grp != NULL );
+    ECDSA_VALIDATE_RET( Q   != NULL );
+    ECDSA_VALIDATE_RET( r   != NULL );
+    ECDSA_VALIDATE_RET( s   != NULL );
+    ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
+
     return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
 }
 #endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
@@ -618,6 +647,10 @@
 {
     int ret;
     mbedtls_mpi r, s;
+    ECDSA_VALIDATE_RET( ctx  != NULL );
+    ECDSA_VALIDATE_RET( hash != NULL );
+    ECDSA_VALIDATE_RET( sig  != NULL );
+    ECDSA_VALIDATE_RET( slen != NULL );
 
     mbedtls_mpi_init( &r );
     mbedtls_mpi_init( &s );
@@ -652,12 +685,17 @@
 /*
  * Compute and write signature
  */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng )
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
+                                 mbedtls_md_type_t md_alg,
+                                 const unsigned char *hash, size_t hlen,
+                                 unsigned char *sig, size_t *slen,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng )
 {
+    ECDSA_VALIDATE_RET( ctx  != NULL );
+    ECDSA_VALIDATE_RET( hash != NULL );
+    ECDSA_VALIDATE_RET( sig  != NULL );
+    ECDSA_VALIDATE_RET( slen != NULL );
     return( mbedtls_ecdsa_write_signature_restartable(
                 ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
 }
@@ -669,6 +707,10 @@
                                unsigned char *sig, size_t *slen,
                                mbedtls_md_type_t md_alg )
 {
+    ECDSA_VALIDATE_RET( ctx  != NULL );
+    ECDSA_VALIDATE_RET( hash != NULL );
+    ECDSA_VALIDATE_RET( sig  != NULL );
+    ECDSA_VALIDATE_RET( slen != NULL );
     return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
                                    NULL, NULL ) );
 }
@@ -681,6 +723,9 @@
                           const unsigned char *hash, size_t hlen,
                           const unsigned char *sig, size_t slen )
 {
+    ECDSA_VALIDATE_RET( ctx  != NULL );
+    ECDSA_VALIDATE_RET( hash != NULL );
+    ECDSA_VALIDATE_RET( sig  != NULL );
     return( mbedtls_ecdsa_read_signature_restartable(
                 ctx, hash, hlen, sig, slen, NULL ) );
 }
@@ -698,6 +743,9 @@
     const unsigned char *end = sig + slen;
     size_t len;
     mbedtls_mpi r, s;
+    ECDSA_VALIDATE_RET( ctx  != NULL );
+    ECDSA_VALIDATE_RET( hash != NULL );
+    ECDSA_VALIDATE_RET( sig  != NULL );
 
     mbedtls_mpi_init( &r );
     mbedtls_mpi_init( &s );
@@ -752,8 +800,16 @@
 int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
-    return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
-            mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+    int ret = 0;
+    ECDSA_VALIDATE_RET( ctx   != NULL );
+    ECDSA_VALIDATE_RET( f_rng != NULL );
+
+    ret = mbedtls_ecp_group_load( &ctx->grp, gid );
+    if( ret != 0 )
+        return( ret );
+
+   return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
+                                    &ctx->Q, f_rng, p_rng ) );
 }
 #endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
 
@@ -763,6 +819,8 @@
 int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
 {
     int ret;
+    ECDSA_VALIDATE_RET( ctx != NULL );
+    ECDSA_VALIDATE_RET( key != NULL );
 
     if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
         ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
@@ -779,6 +837,8 @@
  */
 void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
 {
+    ECDSA_VALIDATE( ctx != NULL );
+
     mbedtls_ecp_keypair_init( ctx );
 }
 
@@ -787,6 +847,9 @@
  */
 void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
 {
+    if( ctx == NULL )
+        return;
+
     mbedtls_ecp_keypair_free( ctx );
 }
 
@@ -796,6 +859,8 @@
  */
 void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
 {
+    ECDSA_VALIDATE( ctx != NULL );
+
     mbedtls_ecp_restart_init( &ctx->ecp );
 
     ctx->ver = NULL;
@@ -810,6 +875,9 @@
  */
 void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
 {
+    if( ctx == NULL )
+        return;
+
     mbedtls_ecp_restart_free( &ctx->ecp );
 
     ecdsa_restart_ver_free( ctx->ver );
diff --git a/library/ecjpake.c b/library/ecjpake.c
index ec5a400..b276514 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -33,11 +33,18 @@
 #if defined(MBEDTLS_ECJPAKE_C)
 
 #include "mbedtls/ecjpake.h"
+#include "mbedtls/platform_util.h"
 
 #include <string.h>
 
 #if !defined(MBEDTLS_ECJPAKE_ALT)
 
+/* Parameter validation macros based on platform_util.h */
+#define ECJPAKE_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECJPAKE_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * Convert a mbedtls_ecjpake_role to identifier string
  */
@@ -54,8 +61,7 @@
  */
 void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
 {
-    if( ctx == NULL )
-        return;
+    ECJPAKE_VALIDATE( ctx != NULL );
 
     ctx->md_info = NULL;
     mbedtls_ecp_group_init( &ctx->grp );
@@ -106,6 +112,11 @@
 {
     int ret;
 
+    ECJPAKE_VALIDATE_RET( ctx != NULL );
+    ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
+                          role == MBEDTLS_ECJPAKE_SERVER );
+    ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
+
     ctx->role = role;
 
     if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
@@ -127,6 +138,8 @@
  */
 int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
 {
+    ECJPAKE_VALIDATE_RET( ctx != NULL );
+
     if( ctx->md_info == NULL ||
         ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
         ctx->s.p == NULL )
@@ -504,6 +517,9 @@
                                     const unsigned char *buf,
                                     size_t len )
 {
+    ECJPAKE_VALIDATE_RET( ctx != NULL );
+    ECJPAKE_VALIDATE_RET( buf != NULL );
+
     return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
                                &ctx->grp.G,
                                &ctx->Xp1, &ctx->Xp2, ID_PEER,
@@ -518,6 +534,11 @@
                             int (*f_rng)(void *, unsigned char *, size_t),
                             void *p_rng )
 {
+    ECJPAKE_VALIDATE_RET( ctx   != NULL );
+    ECJPAKE_VALIDATE_RET( buf   != NULL );
+    ECJPAKE_VALIDATE_RET( olen  != NULL );
+    ECJPAKE_VALIDATE_RET( f_rng != NULL );
+
     return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
                                 &ctx->grp.G,
                                 &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
@@ -560,6 +581,9 @@
     mbedtls_ecp_group grp;
     mbedtls_ecp_point G;    /* C: GB, S: GA */
 
+    ECJPAKE_VALIDATE_RET( ctx != NULL );
+    ECJPAKE_VALIDATE_RET( buf != NULL );
+
     mbedtls_ecp_group_init( &grp );
     mbedtls_ecp_point_init( &G );
 
@@ -652,6 +676,11 @@
     const unsigned char *end = buf + len;
     size_t ec_len;
 
+    ECJPAKE_VALIDATE_RET( ctx   != NULL );
+    ECJPAKE_VALIDATE_RET( buf   != NULL );
+    ECJPAKE_VALIDATE_RET( olen  != NULL );
+    ECJPAKE_VALIDATE_RET( f_rng != NULL );
+
     mbedtls_ecp_point_init( &G );
     mbedtls_ecp_point_init( &Xm );
     mbedtls_mpi_init( &xm );
@@ -727,6 +756,11 @@
     unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
     size_t x_bytes;
 
+    ECJPAKE_VALIDATE_RET( ctx   != NULL );
+    ECJPAKE_VALIDATE_RET( buf   != NULL );
+    ECJPAKE_VALIDATE_RET( olen  != NULL );
+    ECJPAKE_VALIDATE_RET( f_rng != NULL );
+
     *olen = mbedtls_md_get_size( ctx->md_info );
     if( len < *olen )
         return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
@@ -917,7 +951,7 @@
     0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
 };
 
-/* Load my private keys and generate the correponding public keys */
+/* Load my private keys and generate the corresponding public keys */
 static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
                               const unsigned char *xm1, size_t len1,
                               const unsigned char *xm2, size_t len2 )
diff --git a/library/ecp.c b/library/ecp.c
index de5725c..e8df2fd 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -47,6 +47,35 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
+/**
+ * \brief Function level alternative implementation.
+ *
+ * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to
+ * replace certain functions in this module. The alternative implementations are
+ * typically hardware accelerators and need to activate the hardware before the
+ * computation starts and deactivate it after it finishes. The
+ * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve
+ * this purpose.
+ *
+ * To preserve the correct functionality the following conditions must hold:
+ *
+ * - The alternative implementation must be activated by
+ *   mbedtls_internal_ecp_init() before any of the replaceable functions is
+ *   called.
+ * - mbedtls_internal_ecp_free() must \b only be called when the alternative
+ *   implementation is activated.
+ * - mbedtls_internal_ecp_init() must \b not be called when the alternative
+ *   implementation is activated.
+ * - Public functions must not return while the alternative implementation is
+ *   activated.
+ * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and
+ *   before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) )
+ *   \endcode ensures that the alternative implementation supports the current
+ *   group.
+ */
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+#endif
+
 #if defined(MBEDTLS_ECP_C)
 
 #include "mbedtls/ecp.h"
@@ -57,6 +86,12 @@
 
 #if !defined(MBEDTLS_ECP_ALT)
 
+/* Parameter validation macros based on platform_util.h */
+#define ECP_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECP_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
@@ -209,6 +244,7 @@
  */
 void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
 {
+    ECP_VALIDATE( ctx != NULL );
     ctx->ops_done = 0;
     ctx->depth = 0;
     ctx->rsm = NULL;
@@ -239,6 +275,8 @@
                               mbedtls_ecp_restart_ctx *rs_ctx,
                               unsigned ops )
 {
+    ECP_VALIDATE_RET( grp != NULL );
+
     if( rs_ctx != NULL && ecp_max_ops != 0 )
     {
         /* scale depending on curve size: the chosen reference is 256-bit,
@@ -326,16 +364,6 @@
 #endif
 
 /*
- * Curve types: internal for now, might be exposed later
- */
-typedef enum
-{
-    ECP_TYPE_NONE = 0,
-    ECP_TYPE_SHORT_WEIERSTRASS,    /* y^2 = x^3 + a x + b      */
-    ECP_TYPE_MONTGOMERY,           /* y^2 = x^3 + a x^2 + x    */
-} ecp_curve_type;
-
-/*
  * List of supported curves:
  *  - internal ID
  *  - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
@@ -345,7 +373,7 @@
  * Curves are listed in order: largest curves first, and for a given size,
  * fastest curves first. This provides the default order for the SSL module.
  *
- * Reminder: update profiles in x509_crt.c when adding a new curves!
+ * Reminder: update profiles in Mbed TLS's x509_crt.c when adding new curves!
  */
 static const mbedtls_ecp_curve_info ecp_supported_curves[] =
 {
@@ -467,6 +495,9 @@
 {
     const mbedtls_ecp_curve_info *curve_info;
 
+    if( name == NULL )
+        return( NULL );
+
     for( curve_info = mbedtls_ecp_curve_list();
          curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
          curve_info++ )
@@ -481,15 +512,15 @@
 /*
  * Get the type of a curve
  */
-static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp )
+mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp )
 {
     if( grp->G.X.p == NULL )
-        return( ECP_TYPE_NONE );
+        return( MBEDTLS_ECP_TYPE_NONE );
 
     if( grp->G.Y.p == NULL )
-        return( ECP_TYPE_MONTGOMERY );
+        return( MBEDTLS_ECP_TYPE_MONTGOMERY );
     else
-        return( ECP_TYPE_SHORT_WEIERSTRASS );
+        return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
 }
 
 /*
@@ -497,8 +528,7 @@
  */
 void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
 {
-    if( pt == NULL )
-        return;
+    ECP_VALIDATE( pt != NULL );
 
     mbedtls_mpi_init( &pt->X );
     mbedtls_mpi_init( &pt->Y );
@@ -510,8 +540,7 @@
  */
 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
 {
-    if( grp == NULL )
-        return;
+    ECP_VALIDATE( grp != NULL );
 
     grp->id = MBEDTLS_ECP_DP_NONE;
     mbedtls_mpi_init( &grp->P );
@@ -535,8 +564,7 @@
  */
 void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
 {
-    if( key == NULL )
-        return;
+    ECP_VALIDATE( key != NULL );
 
     mbedtls_ecp_group_init( &key->grp );
     mbedtls_mpi_init( &key->d );
@@ -604,6 +632,8 @@
 int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
 {
     int ret;
+    ECP_VALIDATE_RET( P != NULL );
+    ECP_VALIDATE_RET( Q != NULL );
 
     MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
@@ -618,7 +648,10 @@
  */
 int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
 {
-    return mbedtls_ecp_group_load( dst, src->id );
+    ECP_VALIDATE_RET( dst != NULL );
+    ECP_VALIDATE_RET( src != NULL );
+
+    return( mbedtls_ecp_group_load( dst, src->id ) );
 }
 
 /*
@@ -627,6 +660,7 @@
 int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
 {
     int ret;
+    ECP_VALIDATE_RET( pt != NULL );
 
     MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
@@ -641,15 +675,20 @@
  */
 int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
 {
+    ECP_VALIDATE_RET( pt != NULL );
+
     return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
 }
 
 /*
- * Compare two points lazyly
+ * Compare two points lazily
  */
 int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
                            const mbedtls_ecp_point *Q )
 {
+    ECP_VALIDATE_RET( P != NULL );
+    ECP_VALIDATE_RET( Q != NULL );
+
     if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
         mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
         mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
@@ -667,6 +706,9 @@
                            const char *x, const char *y )
 {
     int ret;
+    ECP_VALIDATE_RET( P != NULL );
+    ECP_VALIDATE_RET( x != NULL );
+    ECP_VALIDATE_RET( y != NULL );
 
     MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
@@ -677,92 +719,136 @@
 }
 
 /*
- * Export a point into unsigned binary data (SEC1 2.3.3)
+ * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748)
  */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
-                            int format, size_t *olen,
-                            unsigned char *buf, size_t buflen )
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
+                                    const mbedtls_ecp_point *P,
+                                    int format, size_t *olen,
+                                    unsigned char *buf, size_t buflen )
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
     size_t plen;
-
-    if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
-        format != MBEDTLS_ECP_PF_COMPRESSED )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Common case: P == 0
-     */
-    if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
-    {
-        if( buflen < 1 )
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-        buf[0] = 0x00;
-        *olen = 1;
-
-        return( 0 );
-    }
+    ECP_VALIDATE_RET( grp  != NULL );
+    ECP_VALIDATE_RET( P    != NULL );
+    ECP_VALIDATE_RET( olen != NULL );
+    ECP_VALIDATE_RET( buf  != NULL );
+    ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+                      format == MBEDTLS_ECP_PF_COMPRESSED );
 
     plen = mbedtls_mpi_size( &grp->P );
 
-    if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
+#if defined(ECP_MONTGOMERY)
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
     {
-        *olen = 2 * plen + 1;
-
+        *olen = plen;
         if( buflen < *olen )
             return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
 
-        buf[0] = 0x04;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) );
     }
-    else if( format == MBEDTLS_ECP_PF_COMPRESSED )
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
     {
-        *olen = plen + 1;
+        /*
+         * Common case: P == 0
+         */
+        if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+        {
+            if( buflen < 1 )
+                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
 
-        if( buflen < *olen )
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+            buf[0] = 0x00;
+            *olen = 1;
 
-        buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+            return( 0 );
+        }
+
+        if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
+        {
+            *olen = 2 * plen + 1;
+
+            if( buflen < *olen )
+                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+            buf[0] = 0x04;
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
+        }
+        else if( format == MBEDTLS_ECP_PF_COMPRESSED )
+        {
+            *olen = plen + 1;
+
+            if( buflen < *olen )
+                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+            buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+        }
     }
+#endif
 
 cleanup:
     return( ret );
 }
 
 /*
- * Import a point from unsigned binary data (SEC1 2.3.4)
+ * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748)
  */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                           const unsigned char *buf, size_t ilen )
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
+                                   mbedtls_ecp_point *pt,
+                                   const unsigned char *buf, size_t ilen )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
     size_t plen;
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( pt  != NULL );
+    ECP_VALIDATE_RET( buf != NULL );
 
     if( ilen < 1 )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
-    if( buf[0] == 0x00 )
-    {
-        if( ilen == 1 )
-            return( mbedtls_ecp_set_zero( pt ) );
-        else
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
     plen = mbedtls_mpi_size( &grp->P );
 
-    if( buf[0] != 0x04 )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+#if defined(ECP_MONTGOMERY)
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+    {
+        if( plen != ilen )
+            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
-    if( ilen != 2 * plen + 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) );
+        mbedtls_mpi_free( &pt->Y );
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+        if( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
+            /* Set most significant bit to 0 as prescribed in RFC7748 §5 */
+            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+    }
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+    {
+        if( buf[0] == 0x00 )
+        {
+            if( ilen == 1 )
+                return( mbedtls_ecp_set_zero( pt ) );
+            else
+                return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        }
+
+        if( buf[0] != 0x04 )
+            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+
+        if( ilen != 2 * plen + 1 )
+            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y,
+                                                  buf + 1 + plen, plen ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+    }
+#endif
 
 cleanup:
     return( ret );
@@ -774,11 +860,16 @@
  *          opaque point <1..2^8-1>;
  *      } ECPoint;
  */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                        const unsigned char **buf, size_t buf_len )
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
+                                mbedtls_ecp_point *pt,
+                                const unsigned char **buf, size_t buf_len )
 {
     unsigned char data_len;
     const unsigned char *buf_start;
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( pt  != NULL );
+    ECP_VALIDATE_RET( buf != NULL );
+    ECP_VALIDATE_RET( *buf != NULL );
 
     /*
      * We must have at least two bytes (1 for length, at least one for data)
@@ -796,7 +887,7 @@
     buf_start = *buf;
     *buf += data_len;
 
-    return mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len );
+    return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
 }
 
 /*
@@ -810,6 +901,12 @@
                          unsigned char *buf, size_t blen )
 {
     int ret;
+    ECP_VALIDATE_RET( grp  != NULL );
+    ECP_VALIDATE_RET( pt   != NULL );
+    ECP_VALIDATE_RET( olen != NULL );
+    ECP_VALIDATE_RET( buf  != NULL );
+    ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+                      format == MBEDTLS_ECP_PF_COMPRESSED );
 
     /*
      * buffer length must be at least one, for our length byte
@@ -833,10 +930,33 @@
 /*
  * Set a group from an ECParameters record (RFC 4492)
  */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len )
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
+                                const unsigned char **buf, size_t len )
+{
+    int ret;
+    mbedtls_ecp_group_id grp_id;
+    ECP_VALIDATE_RET( grp  != NULL );
+    ECP_VALIDATE_RET( buf  != NULL );
+    ECP_VALIDATE_RET( *buf != NULL );
+
+    if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
+        return( ret );
+
+    return( mbedtls_ecp_group_load( grp, grp_id ) );
+}
+
+/*
+ * Read a group id from an ECParameters record (RFC 4492) and convert it to
+ * mbedtls_ecp_group_id.
+ */
+int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
+                                   const unsigned char **buf, size_t len )
 {
     uint16_t tls_id;
     const mbedtls_ecp_curve_info *curve_info;
+    ECP_VALIDATE_RET( grp  != NULL );
+    ECP_VALIDATE_RET( buf  != NULL );
+    ECP_VALIDATE_RET( *buf != NULL );
 
     /*
      * We expect at least three bytes (see below)
@@ -860,7 +980,9 @@
     if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
         return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
 
-    return mbedtls_ecp_group_load( grp, curve_info->grp_id );
+    *grp = curve_info->grp_id;
+
+    return( 0 );
 }
 
 /*
@@ -870,6 +992,9 @@
                          unsigned char *buf, size_t blen )
 {
     const mbedtls_ecp_curve_info *curve_info;
+    ECP_VALIDATE_RET( grp  != NULL );
+    ECP_VALIDATE_RET( buf  != NULL );
+    ECP_VALIDATE_RET( olen != NULL );
 
     if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -2228,6 +2353,10 @@
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
     char is_grp_capable = 0;
 #endif
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( R   != NULL );
+    ECP_VALIDATE_RET( m   != NULL );
+    ECP_VALIDATE_RET( P   != NULL );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     /* reset ops count for this call if top-level */
@@ -2255,11 +2384,11 @@
 
     ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 #if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
         MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
 #endif
 #if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
         MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
 #endif
 
@@ -2285,6 +2414,10 @@
              const mbedtls_mpi *m, const mbedtls_ecp_point *P,
              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( R   != NULL );
+    ECP_VALIDATE_RET( m   != NULL );
+    ECP_VALIDATE_RET( P   != NULL );
     return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
 }
 
@@ -2387,17 +2520,18 @@
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
     char is_grp_capable = 0;
 #endif
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( R   != NULL );
+    ECP_VALIDATE_RET( m   != NULL );
+    ECP_VALIDATE_RET( P   != NULL );
+    ECP_VALIDATE_RET( n   != NULL );
+    ECP_VALIDATE_RET( Q   != NULL );
 
-    if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
+    if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
         return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
 
     mbedtls_ecp_point_init( &mP );
 
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-
     ECP_RS_ENTER( ma );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -2425,6 +2559,12 @@
 mul2:
 #endif
     MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR,  n, Q, rs_ctx ) );
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+    if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
+        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     if( rs_ctx != NULL && rs_ctx->ma != NULL )
         rs_ctx->ma->state = ecp_rsma_add;
@@ -2468,6 +2608,12 @@
              const mbedtls_mpi *m, const mbedtls_ecp_point *P,
              const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
 {
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( R   != NULL );
+    ECP_VALIDATE_RET( m   != NULL );
+    ECP_VALIDATE_RET( P   != NULL );
+    ECP_VALIDATE_RET( n   != NULL );
+    ECP_VALIDATE_RET( Q   != NULL );
     return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
 }
 
@@ -2490,18 +2636,22 @@
 /*
  * Check that a point is valid as a public key
  */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
+                              const mbedtls_ecp_point *pt )
 {
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( pt  != NULL );
+
     /* Must use affine coordinates */
     if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
         return( MBEDTLS_ERR_ECP_INVALID_KEY );
 
 #if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
         return( ecp_check_pubkey_mx( grp, pt ) );
 #endif
 #if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
         return( ecp_check_pubkey_sw( grp, pt ) );
 #endif
     return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -2510,10 +2660,14 @@
 /*
  * Check that an mbedtls_mpi is valid as a private key
  */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d )
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
+                               const mbedtls_mpi *d )
 {
+    ECP_VALIDATE_RET( grp != NULL );
+    ECP_VALIDATE_RET( d   != NULL );
+
 #if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
     {
         /* see RFC 7748 sec. 5 para. 5 */
         if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
@@ -2529,7 +2683,7 @@
     }
 #endif /* ECP_MONTGOMERY */
 #if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
     {
         /* see SEC1 3.2 */
         if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
@@ -2552,10 +2706,16 @@
                      void *p_rng )
 {
     int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    size_t n_size = ( grp->nbits + 7 ) / 8;
+    size_t n_size;
+
+    ECP_VALIDATE_RET( grp   != NULL );
+    ECP_VALIDATE_RET( d     != NULL );
+    ECP_VALIDATE_RET( f_rng != NULL );
+
+    n_size = ( grp->nbits + 7 ) / 8;
 
 #if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
     {
         /* [M225] page 5 */
         size_t b;
@@ -2583,7 +2743,7 @@
 #endif /* ECP_MONTGOMERY */
 
 #if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
     {
         /* SEC1 3.2.1: Generate d such that 1 <= n < N */
         int count = 0;
@@ -2631,6 +2791,11 @@
                      void *p_rng )
 {
     int ret;
+    ECP_VALIDATE_RET( grp   != NULL );
+    ECP_VALIDATE_RET( d     != NULL );
+    ECP_VALIDATE_RET( G     != NULL );
+    ECP_VALIDATE_RET( Q     != NULL );
+    ECP_VALIDATE_RET( f_rng != NULL );
 
     MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
     MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
@@ -2647,6 +2812,11 @@
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng )
 {
+    ECP_VALIDATE_RET( grp   != NULL );
+    ECP_VALIDATE_RET( d     != NULL );
+    ECP_VALIDATE_RET( Q     != NULL );
+    ECP_VALIDATE_RET( f_rng != NULL );
+
     return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
 }
 
@@ -2657,6 +2827,8 @@
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
     int ret;
+    ECP_VALIDATE_RET( key   != NULL );
+    ECP_VALIDATE_RET( f_rng != NULL );
 
     if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
         return( ret );
@@ -2664,6 +2836,75 @@
     return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
 }
 
+#define ECP_CURVE25519_KEY_SIZE 32
+/*
+ * Read a private key.
+ */
+int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                          const unsigned char *buf, size_t buflen )
+{
+    int ret = 0;
+
+    ECP_VALIDATE_RET( key  != NULL );
+    ECP_VALIDATE_RET( buf  != NULL );
+
+    if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
+        return( ret );
+
+    ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+
+#if defined(ECP_MONTGOMERY)
+    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+    {
+        /*
+         * If it is Curve25519 curve then mask the key as mandated by RFC7748
+         */
+        if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
+        {
+            if( buflen != ECP_CURVE25519_KEY_SIZE )
+                return MBEDTLS_ERR_ECP_INVALID_KEY;
+
+            MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+
+            /* Set the three least significant bits to 0 */
+            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) );
+
+            /* Set the most significant bit to 0 */
+            MBEDTLS_MPI_CHK(
+                    mbedtls_mpi_set_bit( &key->d,
+                                         ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 )
+                    );
+
+            /* Set the second most significant bit to 1 */
+            MBEDTLS_MPI_CHK(
+                    mbedtls_mpi_set_bit( &key->d,
+                                         ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
+                    );
+        }
+        else
+            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+    }
+
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) );
+
+        MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) );
+    }
+
+#endif
+cleanup:
+
+    if( ret != 0 )
+        mbedtls_mpi_free( &key->d );
+
+    return( ret );
+}
+
 /*
  * Check a public-private key pair
  */
@@ -2672,6 +2913,8 @@
     int ret;
     mbedtls_ecp_point Q;
     mbedtls_ecp_group grp;
+    ECP_VALIDATE_RET( pub != NULL );
+    ECP_VALIDATE_RET( prv != NULL );
 
     if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
         pub->grp.id != prv->grp.id ||
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 68e2441..731621d 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -28,11 +28,18 @@
 #if defined(MBEDTLS_ECP_C)
 
 #include "mbedtls/ecp.h"
+#include "mbedtls/platform_util.h"
 
 #include <string.h>
 
 #if !defined(MBEDTLS_ECP_ALT)
 
+/* Parameter validation macros based on platform_util.h */
+#define ECP_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECP_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
     !defined(inline) && !defined(__cplusplus)
 #define inline __inline
@@ -746,6 +753,7 @@
  */
 int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
 {
+    ECP_VALIDATE_RET( grp != NULL );
     mbedtls_ecp_group_free( grp );
 
     grp->id = id;
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 040aa11..4556f88 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -99,6 +99,7 @@
 #include <sys/syscall.h>
 #if defined(SYS_getrandom)
 #define HAVE_GETRANDOM
+#include <errno.h>
 
 static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
 {
@@ -108,47 +109,8 @@
     memset( buf, 0, buflen );
 #endif
 #endif
-
     return( syscall( SYS_getrandom, buf, buflen, flags ) );
 }
-
-#include <sys/utsname.h>
-/* Check if version is at least 3.17.0 */
-static int check_version_3_17_plus( void )
-{
-    int minor;
-    struct utsname un;
-    const char *ver;
-
-    /* Get version information */
-    uname(&un);
-    ver = un.release;
-
-    /* Check major version; assume a single digit */
-    if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
-        return( -1 );
-
-    if( ver[0] - '0' > 3 )
-        return( 0 );
-
-    /* Ok, so now we know major == 3, check minor.
-     * Assume 1 or 2 digits. */
-    if( ver[2] < '0' || ver[2] > '9' )
-        return( -1 );
-
-    minor = ver[2] - '0';
-
-    if( ver[3] >= '0' && ver[3] <= '9' )
-        minor = 10 * minor + ver[3] - '0';
-    else if( ver [3] != '.' )
-        return( -1 );
-
-    if( minor < 17 )
-        return( -1 );
-
-    return( 0 );
-}
-static int has_getrandom = -1;
 #endif /* SYS_getrandom */
 #endif /* __linux__ */
 
@@ -159,22 +121,21 @@
 {
     FILE *file;
     size_t read_len;
+    int ret;
     ((void) data);
 
 #if defined(HAVE_GETRANDOM)
-    if( has_getrandom == -1 )
-        has_getrandom = ( check_version_3_17_plus() == 0 );
-
-    if( has_getrandom )
+    ret = getrandom_wrapper( output, len, 0 );
+    if( ret >= 0 )
     {
-        int ret;
-
-        if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
-            return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
         *olen = ret;
         return( 0 );
     }
+    else if( errno != ENOSYS )
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    /* Fall through if the system call isn't known. */
+#else
+    ((void) ret);
 #endif /* HAVE_GETRANDOM */
 
     *olen = 0;
diff --git a/library/error.c b/library/error.c
index eabee9e..c596f0b 100644
--- a/library/error.c
+++ b/library/error.c
@@ -567,7 +567,7 @@
         if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
             mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
         if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) )
-            mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" );
+            mbedtls_snprintf( buf, buflen, "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" );
 #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
         // END generated code
 
@@ -618,8 +618,8 @@
 #endif /* MBEDTLS_ARC4_C */
 
 #if defined(MBEDTLS_ARIA_C)
-    if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" );
+    if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" );
     if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) )
         mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" );
     if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) )
@@ -672,17 +672,17 @@
 #endif /* MBEDTLS_BIGNUM_C */
 
 #if defined(MBEDTLS_BLOWFISH_C)
-    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
-    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
+    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" );
     if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
         mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
+    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
+        mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
 #endif /* MBEDTLS_BLOWFISH_C */
 
 #if defined(MBEDTLS_CAMELLIA_C)
-    if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
+    if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" );
     if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
         mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
     if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) )
@@ -855,16 +855,22 @@
 #if defined(MBEDTLS_SHA1_C)
     if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) )
         mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" );
+    if( use_ret == -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 input data was malformed" );
 #endif /* MBEDTLS_SHA1_C */
 
 #if defined(MBEDTLS_SHA256_C)
     if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
         mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );
+    if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 input data was malformed" );
 #endif /* MBEDTLS_SHA256_C */
 
 #if defined(MBEDTLS_SHA512_C)
     if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) )
         mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" );
+    if( use_ret == -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 input data was malformed" );
 #endif /* MBEDTLS_SHA512_C */
 
 #if defined(MBEDTLS_THREADING_C)
diff --git a/library/gcm.c b/library/gcm.c
index c486ef7..5121a7a 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -57,6 +57,12 @@
 
 #if !defined(MBEDTLS_GCM_ALT)
 
+/* Parameter validation macros */
+#define GCM_VALIDATE_RET( cond ) \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
+#define GCM_VALIDATE( cond ) \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * 32-bit integer manipulation macros (big endian)
  */
@@ -85,6 +91,7 @@
  */
 void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
 {
+    GCM_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
 }
 
@@ -164,7 +171,12 @@
     int ret;
     const mbedtls_cipher_info_t *cipher_info;
 
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
+    GCM_VALIDATE_RET( ctx != NULL );
+    GCM_VALIDATE_RET( key != NULL );
+    GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
+
+    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
+                                                   MBEDTLS_MODE_ECB );
     if( cipher_info == NULL )
         return( MBEDTLS_ERR_GCM_BAD_INPUT );
 
@@ -274,6 +286,10 @@
     const unsigned char *p;
     size_t use_len, olen = 0;
 
+    GCM_VALIDATE_RET( ctx != NULL );
+    GCM_VALIDATE_RET( iv != NULL );
+    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
+
     /* IV and AD are limited to 2^64 bits, so 2^61 bytes */
     /* IV is not allowed to be zero length */
     if( iv_len == 0 ||
@@ -320,8 +336,8 @@
         gcm_mult( ctx, ctx->y, ctx->y );
     }
 
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr,
-                             &olen ) ) != 0 )
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16,
+                                       ctx->base_ectr, &olen ) ) != 0 )
     {
         return( ret );
     }
@@ -356,6 +372,10 @@
     unsigned char *out_p = output;
     size_t use_len, olen = 0;
 
+    GCM_VALIDATE_RET( ctx != NULL );
+    GCM_VALIDATE_RET( length == 0 || input != NULL );
+    GCM_VALIDATE_RET( length == 0 || output != NULL );
+
     if( output > input && (size_t) ( output - input ) < length )
         return( MBEDTLS_ERR_GCM_BAD_INPUT );
 
@@ -409,8 +429,14 @@
 {
     unsigned char work_buf[16];
     size_t i;
-    uint64_t orig_len = ctx->len * 8;
-    uint64_t orig_add_len = ctx->add_len * 8;
+    uint64_t orig_len;
+    uint64_t orig_add_len;
+
+    GCM_VALIDATE_RET( ctx != NULL );
+    GCM_VALIDATE_RET( tag != NULL );
+
+    orig_len = ctx->len * 8;
+    orig_add_len = ctx->add_len * 8;
 
     if( tag_len > 16 || tag_len < 4 )
         return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -452,6 +478,13 @@
 {
     int ret;
 
+    GCM_VALIDATE_RET( ctx != NULL );
+    GCM_VALIDATE_RET( iv != NULL );
+    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
+    GCM_VALIDATE_RET( length == 0 || input != NULL );
+    GCM_VALIDATE_RET( length == 0 || output != NULL );
+    GCM_VALIDATE_RET( tag != NULL );
+
     if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
         return( ret );
 
@@ -480,6 +513,13 @@
     size_t i;
     int diff;
 
+    GCM_VALIDATE_RET( ctx != NULL );
+    GCM_VALIDATE_RET( iv != NULL );
+    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
+    GCM_VALIDATE_RET( tag != NULL );
+    GCM_VALIDATE_RET( length == 0 || input != NULL );
+    GCM_VALIDATE_RET( length == 0 || output != NULL );
+
     if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
                                    iv, iv_len, add, add_len,
                                    input, output, tag_len, check_tag ) ) != 0 )
@@ -502,6 +542,8 @@
 
 void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
 {
+    if( ctx == NULL )
+        return;
     mbedtls_cipher_free( &ctx->cipher_ctx );
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
 }
@@ -516,10 +558,10 @@
  */
 #define MAX_TESTS   6
 
-static const int key_index[MAX_TESTS] =
+static const int key_index_test_data[MAX_TESTS] =
     { 0, 0, 1, 1, 1, 1 };
 
-static const unsigned char key[MAX_TESTS][32] =
+static const unsigned char key_test_data[MAX_TESTS][32] =
 {
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -531,13 +573,13 @@
       0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
 };
 
-static const size_t iv_len[MAX_TESTS] =
+static const size_t iv_len_test_data[MAX_TESTS] =
     { 12, 12, 12, 12, 8, 60 };
 
-static const int iv_index[MAX_TESTS] =
+static const int iv_index_test_data[MAX_TESTS] =
     { 0, 0, 1, 1, 1, 2 };
 
-static const unsigned char iv[MAX_TESTS][64] =
+static const unsigned char iv_test_data[MAX_TESTS][64] =
 {
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00 },
@@ -553,13 +595,13 @@
       0xa6, 0x37, 0xb3, 0x9b },
 };
 
-static const size_t add_len[MAX_TESTS] =
+static const size_t add_len_test_data[MAX_TESTS] =
     { 0, 0, 0, 20, 20, 20 };
 
-static const int add_index[MAX_TESTS] =
+static const int add_index_test_data[MAX_TESTS] =
     { 0, 0, 0, 1, 1, 1 };
 
-static const unsigned char additional[MAX_TESTS][64] =
+static const unsigned char additional_test_data[MAX_TESTS][64] =
 {
     { 0x00 },
     { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
@@ -567,13 +609,13 @@
       0xab, 0xad, 0xda, 0xd2 },
 };
 
-static const size_t pt_len[MAX_TESTS] =
+static const size_t pt_len_test_data[MAX_TESTS] =
     { 0, 16, 64, 60, 60, 60 };
 
-static const int pt_index[MAX_TESTS] =
+static const int pt_index_test_data[MAX_TESTS] =
     { 0, 0, 1, 1, 1, 1 };
 
-static const unsigned char pt[MAX_TESTS][64] =
+static const unsigned char pt_test_data[MAX_TESTS][64] =
 {
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
@@ -587,7 +629,7 @@
       0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
 };
 
-static const unsigned char ct[MAX_TESTS * 3][64] =
+static const unsigned char ct_test_data[MAX_TESTS * 3][64] =
 {
     { 0x00 },
     { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
@@ -696,7 +738,7 @@
       0x44, 0xae, 0x7e, 0x3f },
 };
 
-static const unsigned char tag[MAX_TESTS * 3][16] =
+static const unsigned char tag_test_data[MAX_TESTS * 3][16] =
 {
     { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
       0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
@@ -756,7 +798,8 @@
                 mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
                                 key_len, i, "enc" );
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+            ret = mbedtls_gcm_setkey( &ctx, cipher,
+                                      key_test_data[key_index_test_data[i]],
                                       key_len );
             /*
              * AES-192 is an optional feature that may be unavailable when
@@ -774,15 +817,19 @@
             }
 
             ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                        pt_len[i],
-                                        iv[iv_index[i]], iv_len[i],
-                                        additional[add_index[i]], add_len[i],
-                                        pt[pt_index[i]], buf, 16, tag_buf );
+                                pt_len_test_data[i],
+                                iv_test_data[iv_index_test_data[i]],
+                                iv_len_test_data[i],
+                                additional_test_data[add_index_test_data[i]],
+                                add_len_test_data[i],
+                                pt_test_data[pt_index_test_data[i]],
+                                buf, 16, tag_buf );
             if( ret != 0 )
                 goto exit;
 
-            if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
-                 memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            if ( memcmp( buf, ct_test_data[j * 6 + i],
+                         pt_len_test_data[i] ) != 0 ||
+                 memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
             {
                 ret = 1;
                 goto exit;
@@ -799,22 +846,26 @@
                 mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
                                 key_len, i, "dec" );
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+            ret = mbedtls_gcm_setkey( &ctx, cipher,
+                                      key_test_data[key_index_test_data[i]],
                                       key_len );
             if( ret != 0 )
                 goto exit;
 
             ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
-                                        pt_len[i],
-                                        iv[iv_index[i]], iv_len[i],
-                                        additional[add_index[i]], add_len[i],
-                                        ct[j * 6 + i], buf, 16, tag_buf );
+                                pt_len_test_data[i],
+                                iv_test_data[iv_index_test_data[i]],
+                                iv_len_test_data[i],
+                                additional_test_data[add_index_test_data[i]],
+                                add_len_test_data[i],
+                                ct_test_data[j * 6 + i], buf, 16, tag_buf );
 
             if( ret != 0 )
                 goto exit;
 
-            if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
-                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
+                        pt_len_test_data[i] ) != 0 ||
+                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
             {
                 ret = 1;
                 goto exit;
@@ -831,32 +882,40 @@
                 mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
                                 key_len, i, "enc" );
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+            ret = mbedtls_gcm_setkey( &ctx, cipher,
+                                      key_test_data[key_index_test_data[i]],
                                       key_len );
             if( ret != 0 )
                 goto exit;
 
             ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                      iv[iv_index[i]], iv_len[i],
-                                      additional[add_index[i]], add_len[i] );
+                                  iv_test_data[iv_index_test_data[i]],
+                                  iv_len_test_data[i],
+                                  additional_test_data[add_index_test_data[i]],
+                                  add_len_test_data[i] );
             if( ret != 0 )
                 goto exit;
 
-            if( pt_len[i] > 32 )
+            if( pt_len_test_data[i] > 32 )
             {
-                size_t rest_len = pt_len[i] - 32;
-                ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );
+                size_t rest_len = pt_len_test_data[i] - 32;
+                ret = mbedtls_gcm_update( &ctx, 32,
+                                          pt_test_data[pt_index_test_data[i]],
+                                          buf );
                 if( ret != 0 )
                     goto exit;
 
-                ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
-                                  buf + 32 );
+                ret = mbedtls_gcm_update( &ctx, rest_len,
+                                      pt_test_data[pt_index_test_data[i]] + 32,
+                                      buf + 32 );
                 if( ret != 0 )
                     goto exit;
             }
             else
             {
-                ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
+                ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
+                                          pt_test_data[pt_index_test_data[i]],
+                                          buf );
                 if( ret != 0 )
                     goto exit;
             }
@@ -865,8 +924,9 @@
             if( ret != 0 )
                 goto exit;
 
-            if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
-                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            if( memcmp( buf, ct_test_data[j * 6 + i],
+                        pt_len_test_data[i] ) != 0 ||
+                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
             {
                 ret = 1;
                 goto exit;
@@ -883,32 +943,38 @@
                 mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
                                 key_len, i, "dec" );
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+            ret = mbedtls_gcm_setkey( &ctx, cipher,
+                                      key_test_data[key_index_test_data[i]],
                                       key_len );
             if( ret != 0 )
                 goto exit;
 
             ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
-                              iv[iv_index[i]], iv_len[i],
-                              additional[add_index[i]], add_len[i] );
+                              iv_test_data[iv_index_test_data[i]],
+                              iv_len_test_data[i],
+                              additional_test_data[add_index_test_data[i]],
+                              add_len_test_data[i] );
             if( ret != 0 )
                 goto exit;
 
-            if( pt_len[i] > 32 )
+            if( pt_len_test_data[i] > 32 )
             {
-                size_t rest_len = pt_len[i] - 32;
-                ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );
+                size_t rest_len = pt_len_test_data[i] - 32;
+                ret = mbedtls_gcm_update( &ctx, 32, ct_test_data[j * 6 + i],
+                                          buf );
                 if( ret != 0 )
                     goto exit;
 
-                ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
+                ret = mbedtls_gcm_update( &ctx, rest_len,
+                                          ct_test_data[j * 6 + i] + 32,
                                           buf + 32 );
                 if( ret != 0 )
                     goto exit;
             }
             else
             {
-                ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i],
+                ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
+                                          ct_test_data[j * 6 + i],
                                           buf );
                 if( ret != 0 )
                     goto exit;
@@ -918,8 +984,9 @@
             if( ret != 0 )
                 goto exit;
 
-            if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
-                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
+                        pt_len_test_data[i] ) != 0 ||
+                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
             {
                 ret = 1;
                 goto exit;
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index dad55ff..c50330e 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -66,31 +66,60 @@
 /*
  * HMAC_DRBG update, using optional additional data (10.1.2.2)
  */
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
-                       const unsigned char *additional, size_t add_len )
+int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
+                                  const unsigned char *additional,
+                                  size_t add_len )
 {
     size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
     unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
     unsigned char sep[1];
     unsigned char K[MBEDTLS_MD_MAX_SIZE];
+    int ret;
 
     for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
     {
         /* Step 1 or 4 */
-        mbedtls_md_hmac_reset( &ctx->md_ctx );
-        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
-        mbedtls_md_hmac_update( &ctx->md_ctx, sep, 1 );
+        if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
+            goto exit;
+        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+                                            ctx->V, md_len ) ) != 0 )
+            goto exit;
+        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+                                            sep, 1 ) ) != 0 )
+            goto exit;
         if( rounds == 2 )
-            mbedtls_md_hmac_update( &ctx->md_ctx, additional, add_len );
-        mbedtls_md_hmac_finish( &ctx->md_ctx, K );
+        {
+            if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+                                                additional, add_len ) ) != 0 )
+            goto exit;
+        }
+        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 )
+            goto exit;
 
         /* Step 2 or 5 */
-        mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len );
-        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
-        mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
+        if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 )
+            goto exit;
+        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+                                            ctx->V, md_len ) ) != 0 )
+            goto exit;
+        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+            goto exit;
     }
+
+exit:
+    mbedtls_platform_zeroize( K, sizeof( K ) );
+    return( ret );
 }
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+                               const unsigned char *additional,
+                               size_t add_len )
+{
+    (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len );
+}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
 /*
  * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
  */
@@ -108,10 +137,13 @@
      * Use the V memory location, which is currently all 0, to initialize the
      * MD context with an all-zero key. Then set V to its initial value.
      */
-    mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, mbedtls_md_get_size( md_info ) );
+    if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V,
+                                        mbedtls_md_get_size( md_info ) ) ) != 0 )
+        return( ret );
     memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
 
-    mbedtls_hmac_drbg_update( ctx, data, data_len );
+    if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
+        return( ret );
 
     return( 0 );
 }
@@ -124,6 +156,7 @@
 {
     unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
     size_t seedlen;
+    int ret;
 
     /* III. Check input length */
     if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
@@ -135,7 +168,8 @@
     memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
 
     /* IV. Gather entropy_len bytes of entropy for the seed */
-    if( ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) != 0 )
+    if( ( ret = ctx->f_entropy( ctx->p_entropy,
+                                seed, ctx->entropy_len ) ) != 0 )
         return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
 
     seedlen = ctx->entropy_len;
@@ -148,13 +182,16 @@
     }
 
     /* 2. Update state */
-    mbedtls_hmac_drbg_update( ctx, seed, seedlen );
+    if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
+        goto exit;
 
     /* 3. Reset reseed_counter */
     ctx->reseed_counter = 1;
 
+exit:
     /* 4. Done */
-    return( 0 );
+    mbedtls_platform_zeroize( seed, seedlen );
+    return( ret );
 }
 
 /*
@@ -180,7 +217,8 @@
      * Use the V memory location, which is currently all 0, to initialize the
      * MD context with an all-zero key. Then set V to its initial value.
      */
-    mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size );
+    if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 )
+        return( ret );
     memset( ctx->V, 0x01, md_size );
 
     ctx->f_entropy = f_entropy;
@@ -273,16 +311,24 @@
 
     /* 2. Use additional data if any */
     if( additional != NULL && add_len != 0 )
-        mbedtls_hmac_drbg_update( ctx, additional, add_len );
+    {
+        if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+                                                  additional, add_len ) ) != 0 )
+            goto exit;
+    }
 
     /* 3, 4, 5. Generate bytes */
     while( left != 0 )
     {
         size_t use_len = left > md_len ? md_len : left;
 
-        mbedtls_md_hmac_reset( &ctx->md_ctx );
-        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
-        mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
+        if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
+            goto exit;
+        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+                                            ctx->V, md_len ) ) != 0 )
+            goto exit;
+        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+            goto exit;
 
         memcpy( out, ctx->V, use_len );
         out += use_len;
@@ -290,13 +336,16 @@
     }
 
     /* 6. Update */
-    mbedtls_hmac_drbg_update( ctx, additional, add_len );
+    if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+                                              additional, add_len ) ) != 0 )
+        goto exit;
 
     /* 7. Update reseed counter */
     ctx->reseed_counter++;
 
+exit:
     /* 8. Done */
-    return( 0 );
+    return( ret );
 }
 
 /*
@@ -368,35 +417,36 @@
 int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
 {
     int ret = 0;
-    FILE *f;
+    FILE *f = NULL;
     size_t n;
     unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+    unsigned char c;
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
         return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
 
-    fseek( f, 0, SEEK_END );
-    n = (size_t) ftell( f );
-    fseek( f, 0, SEEK_SET );
-
-    if( n > MBEDTLS_HMAC_DRBG_MAX_INPUT )
+    n = fread( buf, 1, sizeof( buf ), f );
+    if( fread( &c, 1, 1, f ) != 0 )
     {
-        fclose( f );
-        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+        ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
+        goto exit;
     }
-
-    if( fread( buf, 1, n, f ) != n )
+    if( n == 0 || ferror( f ) )
+    {
         ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
-    else
-        mbedtls_hmac_drbg_update( ctx, buf, n );
-
+        goto exit;
+    }
     fclose( f );
+    f = NULL;
 
+    ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n );
+
+exit:
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
+    if( f != NULL )
+        fclose( f );
     if( ret != 0 )
         return( ret );
-
     return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
 }
 #endif /* MBEDTLS_FS_IO */
diff --git a/library/md.c b/library/md.c
index 303cdcb..ac8fac5 100644
--- a/library/md.c
+++ b/library/md.c
@@ -50,7 +50,7 @@
 #endif
 
 /*
- * Reminder: update profiles in x509_crt.c when adding a new hash!
+ * Reminder: update profiles in Mbed TLS's x509_crt.c when adding a new hash!
  */
 static const int supported_digests[] = {
 
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 176af9f..317a242 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -311,7 +311,7 @@
     }
     mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
     mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
-    mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
+
     return( ret );
 }
 
@@ -528,7 +528,7 @@
     mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
     mbedtls_platform_zeroize( &diff, sizeof( diff ) );
     mbedtls_platform_zeroize( A, sizeof( A ) );
-    mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
+
     return( ret );
 }
 
diff --git a/library/oid.c b/library/oid.c
index edea950..4e10f8a 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -41,10 +41,6 @@
 #define mbedtls_snprintf snprintf
 #endif
 
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
-#endif
-
 /*
  * Macro to automatically add the size of #define'd OIDs
  */
@@ -152,7 +148,6 @@
     return( MBEDTLS_ERR_OID_NOT_FOUND );                                   \
 }
 
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
 /*
  * For X520 attribute types
  */
@@ -260,23 +255,23 @@
 {
     {
         { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ),    "id-ce-basicConstraints",   "Basic Constraints" },
-        MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
+        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
     },
     {
         { ADD_LEN( MBEDTLS_OID_KEY_USAGE ),            "id-ce-keyUsage",           "Key Usage" },
-        MBEDTLS_X509_EXT_KEY_USAGE,
+        MBEDTLS_OID_X509_EXT_KEY_USAGE,
     },
     {
         { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ),   "id-ce-extKeyUsage",        "Extended Key Usage" },
-        MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
+        MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
     },
     {
         { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ),     "id-ce-subjectAltName",     "Subject Alt Name" },
-        MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
+        MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
     },
     {
         { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ),         "id-netscape-certtype",     "Netscape Certificate Type" },
-        MBEDTLS_X509_EXT_NS_CERT_TYPE,
+        MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
     },
     {
         { NULL, 0, NULL, NULL },
@@ -300,7 +295,15 @@
 
 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
-#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
+
+static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
+{
+    { ADD_LEN( MBEDTLS_OID_ANY_POLICY ),      "anyPolicy",       "Any Policy" },
+    { NULL, 0, NULL, NULL },
+};
+
+FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
+FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
 
 #if defined(MBEDTLS_MD_C)
 /*
diff --git a/library/pem.c b/library/pem.c
index 6069a23..897c8a0 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -423,9 +423,11 @@
 
 void mbedtls_pem_free( mbedtls_pem_context *ctx )
 {
-    if( ctx->buf != NULL )
+    if ( ctx->buf != NULL )
+    {
         mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
-    mbedtls_free( ctx->buf );
+        mbedtls_free( ctx->buf );
+    }
     mbedtls_free( ctx->info );
 
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
diff --git a/library/pk.c b/library/pk.c
index 989ed09..bcf7e0a 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -48,13 +48,18 @@
 #include <limits.h>
 #include <stdint.h>
 
+/* Parameter validation macros based on platform_util.h */
+#define PK_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
+#define PK_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 /*
  * Initialise a mbedtls_pk_context
  */
 void mbedtls_pk_init( mbedtls_pk_context *ctx )
 {
-    if( ctx == NULL )
-        return;
+    PK_VALIDATE( ctx != NULL );
 
     ctx->pk_info = NULL;
     ctx->pk_ctx = NULL;
@@ -65,10 +70,11 @@
  */
 void mbedtls_pk_free( mbedtls_pk_context *ctx )
 {
-    if( ctx == NULL || ctx->pk_info == NULL )
+    if( ctx == NULL )
         return;
 
-    ctx->pk_info->ctx_free_func( ctx->pk_ctx );
+    if ( ctx->pk_info != NULL )
+        ctx->pk_info->ctx_free_func( ctx->pk_ctx );
 
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
 }
@@ -79,6 +85,7 @@
  */
 void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
 {
+    PK_VALIDATE( ctx != NULL );
     ctx->pk_info = NULL;
     ctx->rs_ctx = NULL;
 }
@@ -132,7 +139,8 @@
  */
 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
 {
-    if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
+    PK_VALIDATE_RET( ctx != NULL );
+    if( info == NULL || ctx->pk_info != NULL )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@@ -147,10 +155,10 @@
 /*
  * Initialise a PSA-wrapping context
  */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_slot_t key )
+int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key )
 {
     const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
-    psa_key_slot_t *pk_ctx;
+    psa_key_handle_t *pk_ctx;
     psa_key_type_t type;
 
     if( ctx == NULL || ctx->pk_info != NULL )
@@ -160,7 +168,7 @@
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     /* Current implementation of can_do() relies on this. */
-    if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
+    if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
 
     if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@@ -168,7 +176,7 @@
 
     ctx->pk_info = info;
 
-    pk_ctx = (psa_key_slot_t *) ctx->pk_ctx;
+    pk_ctx = (psa_key_handle_t *) ctx->pk_ctx;
     *pk_ctx = key;
 
     return( 0 );
@@ -187,7 +195,8 @@
     mbedtls_rsa_alt_context *rsa_alt;
     const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
 
-    if( ctx == NULL || ctx->pk_info != NULL )
+    PK_VALIDATE_RET( ctx != NULL );
+    if( ctx->pk_info != NULL )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@@ -211,7 +220,9 @@
  */
 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
 {
-    /* null or NONE context can't do anything */
+    /* A context with null pk_info is not set up yet and can't do anything.
+     * For backward compatibility, also accept NULL instead of a context
+     * pointer. */
     if( ctx == NULL || ctx->pk_info == NULL )
         return( 0 );
 
@@ -268,7 +279,12 @@
                const unsigned char *sig, size_t sig_len,
                mbedtls_pk_restart_ctx *rs_ctx )
 {
-    if( ctx == NULL || ctx->pk_info == NULL ||
+    PK_VALIDATE_RET( ctx != NULL );
+    PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+                     hash != NULL );
+    PK_VALIDATE_RET( sig != NULL );
+
+    if( ctx->pk_info == NULL ||
         pk_hashlen_helper( md_alg, &hash_len ) != 0 )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
@@ -321,7 +337,12 @@
                    const unsigned char *hash, size_t hash_len,
                    const unsigned char *sig, size_t sig_len )
 {
-    if( ctx == NULL || ctx->pk_info == NULL )
+    PK_VALIDATE_RET( ctx != NULL );
+    PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+                     hash != NULL );
+    PK_VALIDATE_RET( sig != NULL );
+
+    if( ctx->pk_info == NULL )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     if( ! mbedtls_pk_can_do( ctx, type ) )
@@ -381,7 +402,12 @@
              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
              mbedtls_pk_restart_ctx *rs_ctx )
 {
-    if( ctx == NULL || ctx->pk_info == NULL ||
+    PK_VALIDATE_RET( ctx != NULL );
+    PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+                     hash != NULL );
+    PK_VALIDATE_RET( sig != NULL );
+
+    if( ctx->pk_info == NULL ||
         pk_hashlen_helper( md_alg, &hash_len ) != 0 )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
@@ -435,7 +461,12 @@
                 unsigned char *output, size_t *olen, size_t osize,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
-    if( ctx == NULL || ctx->pk_info == NULL )
+    PK_VALIDATE_RET( ctx != NULL );
+    PK_VALIDATE_RET( input != NULL || ilen == 0 );
+    PK_VALIDATE_RET( output != NULL || osize == 0 );
+    PK_VALIDATE_RET( olen != NULL );
+
+    if( ctx->pk_info == NULL )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     if( ctx->pk_info->decrypt_func == NULL )
@@ -453,7 +484,12 @@
                 unsigned char *output, size_t *olen, size_t osize,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
-    if( ctx == NULL || ctx->pk_info == NULL )
+    PK_VALIDATE_RET( ctx != NULL );
+    PK_VALIDATE_RET( input != NULL || ilen == 0 );
+    PK_VALIDATE_RET( output != NULL || osize == 0 );
+    PK_VALIDATE_RET( olen != NULL );
+
+    if( ctx->pk_info == NULL )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     if( ctx->pk_info->encrypt_func == NULL )
@@ -468,8 +504,11 @@
  */
 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
 {
-    if( pub == NULL || pub->pk_info == NULL ||
-        prv == NULL || prv->pk_info == NULL )
+    PK_VALIDATE_RET( pub != NULL );
+    PK_VALIDATE_RET( prv != NULL );
+
+    if( pub->pk_info == NULL ||
+        prv->pk_info == NULL )
     {
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
     }
@@ -496,6 +535,8 @@
  */
 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
 {
+    /* For backward compatibility, accept NULL or a context that
+     * isn't set up yet, and return a fake value that should be safe. */
     if( ctx == NULL || ctx->pk_info == NULL )
         return( 0 );
 
@@ -507,7 +548,8 @@
  */
 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
 {
-    if( ctx == NULL || ctx->pk_info == NULL )
+    PK_VALIDATE_RET( ctx != NULL );
+    if( ctx->pk_info == NULL )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     if( ctx->pk_info->debug_func == NULL )
@@ -547,13 +589,13 @@
  * Currently only works for EC private keys.
  */
 int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
-                               psa_key_slot_t *slot,
+                               psa_key_handle_t *slot,
                                psa_algorithm_t hash_alg )
 {
 #if !defined(MBEDTLS_ECP_C)
     return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
 #else
-    psa_key_slot_t key;
+    psa_key_handle_t key;
     const mbedtls_ecp_keypair *ec;
     unsigned char d[MBEDTLS_ECP_MAX_BYTES];
     size_t d_len;
@@ -572,21 +614,22 @@
         return( ret );
 
     curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id;
+    key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(
+                                 mbedtls_psa_parse_tls_ecc_group ( curve_id ) );
 
-    /* find a free key slot */
-    if( PSA_SUCCESS != mbedtls_psa_get_free_key_slot( &key ) )
+    /* allocate a key slot */
+    if( PSA_SUCCESS != psa_allocate_key( &key ) )
         return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
 
     /* set policy */
-    psa_key_policy_init( &policy );
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
                                        PSA_ALG_ECDSA(hash_alg) );
     if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
         return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
 
     /* import private key in slot */
-    key_type = PSA_KEY_TYPE_ECC_KEYPAIR(curve_id);
-    if( PSA_SUCCESS != psa_import_key( key, key_type, d, d_len ) )
+    if( PSA_SUCCESS != psa_import_key_to_handle( key, key_type, d, d_len ) )
         return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
 
     /* remember slot number to be destroyed later by caller */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 6aacba8..0c74825 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -546,14 +546,14 @@
                        const unsigned char *sig, size_t sig_len )
 {
     int ret;
-    psa_key_slot_t key_slot;
+    psa_key_handle_t key_slot;
     psa_key_policy_t policy;
     psa_key_type_t psa_type;
     mbedtls_pk_context key;
     int key_len;
     /* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
     unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES];
-    unsigned char *p = (unsigned char*) sig;
+    unsigned char *p;
     mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
     psa_algorithm_t psa_sig_md, psa_md;
     psa_ecc_curve_t curve = mbedtls_psa_translate_ecc_group(
@@ -563,24 +563,25 @@
     if( curve == 0 )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
-    /* mbedlts_pk_write_pubkey_der() expects a full PK context,
+    /* mbedtls_pk_write_pubkey() expects a full PK context;
      * re-construct one to make it happy */
     key.pk_info = &pk_info;
     key.pk_ctx = ctx;
-    key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) );
+    p = buf + sizeof( buf );
+    key_len = mbedtls_pk_write_pubkey( &p, buf, &key );
     if( key_len <= 0 )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
-    if( ( ret = mbedtls_psa_get_free_key_slot( &key_slot ) ) != PSA_SUCCESS )
-        return( mbedtls_psa_err_translate_pk( ret ) );
-
     psa_md = mbedtls_psa_translate_md( md_alg );
     if( psa_md == 0 )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
     psa_sig_md = PSA_ALG_ECDSA( psa_md );
     psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
 
-    psa_key_policy_init( &policy );
+    if( ( ret = psa_allocate_key( &key_slot ) ) != PSA_SUCCESS )
+          return( mbedtls_psa_err_translate_pk( ret ) );
+
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, psa_sig_md );
     if( ( ret = psa_set_key_policy( key_slot, &policy ) ) != PSA_SUCCESS )
     {
@@ -588,7 +589,7 @@
         goto cleanup;
     }
 
-    if( psa_import_key( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
+    if( psa_import_key_to_handle( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
          != PSA_SUCCESS )
     {
         ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -603,6 +604,7 @@
         goto cleanup;
     }
 
+    p = (unsigned char*) sig;
     if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
                                    signature_part_size ) ) != 0 )
     {
@@ -879,7 +881,7 @@
 
 static void *pk_opaque_alloc_wrap( void )
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( psa_key_slot_t ) );
+    void *ctx = mbedtls_calloc( 1, sizeof( psa_key_handle_t ) );
 
     /* no _init() function to call, an calloc() already zeroized */
 
@@ -888,13 +890,13 @@
 
 static void pk_opaque_free_wrap( void *ctx )
 {
-    mbedtls_platform_zeroize( ctx, sizeof( psa_key_slot_t ) );
+    mbedtls_platform_zeroize( ctx, sizeof( psa_key_handle_t ) );
     mbedtls_free( ctx );
 }
 
 static size_t pk_opaque_get_bitlen( const void *ctx )
 {
-    const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
+    const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
     size_t bits;
 
     if( PSA_SUCCESS != psa_get_key_information( *key, NULL, &bits ) )
@@ -999,7 +1001,7 @@
                    unsigned char *sig, size_t *sig_len,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
-    const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
+    const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
     psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
     size_t bits, buf_len;
     psa_status_t status;
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 16a15cb..7edf064 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -48,6 +48,8 @@
 #include "mbedtls/des.h"
 #endif
 
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
                                     mbedtls_asn1_buf *salt, int *iterations )
 {
@@ -226,6 +228,8 @@
     return( ret );
 }
 
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
                                 const unsigned char *filler, size_t fill_len )
 {
diff --git a/library/pkcs5.c b/library/pkcs5.c
index f04f0ab..e7d805c 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -54,22 +54,7 @@
 #define mbedtls_printf printf
 #endif
 
-#if !defined(MBEDTLS_ASN1_PARSE_C)
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output )
-{
-    ((void) pbe_params);
-    ((void) mode);
-    ((void) pwd);
-    ((void) pwdlen);
-    ((void) data);
-    ((void) datalen);
-    ((void) output);
-    return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-}
-#else
+#if defined(MBEDTLS_ASN1_PARSE_C)
 static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
                                       mbedtls_asn1_buf *salt, int *iterations,
                                       int *keylen, mbedtls_md_type_t *md_type )
@@ -91,7 +76,8 @@
      *  }
      *
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len,
+                                      MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
         return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
 
     salt->p = p;
@@ -156,7 +142,8 @@
         return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
+    if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid,
+                                      &kdf_alg_params ) ) != 0 )
         return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
 
     // Only PBKDF2 supported at the moment
@@ -217,7 +204,8 @@
     if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
         goto exit;
 
-    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
+    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen,
+                                       (mbedtls_operation_t) mode ) ) != 0 )
         goto exit;
 
     if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
@@ -232,7 +220,8 @@
 }
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
+                       const unsigned char *password,
                        size_t plen, const unsigned char *salt, size_t slen,
                        unsigned int iteration_count,
                        uint32_t key_length, unsigned char *output )
@@ -319,10 +308,10 @@
 
 #define MAX_TESTS   6
 
-static const size_t plen[MAX_TESTS] =
+static const size_t plen_test_data[MAX_TESTS] =
     { 8, 8, 8, 24, 9 };
 
-static const unsigned char password[MAX_TESTS][32] =
+static const unsigned char password_test_data[MAX_TESTS][32] =
 {
     "password",
     "password",
@@ -331,10 +320,10 @@
     "pass\0word",
 };
 
-static const size_t slen[MAX_TESTS] =
+static const size_t slen_test_data[MAX_TESTS] =
     { 4, 4, 4, 36, 5 };
 
-static const unsigned char salt[MAX_TESTS][40] =
+static const unsigned char salt_test_data[MAX_TESTS][40] =
 {
     "salt",
     "salt",
@@ -343,13 +332,13 @@
     "sa\0lt",
 };
 
-static const uint32_t it_cnt[MAX_TESTS] =
+static const uint32_t it_cnt_test_data[MAX_TESTS] =
     { 1, 2, 4096, 4096, 4096 };
 
-static const uint32_t key_len[MAX_TESTS] =
+static const uint32_t key_len_test_data[MAX_TESTS] =
     { 20, 20, 20, 25, 16 };
 
-static const unsigned char result_key[MAX_TESTS][32] =
+static const unsigned char result_key_test_data[MAX_TESTS][32] =
 {
     { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
       0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
@@ -395,10 +384,12 @@
         if( verbose != 0 )
             mbedtls_printf( "  PBKDF2 (SHA1) #%d: ", i );
 
-        ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
-                                  slen[i], it_cnt[i], key_len[i], key );
+        ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password_test_data[i],
+                                         plen_test_data[i], salt_test_data[i],
+                                         slen_test_data[i], it_cnt_test_data[i],
+                                         key_len_test_data[i], key );
         if( ret != 0 ||
-            memcmp( result_key[i], key, key_len[i] ) != 0 )
+            memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed\n" );
diff --git a/library/pkparse.c b/library/pkparse.c
index 86d9fb0..ae210bc 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -61,6 +61,12 @@
 #define mbedtls_free       free
 #endif
 
+/* Parameter validation macros based on platform_util.h */
+#define PK_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
+#define PK_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if defined(MBEDTLS_FS_IO)
 /*
  * Load all data from a file into a given buffer.
@@ -74,6 +80,10 @@
     FILE *f;
     long size;
 
+    PK_VALIDATE_RET( path != NULL );
+    PK_VALIDATE_RET( buf != NULL );
+    PK_VALIDATE_RET( n != NULL );
+
     if( ( f = fopen( path, "rb" ) ) == NULL )
         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
 
@@ -124,6 +134,9 @@
     size_t n;
     unsigned char *buf;
 
+    PK_VALIDATE_RET( ctx != NULL );
+    PK_VALIDATE_RET( path != NULL );
+
     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
         return( ret );
 
@@ -148,6 +161,9 @@
     size_t n;
     unsigned char *buf;
 
+    PK_VALIDATE_RET( ctx != NULL );
+    PK_VALIDATE_RET( path != NULL );
+
     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
         return( ret );
 
@@ -605,6 +621,11 @@
     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
     const mbedtls_pk_info_t *pk_info;
 
+    PK_VALIDATE_RET( p != NULL );
+    PK_VALIDATE_RET( *p != NULL );
+    PK_VALIDATE_RET( end != NULL );
+    PK_VALIDATE_RET( pk != NULL );
+
     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
     {
@@ -1145,16 +1166,22 @@
 {
     int ret;
     const mbedtls_pk_info_t *pk_info;
-
 #if defined(MBEDTLS_PEM_PARSE_C)
     size_t len;
     mbedtls_pem_context pem;
+#endif
 
-    mbedtls_pem_init( &pem );
+    PK_VALIDATE_RET( pk != NULL );
+    if( keylen == 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    PK_VALIDATE_RET( key != NULL );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+   mbedtls_pem_init( &pem );
 
 #if defined(MBEDTLS_RSA_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
+    if( key[keylen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
     else
         ret = mbedtls_pem_read_buffer( &pem,
@@ -1185,7 +1212,7 @@
 
 #if defined(MBEDTLS_ECP_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
+    if( key[keylen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
     else
         ret = mbedtls_pem_read_buffer( &pem,
@@ -1215,7 +1242,7 @@
 #endif /* MBEDTLS_ECP_C */
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
+    if( key[keylen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
     else
         ret = mbedtls_pem_read_buffer( &pem,
@@ -1238,7 +1265,7 @@
 
 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
+    if( key[keylen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
     else
         ret = mbedtls_pem_read_buffer( &pem,
@@ -1276,9 +1303,6 @@
     {
         unsigned char *key_copy;
 
-        if( keylen == 0 )
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
         if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
             return( MBEDTLS_ERR_PK_ALLOC_FAILED );
 
@@ -1360,11 +1384,18 @@
 #if defined(MBEDTLS_PEM_PARSE_C)
     size_t len;
     mbedtls_pem_context pem;
+#endif
 
+    PK_VALIDATE_RET( ctx != NULL );
+    if( keylen == 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    PK_VALIDATE_RET( key != NULL || keylen == 0 );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pem_init( &pem );
 #if defined(MBEDTLS_RSA_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
+    if( key[keylen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
     else
         ret = mbedtls_pem_read_buffer( &pem,
@@ -1395,7 +1426,7 @@
 #endif /* MBEDTLS_RSA_C */
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
+    if( key[keylen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
     else
         ret = mbedtls_pem_read_buffer( &pem,
diff --git a/library/pkwrite.c b/library/pkwrite.c
index d34714b..b87f81b 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -30,6 +30,7 @@
 #include "mbedtls/pk.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/oid.h"
+#include "mbedtls/platform_util.h"
 
 #include <string.h>
 
@@ -48,6 +49,7 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
 #endif
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
@@ -57,6 +59,12 @@
 #define mbedtls_free       free
 #endif
 
+/* Parameter validation macros based on platform_util.h */
+#define PK_VALIDATE_RET( cond )    \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
+#define PK_VALIDATE( cond )        \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if defined(MBEDTLS_RSA_C)
 /*
  *  RSAPublicKey ::= SEQUENCE {
@@ -154,6 +162,11 @@
     int ret;
     size_t len = 0;
 
+    PK_VALIDATE_RET( p != NULL );
+    PK_VALIDATE_RET( *p != NULL );
+    PK_VALIDATE_RET( start != NULL );
+    PK_VALIDATE_RET( key != NULL );
+
 #if defined(MBEDTLS_RSA_C)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
         MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
@@ -168,7 +181,7 @@
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
     {
         size_t buffer_size;
-        psa_key_slot_t* key_slot = (psa_key_slot_t*) key->pk_ctx;
+        psa_key_handle_t* key_slot = (psa_key_handle_t*) key->pk_ctx;
 
         if ( *p < start )
             return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -181,7 +194,8 @@
         }
         else
         {
-            memmove( *p - len, start, len );
+            *p -= len;
+            memmove( *p, start, len );
         }
     }
     else
@@ -196,16 +210,18 @@
     int ret;
     unsigned char *c;
     size_t len = 0, par_len = 0, oid_len;
+    mbedtls_pk_type_t pk_type;
     const char *oid;
 
+    PK_VALIDATE_RET( key != NULL );
+    if( size == 0 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    PK_VALIDATE_RET( buf != NULL );
+
     c = buf + size;
 
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
 
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
-    {
-        return( (int) len );
-    }
     if( c - buf < 1 )
         return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
@@ -220,18 +236,51 @@
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
 
-    if( ( ret = mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_get_type( key ),
-                                       &oid, &oid_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
+    pk_type = mbedtls_pk_get_type( key );
 #if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
+    if( pk_type == MBEDTLS_PK_ECKEY )
     {
         MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
     }
 #endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( pk_type == MBEDTLS_PK_OPAQUE )
+    {
+        psa_status_t status;
+        psa_key_type_t key_type;
+        psa_key_handle_t handle;
+        psa_ecc_curve_t curve;
+
+        handle = *((psa_key_handle_t*) key->pk_ctx );
+
+        status = psa_get_key_information( handle, &key_type,
+                                          NULL /* bitsize not needed */ );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
+        curve = PSA_KEY_TYPE_GET_CURVE( key_type );
+        if( curve == 0 )
+            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+        ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len );
+        if( ret != 0 )
+            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+        /* Write EC algorithm parameters; that's akin
+         * to pk_write_ec_param() above. */
+        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
+                                                               oid, oid_len ) );
+
+        /* The rest of the function works as for legacy EC contexts. */
+        pk_type = MBEDTLS_PK_ECKEY;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,
+                                               &oid_len ) ) != 0 )
+    {
+        return( ret );
+    }
 
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
                                                         par_len ) );
@@ -246,9 +295,16 @@
 int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
 {
     int ret;
-    unsigned char *c = buf + size;
+    unsigned char *c;
     size_t len = 0;
 
+    PK_VALIDATE_RET( key != NULL );
+    if( size == 0 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    PK_VALIDATE_RET( buf != NULL );
+
+    c = buf + size;
+
 #if defined(MBEDTLS_RSA_C)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
     {
@@ -486,6 +542,9 @@
     unsigned char output_buf[PUB_DER_MAX_BYTES];
     size_t olen = 0;
 
+    PK_VALIDATE_RET( key != NULL );
+    PK_VALIDATE_RET( buf != NULL || size == 0 );
+
     if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
                                      sizeof(output_buf) ) ) < 0 )
     {
@@ -509,6 +568,9 @@
     const char *begin, *end;
     size_t olen = 0;
 
+    PK_VALIDATE_RET( key != NULL );
+    PK_VALIDATE_RET( buf != NULL || size == 0 );
+
     if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
         return( ret );
 
diff --git a/library/platform.c b/library/platform.c
index 73a6db9..5756159 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -82,28 +82,15 @@
           !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&
              defined(MBEDTLS_PLATFORM_FREE_MACRO) ) */
 
-#if defined(_WIN32)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 #include <stdarg.h>
 int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
 {
     int ret;
     va_list argp;
 
-    /* Avoid calling the invalid parameter handler by checking ourselves */
-    if( s == NULL || n == 0 || fmt == NULL )
-        return( -1 );
-
     va_start( argp, fmt );
-#if defined(_TRUNCATE) && !defined(__MINGW32__)
-    ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
-#else
-    ret = _vsnprintf( s, n, fmt, argp );
-    if( ret < 0 || (size_t) ret == n )
-    {
-        s[n-1] = '\0';
-        ret = -1;
-    }
-#endif
+    ret = mbedtls_vsnprintf( s, n, fmt, argp );
     va_end( argp );
 
     return( ret );
@@ -140,6 +127,62 @@
 }
 #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
 
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+#include <stdarg.h>
+int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
+{
+    int ret;
+
+    /* Avoid calling the invalid parameter handler by checking ourselves */
+    if( s == NULL || n == 0 || fmt == NULL )
+        return( -1 );
+
+#if defined(_TRUNCATE)
+    ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg );
+#else
+    ret = vsnprintf( s, n, fmt, arg );
+    if( ret < 0 || (size_t) ret == n )
+    {
+        s[n-1] = '\0';
+        ret = -1;
+    }
+#endif
+
+    return( ret );
+}
+#endif
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_vsnprintf_uninit( char * s, size_t n,
+                                     const char * format, va_list arg )
+{
+    ((void) s);
+    ((void) n);
+    ((void) format);
+    ((void) arg);
+    return( -1 );
+}
+
+#define MBEDTLS_PLATFORM_STD_VSNPRINTF    platform_vsnprintf_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */
+
+int (*mbedtls_vsnprintf)( char * s, size_t n,
+                          const char * format,
+                          va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
+
+int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
+                                                 const char * format,
+                                                 va_list arg ) )
+{
+    mbedtls_vsnprintf = vsnprintf_func;
+    return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
 #if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
 #if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
 /*
diff --git a/library/platform_util.c b/library/platform_util.c
index ca5fe4f..756e226 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -35,6 +35,7 @@
 #endif
 
 #include "mbedtls/platform_util.h"
+#include "mbedtls/platform.h"
 #include "mbedtls/threading.h"
 
 #include <stddef.h>
diff --git a/library/poly1305.c b/library/poly1305.c
index e22d3af..b274119 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -49,6 +49,12 @@
 #define inline __inline
 #endif
 
+/* Parameter validation macros */
+#define POLY1305_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
+#define POLY1305_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
 
 #define BYTES_TO_U32_LE( data, offset )                           \
@@ -276,27 +282,24 @@
 
 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
 {
-    if( ctx != NULL )
-    {
-        mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
-    }
+    POLY1305_VALIDATE( ctx != NULL );
+
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
 }
 
 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
 {
-    if( ctx != NULL )
-    {
-        mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
-    }
+    if( ctx == NULL )
+        return;
+
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
 }
 
 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] )
 {
-    if( ctx == NULL || key == NULL )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
+    POLY1305_VALIDATE_RET( ctx != NULL );
+    POLY1305_VALIDATE_RET( key != NULL );
 
     /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
     ctx->r[0] = BYTES_TO_U32_LE( key, 0 )  & 0x0FFFFFFFU;
@@ -331,16 +334,8 @@
     size_t remaining = ilen;
     size_t queue_free_len;
     size_t nblocks;
-
-    if( ctx == NULL )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
-    else if( ( ilen > 0U ) && ( input == NULL ) )
-    {
-        /* input pointer is allowed to be NULL only if ilen == 0 */
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
+    POLY1305_VALIDATE_RET( ctx != NULL );
+    POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
 
     if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
     {
@@ -398,10 +393,8 @@
 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
                              unsigned char mac[16] )
 {
-    if( ( ctx == NULL ) || ( mac == NULL ) )
-    {
-        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    }
+    POLY1305_VALIDATE_RET( ctx != NULL );
+    POLY1305_VALIDATE_RET( mac != NULL );
 
     /* Process any leftover data */
     if( ctx->queue_len > 0U )
@@ -431,6 +424,9 @@
 {
     mbedtls_poly1305_context ctx;
     int ret;
+    POLY1305_VALIDATE_RET( key != NULL );
+    POLY1305_VALIDATE_RET( mac != NULL );
+    POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
 
     mbedtls_poly1305_init( &ctx );
 
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f3eedde..c306727 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -26,21 +26,8 @@
 #endif
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
-/*
- * In case MBEDTLS_PSA_CRYPTO_SPM is defined the code is built for SPM (Secure
- * Partition Manager) integration which separate the code into two parts
- * NSPE (Non-Secure Process Environment) and SPE (Secure Process Environment).
- * In this mode an additional header file should be included.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-/*
- * PSA_CRYPTO_SECURE means that this file is compiled to the SPE side.
- * some headers will be affected by this flag.
- */
-#define PSA_CRYPTO_SECURE 1
-#include "crypto_spe.h"
-#endif
 
+#include "psa_crypto_service_integration.h"
 #include "psa/crypto.h"
 
 #include "psa_crypto_core.h"
@@ -52,9 +39,8 @@
 
 #include <stdlib.h>
 #include <string.h>
-#if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
-#else
+#if !defined(MBEDTLS_PLATFORM_C)
 #define mbedtls_calloc calloc
 #define mbedtls_free   free
 #endif
@@ -65,6 +51,8 @@
 #include "mbedtls/bignum.h"
 #include "mbedtls/blowfish.h"
 #include "mbedtls/camellia.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
 #include "mbedtls/cipher.h"
 #include "mbedtls/ccm.h"
 #include "mbedtls/cmac.h"
@@ -73,7 +61,6 @@
 #include "mbedtls/ecdh.h"
 #include "mbedtls/ecp.h"
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
 #include "mbedtls/error.h"
 #include "mbedtls/gcm.h"
 #include "mbedtls/md2.h"
@@ -91,10 +78,6 @@
 #include "mbedtls/sha512.h"
 #include "mbedtls/xtea.h"
 
-#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
-#include "psa_prot_internal_storage.h"
-#endif
-
 #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
 
 /* constant-time buffer comparison */
@@ -171,13 +154,21 @@
         case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
             return( PSA_ERROR_BUFFER_TOO_SMALL );
 
+#if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA)
+        case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA:
+#elif defined(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH)
         case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
+#endif
         case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
             return( PSA_ERROR_NOT_SUPPORTED );
         case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
             return( PSA_ERROR_HARDWARE_FAILURE );
 
+#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
+        case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
+#elif defined(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH)
         case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
+#endif
         case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
             return( PSA_ERROR_NOT_SUPPORTED );
         case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
@@ -190,6 +181,14 @@
         case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
             return( PSA_ERROR_HARDWARE_FAILURE );
 
+        case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
+            return( PSA_ERROR_INVALID_ARGUMENT );
+
+        case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
+            return( PSA_ERROR_BAD_STATE );
+        case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
+            return( PSA_ERROR_INVALID_SIGNATURE );
+
         case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
             return( PSA_ERROR_NOT_SUPPORTED );
         case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
@@ -203,7 +202,7 @@
         case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
             return( PSA_ERROR_INVALID_SIGNATURE );
         case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
-            return( PSA_ERROR_TAMPERING_DETECTED );
+            return( PSA_ERROR_CORRUPTION_DETECTED );
         case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
             return( PSA_ERROR_HARDWARE_FAILURE );
 
@@ -294,6 +293,11 @@
         case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
             return( PSA_ERROR_HARDWARE_FAILURE );
 
+        case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
+            return( PSA_ERROR_HARDWARE_FAILURE );
+        case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
+            return( PSA_ERROR_NOT_SUPPORTED );
+
         case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
             return( PSA_ERROR_HARDWARE_FAILURE );
 
@@ -307,7 +311,7 @@
             return( PSA_ERROR_INVALID_ARGUMENT );
         case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
         case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
-            return( PSA_ERROR_TAMPERING_DETECTED );
+            return( PSA_ERROR_CORRUPTION_DETECTED );
         case MBEDTLS_ERR_RSA_VERIFY_FAILED:
             return( PSA_ERROR_INVALID_SIGNATURE );
         case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
@@ -345,7 +349,7 @@
             return( PSA_ERROR_HARDWARE_FAILURE );
 
         default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
+            return( PSA_ERROR_GENERIC_ERROR );
     }
 }
 
@@ -472,6 +476,12 @@
                 return( PSA_ERROR_INVALID_ARGUMENT );
             break;
 #endif
+#if defined(MBEDTLS_CHACHA20_C)
+        case PSA_KEY_TYPE_CHACHA20:
+            if( bits != 256 )
+                return( PSA_ERROR_INVALID_ARGUMENT );
+            break;
+#endif
         default:
             return( PSA_ERROR_NOT_SUPPORTED );
     }
@@ -525,7 +535,7 @@
     mbedtls_pk_init( &pk );
 
     /* Parse the data. */
-    if( PSA_KEY_TYPE_IS_KEYPAIR( type ) )
+    if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
         status = mbedtls_to_psa_error(
             mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 ) );
     else
@@ -578,7 +588,7 @@
                                               size_t data_length,
                                               mbedtls_ecp_keypair **p_ecp )
 {
-    psa_status_t status = PSA_ERROR_TAMPERING_DETECTED;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_keypair *ecp = NULL;
     mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
 
@@ -627,10 +637,13 @@
                                                size_t data_length,
                                                mbedtls_ecp_keypair **p_ecp )
 {
-    psa_status_t status = PSA_ERROR_TAMPERING_DETECTED;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_keypair *ecp = NULL;
     mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
 
+    if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
     *p_ecp = NULL;
     ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
     if( ecp == NULL )
@@ -696,7 +709,7 @@
     }
     else
 #if defined(MBEDTLS_ECP_C)
-    if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( slot->type ) )
+    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( slot->type ) )
     {
         status = psa_import_ec_private_key( PSA_KEY_TYPE_GET_CURVE( slot->type ),
                                             data, data_length,
@@ -741,7 +754,7 @@
         return( status );
 
     if( slot->type != PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_OCCUPIED_SLOT );
+        return( PSA_ERROR_ALREADY_EXISTS );
 
     *p_slot = slot;
     return( status );
@@ -759,14 +772,14 @@
     if( alg1 == alg2 )
         return( alg1 );
     /* If the policies are from the same hash-and-sign family, check
-     * if one is a wildcard. */
+     * if one is a wildcard. If so the other has the specific algorithm. */
     if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) &&
         PSA_ALG_IS_HASH_AND_SIGN( alg2 ) &&
         ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
     {
         if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
             return( alg2 );
-        if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
+        if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
             return( alg1 );
     }
     /* If the policies are incompatible, allow nothing. */
@@ -796,6 +809,18 @@
     return( 0 );
 }
 
+/** Restrict a key policy based on a constraint.
+ *
+ * \param[in,out] policy    The policy to restrict.
+ * \param[in] constraint    The policy constraint to apply.
+ *
+ * \retval #PSA_SUCCESS
+ *         \c *policy contains the intersection of the original value of
+ *         \c *policy and \c *constraint.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \c *policy and \c *constraint are incompatible.
+ *         \c *policy is unchanged.
+ */
 static psa_status_t psa_restrict_key_policy(
     psa_key_policy_t *policy,
     const psa_key_policy_t *constraint )
@@ -805,6 +830,7 @@
     if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
         return( PSA_ERROR_INVALID_ARGUMENT );
     policy->usage &= constraint->usage;
+    policy->alg = intersection_alg;
     return( PSA_SUCCESS );
 }
 
@@ -825,7 +851,7 @@
     if( status != PSA_SUCCESS )
         return( status );
     if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
 
     /* Enforce that usage policy for the key slot contains all the flags
      * required by the usage parameter. There is one exception: public
@@ -875,7 +901,7 @@
     {
         /* Shouldn't happen: the key type is not any type that we
          * put in. */
-        return( PSA_ERROR_TAMPERING_DETECTED );
+        return( PSA_ERROR_CORRUPTION_DETECTED );
     }
 
     return( PSA_SUCCESS );
@@ -883,7 +909,7 @@
 
 static void psa_abort_operations_using_key( psa_key_slot_t *slot )
 {
-    /*TODO*/
+    /*FIXME how to implement this?*/
     (void) slot;
 }
 
@@ -900,7 +926,7 @@
     return( status );
 }
 
-psa_status_t psa_import_key( psa_key_handle_t handle,
+psa_status_t psa_import_key_to_handle( psa_key_handle_t handle,
                              psa_key_type_t type,
                              const uint8_t *data,
                              size_t data_length )
@@ -962,7 +988,7 @@
 }
 
 /* Return the size of the key in the given slot, in bits. */
-static size_t psa_get_key_bits( const psa_key_slot_t *slot )
+static size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
 {
     if( key_type_is_raw_bytes( slot->type ) )
         return( slot->data.raw.bytes * 8 );
@@ -978,6 +1004,133 @@
     return( 0 );
 }
 
+void psa_reset_key_attributes( psa_key_attributes_t *attributes )
+{
+    mbedtls_free( attributes->domain_parameters );
+    memset( attributes, 0, sizeof( *attributes ) );
+}
+
+psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
+                                            psa_key_type_t type,
+                                            const uint8_t *data,
+                                            size_t data_length )
+{
+    uint8_t *copy = NULL;
+
+    if( data_length != 0 )
+    {
+        copy = mbedtls_calloc( 1, data_length );
+        if( copy == NULL )
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+        memcpy( copy, data, data_length );
+    }
+    /* After this point, this function is guaranteed to succeed, so it
+     * can start modifying `*attributes`. */
+
+    if( attributes->domain_parameters != NULL )
+    {
+        mbedtls_free( attributes->domain_parameters );
+        attributes->domain_parameters = NULL;
+        attributes->domain_parameters_size = 0;
+    }
+
+    attributes->domain_parameters = copy;
+    attributes->domain_parameters_size = data_length;
+    attributes->type = type;
+    return( PSA_SUCCESS );
+}
+
+psa_status_t psa_get_key_domain_parameters(
+    const psa_key_attributes_t *attributes,
+    uint8_t *data, size_t data_size, size_t *data_length )
+{
+    if( attributes->domain_parameters_size > data_size )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    *data_length = attributes->domain_parameters_size;
+    if( attributes->domain_parameters_size != 0 )
+        memcpy( data, attributes->domain_parameters,
+                attributes->domain_parameters_size );
+    return( PSA_SUCCESS );
+}
+
+#if defined(MBEDTLS_RSA_C)
+static psa_status_t psa_get_rsa_public_exponent(
+    const mbedtls_rsa_context *rsa,
+    psa_key_attributes_t *attributes )
+{
+    mbedtls_mpi mpi;
+    int ret;
+    uint8_t *buffer = NULL;
+    size_t buflen;
+    mbedtls_mpi_init( &mpi );
+
+    ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &mpi );
+    if( ret != 0 )
+        goto exit;
+    if( mbedtls_mpi_cmp_int( &mpi, 65537 ) == 0 )
+    {
+        /* It's the default value, which is reported as an empty string,
+         * so there's nothing to do. */
+        goto exit;
+    }
+
+    buflen = mbedtls_mpi_size( &mpi );
+    buffer = mbedtls_calloc( 1, buflen );
+    if( buffer == NULL )
+    {
+        ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
+        goto exit;
+    }
+    ret = mbedtls_mpi_write_binary( &mpi, buffer, buflen );
+    if( ret != 0 )
+        goto exit;
+    attributes->domain_parameters = buffer;
+    attributes->domain_parameters_size = buflen;
+
+exit:
+    mbedtls_mpi_free( &mpi );
+    if( ret != 0 )
+        mbedtls_free( buffer );
+    return( mbedtls_to_psa_error( ret ) );
+}
+#endif /* MBEDTLS_RSA_C */
+
+psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
+                                     psa_key_attributes_t *attributes )
+{
+    psa_key_slot_t *slot;
+    psa_status_t status;
+
+    psa_reset_key_attributes( attributes );
+
+    status = psa_get_key_slot( handle, &slot );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    attributes->id = slot->persistent_storage_id;
+    attributes->lifetime = slot->lifetime;
+    attributes->policy = slot->policy;
+    attributes->type = slot->type;
+    attributes->bits = psa_get_key_slot_bits( slot );
+
+    switch( slot->type )
+    {
+#if defined(MBEDTLS_RSA_C)
+        case PSA_KEY_TYPE_RSA_KEY_PAIR:
+        case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
+            status = psa_get_rsa_public_exponent( slot->data.rsa, attributes );
+            break;
+#endif
+        default:
+            /* Nothing else to do. */
+            break;
+    }
+
+    if( status != PSA_SUCCESS )
+        psa_reset_key_attributes( attributes );
+    return( status );
+}
+
 psa_status_t psa_get_key_information( psa_key_handle_t handle,
                                       psa_key_type_t *type,
                                       size_t *bits )
@@ -994,11 +1147,11 @@
         return( status );
 
     if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
+        return( PSA_ERROR_DOES_NOT_EXIST );
     if( type != NULL )
         *type = slot->type;
     if( bits != NULL )
-        *bits = psa_get_key_bits( slot );
+        *bits = psa_get_key_slot_bits( slot );
     return( PSA_SUCCESS );
 }
 
@@ -1043,11 +1196,11 @@
         return( PSA_SUCCESS );
     }
 #if defined(MBEDTLS_ECP_C)
-    if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( slot->type ) && !export_public_key )
+    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( slot->type ) && !export_public_key )
     {
         psa_status_t status;
 
-        size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( slot ) );
+        size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_slot_bits( slot ) );
         if( bytes > data_size )
             return( PSA_ERROR_BUFFER_TOO_SMALL );
         status = mbedtls_to_psa_error(
@@ -1209,8 +1362,231 @@
 }
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
 
+static psa_status_t psa_set_key_policy_internal(
+    psa_key_slot_t *slot,
+    const psa_key_policy_t *policy )
+{
+    if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
+                             PSA_KEY_USAGE_COPY |
+                             PSA_KEY_USAGE_ENCRYPT |
+                             PSA_KEY_USAGE_DECRYPT |
+                             PSA_KEY_USAGE_SIGN |
+                             PSA_KEY_USAGE_VERIFY |
+                             PSA_KEY_USAGE_DERIVE ) ) != 0 )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    slot->policy = *policy;
+    return( PSA_SUCCESS );
+}
+
+/** Prepare a key slot to receive key material.
+ *
+ * This function allocates a key slot and sets its metadata.
+ *
+ * If this function fails, call psa_fail_key_creation().
+ *
+ * This function is intended to be used as follows:
+ * -# Call psa_start_key_creation() to allocate a key slot, prepare
+ *    it with the specified attributes, and assign it a handle.
+ * -# Populate the slot with the key material.
+ * -# Call psa_finish_key_creation() to finalize the creation of the slot.
+ * In case of failure at any step, stop the sequence and call
+ * psa_fail_key_creation().
+ *
+ * \param attributes    Key attributes for the new key.
+ * \param handle        On success, a handle for the allocated slot.
+ * \param p_slot        On success, a pointer to the prepared slot.
+ *
+ * \retval #PSA_SUCCESS
+ *         The key slot is ready to receive key material.
+ * \return If this function fails, the key slot is an invalid state.
+ *         You must call psa_fail_key_creation() to wipe and free the slot.
+ */
+static psa_status_t psa_start_key_creation(
+    const psa_key_attributes_t *attributes,
+    psa_key_handle_t *handle,
+    psa_key_slot_t **p_slot )
+{
+    psa_status_t status;
+    psa_key_slot_t *slot;
+
+    status = psa_allocate_key( handle );
+    if( status != PSA_SUCCESS )
+        return( status );
+    status = psa_get_key_slot( *handle, p_slot );
+    if( status != PSA_SUCCESS )
+        return( status );
+    slot = *p_slot;
+
+    status = psa_set_key_policy_internal( slot, &attributes->policy );
+    if( status != PSA_SUCCESS )
+        return( status );
+    slot->lifetime = attributes->lifetime;
+    if( attributes->lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    {
+        status = psa_validate_persistent_key_parameters( attributes->lifetime,
+                                                         attributes->id, 1 );
+        if( status != PSA_SUCCESS )
+            return( status );
+        slot->persistent_storage_id = attributes->id;
+    }
+    slot->type = attributes->type;
+
+    return( status );
+}
+
+/** Finalize the creation of a key once its key material has been set.
+ *
+ * This entails writing the key to persistent storage.
+ *
+ * If this function fails, call psa_fail_key_creation().
+ * See the documentation of psa_start_key_creation() for the intended use
+ * of this function.
+ *
+ * \param slot          Pointer to the slot with key material.
+ *
+ * \retval #PSA_SUCCESS
+ *         The key was successfully created. The handle is now valid.
+ * \return If this function fails, the key slot is an invalid state.
+ *         You must call psa_fail_key_creation() to wipe and free the slot.
+ */
+static psa_status_t psa_finish_key_creation( psa_key_slot_t *slot )
+{
+    psa_status_t status = PSA_SUCCESS;
+    (void) slot;
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+    if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+    {
+        uint8_t *buffer = NULL;
+        size_t buffer_size = 0;
+        size_t length;
+
+        buffer_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type,
+                                               psa_get_key_slot_bits( slot ) );
+        buffer = mbedtls_calloc( 1, buffer_size );
+        if( buffer == NULL && buffer_size != 0 )
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+        status = psa_internal_export_key( slot,
+                                          buffer, buffer_size, &length,
+                                          0 );
+
+        if( status == PSA_SUCCESS )
+        {
+            status = psa_save_persistent_key( slot->persistent_storage_id,
+                                              slot->type, &slot->policy,
+                                              buffer, length );
+        }
+
+        if( buffer_size != 0 )
+            mbedtls_platform_zeroize( buffer, buffer_size );
+        mbedtls_free( buffer );
+    }
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+    return( status );
+}
+
+/** Abort the creation of a key.
+ *
+ * You may call this function after calling psa_start_key_creation(),
+ * or after psa_finish_key_creation() fails. In other circumstances, this
+ * function may not clean up persistent storage.
+ * See the documentation of psa_start_key_creation() for the intended use
+ * of this function.
+ *
+ * \param slot          Pointer to the slot with key material.
+ */
+static void psa_fail_key_creation( psa_key_slot_t *slot )
+{
+    if( slot == NULL )
+        return;
+    psa_wipe_key_slot( slot );
+}
+
+static psa_status_t psa_check_key_slot_attributes(
+    const psa_key_slot_t *slot,
+    const psa_key_attributes_t *attributes )
+{
+    if( attributes->type != 0 )
+    {
+        if( attributes->type != slot->type )
+            return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+
+    if( attributes->domain_parameters_size != 0 )
+    {
+#if defined(MBEDTLS_RSA_C)
+        if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+        {
+            mbedtls_mpi actual, required;
+            int ret;
+            mbedtls_mpi_init( &actual );
+            mbedtls_mpi_init( &required );
+            ret = mbedtls_rsa_export( slot->data.rsa,
+                                      NULL, NULL, NULL, NULL, &actual );
+            if( ret != 0 )
+                goto rsa_exit;
+            ret = mbedtls_mpi_read_binary( &required,
+                                           attributes->domain_parameters,
+                                           attributes->domain_parameters_size );
+            if( ret != 0 )
+                goto rsa_exit;
+            if( mbedtls_mpi_cmp_mpi( &actual, &required ) != 0 )
+                ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        rsa_exit:
+            mbedtls_mpi_free( &actual );
+            mbedtls_mpi_free( &required );
+            if( ret != 0)
+                return( mbedtls_to_psa_error( ret ) );
+        }
+        else
+#endif
+        {
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        }
+    }
+
+    if( attributes->bits != 0 )
+    {
+        if( attributes->bits != psa_get_key_slot_bits( slot ) )
+            return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+
+    return( PSA_SUCCESS );
+}
+
+psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
+                             const uint8_t *data,
+                             size_t data_length,
+                             psa_key_handle_t *handle )
+{
+    psa_status_t status;
+    psa_key_slot_t *slot = NULL;
+
+    status = psa_start_key_creation( attributes, handle, &slot );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_import_key_into_slot( slot, data, data_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    status = psa_check_key_slot_attributes( slot, attributes );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_finish_key_creation( slot );
+exit:
+    if( status != PSA_SUCCESS )
+    {
+        psa_fail_key_creation( slot );
+        *handle = 0;
+    }
+    return( status );
+}
+
 static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
-                                           psa_key_handle_t target )
+                                           psa_key_slot_t *target )
 {
     psa_status_t status;
     uint8_t *buffer = NULL;
@@ -1218,23 +1594,24 @@
     size_t length;
 
     buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->type,
-                                           psa_get_key_bits( source ) );
+                                           psa_get_key_slot_bits( source ) );
     buffer = mbedtls_calloc( 1, buffer_size );
-    if( buffer == NULL )
-    {
-        status = PSA_ERROR_INSUFFICIENT_MEMORY;
-        goto exit;
-    }
+    if( buffer == NULL && buffer_size != 0 )
+        return( PSA_ERROR_INSUFFICIENT_MEMORY );
     status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
     if( status != PSA_SUCCESS )
         goto exit;
-    status = psa_import_key( target, source->type, buffer, length );
+    target->type = source->type;
+    status = psa_import_key_into_slot( target, buffer, length );
 
 exit:
+    if( buffer_size != 0 )
+        mbedtls_platform_zeroize( buffer, buffer_size );
+    mbedtls_free( buffer );
     return( status );
 }
 
-psa_status_t psa_copy_key(psa_key_handle_t source_handle,
+psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
                           psa_key_handle_t target_handle,
                           const psa_key_policy_t *constraint)
 {
@@ -1242,7 +1619,8 @@
     psa_key_slot_t *target_slot = NULL;
     psa_key_policy_t new_policy;
     psa_status_t status;
-    status = psa_get_key_from_slot( source_handle, &source_slot, 0, 0 );
+    status = psa_get_key_from_slot( source_handle, &source_slot,
+                                    PSA_KEY_USAGE_COPY, 0 );
     if( status != PSA_SUCCESS )
         return( status );
     status = psa_get_empty_key_slot( target_handle, &target_slot );
@@ -1260,7 +1638,7 @@
             return( status );
     }
 
-    status = psa_copy_key_material( source_slot, target_handle );
+    status = psa_copy_key_material( source_slot, target_slot );
     if( status != PSA_SUCCESS )
         return( status );
 
@@ -1268,6 +1646,48 @@
     return( PSA_SUCCESS );
 }
 
+psa_status_t psa_copy_key( psa_key_handle_t source_handle,
+                           const psa_key_attributes_t *specified_attributes,
+                           psa_key_handle_t *target_handle )
+{
+    psa_status_t status;
+    psa_key_slot_t *source_slot = NULL;
+    psa_key_slot_t *target_slot = NULL;
+    psa_key_attributes_t actual_attributes = *specified_attributes;
+
+    status = psa_get_key_from_slot( source_handle, &source_slot,
+                                    PSA_KEY_USAGE_COPY, 0 );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_check_key_slot_attributes( source_slot, specified_attributes );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_restrict_key_policy( &actual_attributes.policy,
+                                      &source_slot->policy );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_start_key_creation( &actual_attributes,
+                                     target_handle, &target_slot );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_copy_key_material( source_slot, target_slot );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_finish_key_creation( target_slot );
+exit:
+    if( status != PSA_SUCCESS )
+    {
+        psa_fail_key_creation( target_slot );
+        *target_handle = 0;
+    }
+    return( status );
+}
+
 
 
 /****************************************************************/
@@ -1372,7 +1792,13 @@
                              psa_algorithm_t alg )
 {
     int ret;
-    operation->alg = 0;
+
+    /* A context must be freshly initialized before it can be set up. */
+    if( operation->alg != 0 )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     switch( alg )
     {
 #if defined(MBEDTLS_MD2_C)
@@ -1495,8 +1921,7 @@
             break;
 #endif
         default:
-            ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
-            break;
+            return( PSA_ERROR_BAD_STATE );
     }
 
     if( ret != 0 )
@@ -1568,8 +1993,7 @@
             break;
 #endif
         default:
-            ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
-            break;
+            return( PSA_ERROR_BAD_STATE );
     }
     status = mbedtls_to_psa_error( ret );
 
@@ -1604,8 +2028,8 @@
     return( PSA_SUCCESS );
 }
 
-psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
-                            psa_hash_operation_t *target_operation)
+psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
+                             psa_hash_operation_t *target_operation )
 {
     if( target_operation->alg != 0 )
         return( PSA_ERROR_BAD_STATE );
@@ -1688,6 +2112,7 @@
         switch( alg )
         {
             case PSA_ALG_ARC4:
+            case PSA_ALG_CHACHA20:
                 mode = MBEDTLS_MODE_STREAM;
                 break;
             case PSA_ALG_CTR:
@@ -1711,6 +2136,9 @@
             case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):
                 mode = MBEDTLS_MODE_GCM;
                 break;
+            case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ):
+                mode = MBEDTLS_MODE_CHACHAPOLY;
+                break;
             default:
                 return( NULL );
         }
@@ -1746,6 +2174,9 @@
         case PSA_KEY_TYPE_ARC4:
             cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
             break;
+        case PSA_KEY_TYPE_CHACHA20:
+            cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
+            break;
         default:
             return( NULL );
     }
@@ -1993,6 +2424,12 @@
     unsigned char truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
     psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg );
 
+    /* A context must be freshly initialized before it can be set up. */
+    if( operation->alg != 0 )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     status = psa_mac_init( operation, full_length_alg );
     if( status != PSA_SUCCESS )
         return( status );
@@ -2002,7 +2439,7 @@
     status = psa_get_key_from_slot( handle, &slot, usage, alg );
     if( status != PSA_SUCCESS )
         goto exit;
-    key_bits = psa_get_key_bits( slot );
+    key_bits = psa_get_key_slot_bits( slot );
 
 #if defined(MBEDTLS_CMAC_C)
     if( full_length_alg == PSA_ALG_CMAC )
@@ -2111,9 +2548,9 @@
 {
     psa_status_t status = PSA_ERROR_BAD_STATE;
     if( ! operation->key_set )
-        goto cleanup;
+        return( PSA_ERROR_BAD_STATE );
     if( operation->iv_required && ! operation->iv_set )
-        goto cleanup;
+        return( PSA_ERROR_BAD_STATE );
     operation->has_input = 1;
 
 #if defined(MBEDTLS_CMAC_C)
@@ -2136,10 +2573,9 @@
     {
         /* This shouldn't happen if `operation` was initialized by
          * a setup function. */
-        status = PSA_ERROR_BAD_STATE;
+        return( PSA_ERROR_BAD_STATE );
     }
 
-cleanup:
     if( status != PSA_SUCCESS )
         psa_mac_abort( operation );
     return( status );
@@ -2231,6 +2667,11 @@
 {
     psa_status_t status;
 
+    if( operation->alg == 0 )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     /* Fill the output buffer with something that isn't a valid mac
      * (barring an attack on the mac and deliberately-crafted input),
      * in case the caller doesn't check the return status properly. */
@@ -2242,13 +2683,11 @@
 
     if( ! operation->is_sign )
     {
-        status = PSA_ERROR_BAD_STATE;
-        goto cleanup;
+        return( PSA_ERROR_BAD_STATE );
     }
 
     status = psa_mac_finish_internal( operation, mac, mac_size );
 
-cleanup:
     if( status == PSA_SUCCESS )
     {
         status = psa_mac_abort( operation );
@@ -2269,10 +2708,14 @@
     uint8_t actual_mac[PSA_MAC_MAX_SIZE];
     psa_status_t status;
 
+    if( operation->alg == 0 )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     if( operation->is_sign )
     {
-        status = PSA_ERROR_BAD_STATE;
-        goto cleanup;
+        return( PSA_ERROR_BAD_STATE );
     }
     if( operation->mac_size != mac_length )
     {
@@ -2575,14 +3018,14 @@
     status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
     if( status != PSA_SUCCESS )
         goto exit;
-    if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+    if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->type ) )
     {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
 #if defined(MBEDTLS_RSA_C)
-    if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+    if( slot->type == PSA_KEY_TYPE_RSA_KEY_PAIR )
     {
         status = psa_rsa_sign( slot->data.rsa,
                                alg,
@@ -2719,7 +3162,7 @@
     if( status != PSA_SUCCESS )
         return( status );
     if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) ||
-            PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) )
+            PSA_KEY_TYPE_IS_KEY_PAIR( slot->type ) ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
 #if defined(MBEDTLS_RSA_C)
@@ -2798,11 +3241,11 @@
     status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg );
     if( status != PSA_SUCCESS )
         return( status );
-    if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+    if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->type ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
 #if defined(MBEDTLS_RSA_C)
-    if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+    if( slot->type == PSA_KEY_TYPE_RSA_KEY_PAIR )
     {
         mbedtls_rsa_context *rsa = slot->data.rsa;
         int ret;
@@ -2885,8 +3328,8 @@
                                       psa_algorithm_t alg,
                                       mbedtls_operation_t cipher_operation )
 {
-    int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
-    psa_status_t status;
+    int ret = 0;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     psa_key_slot_t *slot;
     size_t key_bits;
     const mbedtls_cipher_info_t *cipher_info = NULL;
@@ -2894,25 +3337,31 @@
                               PSA_KEY_USAGE_ENCRYPT :
                               PSA_KEY_USAGE_DECRYPT );
 
+    /* A context must be freshly initialized before it can be set up. */
+    if( operation->alg != 0 )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     status = psa_cipher_init( operation, alg );
     if( status != PSA_SUCCESS )
         return( status );
 
     status = psa_get_key_from_slot( handle, &slot, usage, alg);
     if( status != PSA_SUCCESS )
-        return( status );
-    key_bits = psa_get_key_bits( slot );
+        goto exit;
+    key_bits = psa_get_key_slot_bits( slot );
 
     cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type, key_bits, NULL );
     if( cipher_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    {
+        status = PSA_ERROR_NOT_SUPPORTED;
+        goto exit;
+    }
 
     ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
     if( ret != 0 )
-    {
-        psa_cipher_abort( operation );
-        return( mbedtls_to_psa_error( ret ) );
-    }
+        goto exit;
 
 #if defined(MBEDTLS_DES_C)
     if( slot->type == PSA_KEY_TYPE_DES && key_bits == 128 )
@@ -2933,10 +3382,7 @@
                                      (int) key_bits, cipher_operation );
     }
     if( ret != 0 )
-    {
-        psa_cipher_abort( operation );
-        return( mbedtls_to_psa_error( ret ) );
-    }
+        goto exit;
 
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
     switch( alg )
@@ -2955,10 +3401,7 @@
             break;
     }
     if( ret != 0 )
-    {
-        psa_cipher_abort( operation );
-        return( mbedtls_to_psa_error( ret ) );
-    }
+        goto exit;
 #endif //MBEDTLS_CIPHER_MODE_WITH_PADDING
 
     operation->key_set = 1;
@@ -2968,8 +3411,18 @@
     {
         operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type );
     }
+#if defined(MBEDTLS_CHACHA20_C)
+    else
+    if( alg == PSA_ALG_CHACHA20 )
+        operation->iv_size = 12;
+#endif
 
-    return( PSA_SUCCESS );
+exit:
+    if( status == 0 )
+        status = mbedtls_to_psa_error( ret );
+    if( status != 0 )
+        psa_cipher_abort( operation );
+    return( status );
 }
 
 psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation,
@@ -2995,8 +3448,7 @@
     int ret;
     if( operation->iv_set || ! operation->iv_required )
     {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
+        return( PSA_ERROR_BAD_STATE );
     }
     if( iv_size < operation->iv_size )
     {
@@ -3028,8 +3480,7 @@
     int ret;
     if( operation->iv_set || ! operation->iv_required )
     {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
+        return( PSA_ERROR_BAD_STATE );
     }
     if( iv_length != operation->iv_size )
     {
@@ -3056,6 +3507,12 @@
     psa_status_t status;
     int ret;
     size_t expected_output_size;
+
+    if( operation->alg == 0 )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
     {
         /* Take the unprocessed partial block left over from previous
@@ -3091,19 +3548,17 @@
                                 size_t output_size,
                                 size_t *output_length )
 {
-    psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
 
     if( ! operation->key_set )
     {
-        status = PSA_ERROR_BAD_STATE;
-        goto error;
+        return( PSA_ERROR_BAD_STATE );
     }
     if( operation->iv_required && ! operation->iv_set )
     {
-        status = PSA_ERROR_BAD_STATE;
-        goto error;
+        return( PSA_ERROR_BAD_STATE );
     }
 
     if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT &&
@@ -3214,17 +3669,7 @@
     if( status != PSA_SUCCESS )
         return( status );
 
-    if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
-                             PSA_KEY_USAGE_ENCRYPT |
-                             PSA_KEY_USAGE_DECRYPT |
-                             PSA_KEY_USAGE_SIGN |
-                             PSA_KEY_USAGE_VERIFY |
-                             PSA_KEY_USAGE_DERIVE ) ) != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    slot->policy = *policy;
-
-    return( PSA_SUCCESS );
+    return( psa_set_key_policy_internal( slot, policy ) );
 }
 
 psa_status_t psa_get_key_policy( psa_key_handle_t handle,
@@ -3251,7 +3696,7 @@
 /* Key Lifetime */
 /****************************************************************/
 
-psa_status_t psa_get_key_lifetime( psa_key_handle_t handle,
+psa_status_t psa_get_key_lifetime_from_handle( psa_key_handle_t handle,
                                    psa_key_lifetime_t *lifetime )
 {
     psa_key_slot_t *slot;
@@ -3284,6 +3729,9 @@
 #if defined(MBEDTLS_GCM_C)
         mbedtls_gcm_context gcm;
 #endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+        mbedtls_chachapoly_context chachapoly;
+#endif /* MBEDTLS_CHACHAPOLY_C */
     } ctx;
     psa_algorithm_t core_alg;
     uint8_t full_tag_length;
@@ -3320,7 +3768,7 @@
     if( status != PSA_SUCCESS )
         return( status );
 
-    key_bits = psa_get_key_bits( operation->slot );
+    key_bits = psa_get_key_slot_bits( operation->slot );
 
     operation->cipher_info =
         mbedtls_cipher_info_from_psa( alg, operation->slot->type, key_bits,
@@ -3334,6 +3782,9 @@
         case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 0 ):
             operation->core_alg = PSA_ALG_CCM;
             operation->full_tag_length = 16;
+            /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
+             * The call to mbedtls_ccm_encrypt_and_tag or
+             * mbedtls_ccm_auth_decrypt will validate the tag length. */
             if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
                 return( PSA_ERROR_INVALID_ARGUMENT );
             mbedtls_ccm_init( &operation->ctx.ccm );
@@ -3350,6 +3801,9 @@
         case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ):
             operation->core_alg = PSA_ALG_GCM;
             operation->full_tag_length = 16;
+            /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
+             * The call to mbedtls_gcm_crypt_and_tag or
+             * mbedtls_gcm_auth_decrypt will validate the tag length. */
             if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 )
                 return( PSA_ERROR_INVALID_ARGUMENT );
             mbedtls_gcm_init( &operation->ctx.gcm );
@@ -3357,9 +3811,27 @@
                 mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
                                     operation->slot->data.raw.data,
                                     (unsigned int) key_bits ) );
+            if( status != 0 )
+                goto cleanup;
             break;
 #endif /* MBEDTLS_GCM_C */
 
+#if defined(MBEDTLS_CHACHAPOLY_C)
+        case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ):
+            operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
+            operation->full_tag_length = 16;
+            /* We only support the default tag length. */
+            if( alg != PSA_ALG_CHACHA20_POLY1305 )
+                return( PSA_ERROR_NOT_SUPPORTED );
+            mbedtls_chachapoly_init( &operation->ctx.chachapoly );
+            status = mbedtls_to_psa_error(
+                mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
+                                           operation->slot->data.raw.data ) );
+            if( status != 0 )
+                goto cleanup;
+            break;
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
         default:
             return( PSA_ERROR_NOT_SUPPORTED );
     }
@@ -3370,9 +3842,6 @@
         goto cleanup;
     }
     operation->tag_length = PSA_AEAD_TAG_LENGTH( alg );
-    /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
-     * GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
-     * In both cases, mbedtls_xxx will validate the tag length below. */
 
     return( PSA_SUCCESS );
 
@@ -3440,6 +3909,26 @@
     }
     else
 #endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        if( nonce_length != 12 || operation.tag_length != 16 )
+        {
+            status = PSA_ERROR_NOT_SUPPORTED;
+            goto exit;
+        }
+        status = mbedtls_to_psa_error(
+            mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
+                                                plaintext_length,
+                                                nonce,
+                                                additional_data,
+                                                additional_data_length,
+                                                plaintext,
+                                                ciphertext,
+                                                tag ) );
+    }
+    else
+#endif /* MBEDTLS_CHACHAPOLY_C */
     {
         return( PSA_ERROR_NOT_SUPPORTED );
     }
@@ -3497,15 +3986,15 @@
     if( status != PSA_SUCCESS )
         return( status );
 
+    status = psa_aead_unpadded_locate_tag( operation.tag_length,
+                                           ciphertext, ciphertext_length,
+                                           plaintext_size, &tag );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
 #if defined(MBEDTLS_GCM_C)
     if( operation.core_alg == PSA_ALG_GCM )
     {
-        status = psa_aead_unpadded_locate_tag( operation.tag_length,
-                                               ciphertext, ciphertext_length,
-                                               plaintext_size, &tag );
-        if( status != PSA_SUCCESS )
-            goto exit;
-
         status = mbedtls_to_psa_error(
             mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
                                       ciphertext_length - operation.tag_length,
@@ -3520,12 +4009,6 @@
 #if defined(MBEDTLS_CCM_C)
     if( operation.core_alg == PSA_ALG_CCM )
     {
-        status = psa_aead_unpadded_locate_tag( operation.tag_length,
-                                               ciphertext, ciphertext_length,
-                                               plaintext_size, &tag );
-        if( status != PSA_SUCCESS )
-            goto exit;
-
         status = mbedtls_to_psa_error(
             mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
                                       ciphertext_length - operation.tag_length,
@@ -3537,6 +4020,26 @@
     }
     else
 #endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+    {
+        if( nonce_length != 12 || operation.tag_length != 16 )
+        {
+            status = PSA_ERROR_NOT_SUPPORTED;
+            goto exit;
+        }
+        status = mbedtls_to_psa_error(
+            mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
+                                             ciphertext_length - operation.tag_length,
+                                             nonce,
+                                             additional_data,
+                                             additional_data_length,
+                                             tag,
+                                             ciphertext,
+                                             plaintext ) );
+    }
+    else
+#endif /* MBEDTLS_CHACHAPOLY_C */
     {
         return( PSA_ERROR_NOT_SUPPORTED );
     }
@@ -3562,20 +4065,20 @@
 #define HKDF_STATE_KEYED 2 /* got key */
 #define HKDF_STATE_OUTPUT 3 /* output started */
 
-static psa_algorithm_t psa_generator_get_kdf_alg(
-    const psa_crypto_generator_t *generator )
+static psa_algorithm_t psa_key_derivation_get_kdf_alg(
+    const psa_key_derivation_operation_t *operation )
 {
-    if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
-        return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) );
+    if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
+        return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
     else
-        return( generator->alg );
+        return( operation->alg );
 }
 
 
-psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
+psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
     if( kdf_alg == 0 )
     {
         /* The object has (apparently) been initialized but it is not
@@ -3585,36 +4088,36 @@
     else
     if( kdf_alg == PSA_ALG_SELECT_RAW )
     {
-        if( generator->ctx.buffer.data != NULL )
+        if( operation->ctx.buffer.data != NULL )
         {
-            mbedtls_platform_zeroize( generator->ctx.buffer.data,
-                             generator->ctx.buffer.size );
-            mbedtls_free( generator->ctx.buffer.data );
+            mbedtls_platform_zeroize( operation->ctx.buffer.data,
+                             operation->ctx.buffer.size );
+            mbedtls_free( operation->ctx.buffer.data );
         }
     }
     else
 #if defined(MBEDTLS_MD_C)
     if( PSA_ALG_IS_HKDF( kdf_alg ) )
     {
-        mbedtls_free( generator->ctx.hkdf.info );
-        status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
+        mbedtls_free( operation->ctx.hkdf.info );
+        status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac );
     }
     else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-             /* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
+             /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
              PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
     {
-        if( generator->ctx.tls12_prf.key != NULL )
+        if( operation->ctx.tls12_prf.key != NULL )
         {
-            mbedtls_platform_zeroize( generator->ctx.tls12_prf.key,
-                             generator->ctx.tls12_prf.key_len );
-            mbedtls_free( generator->ctx.tls12_prf.key );
+            mbedtls_platform_zeroize( operation->ctx.tls12_prf.key,
+                             operation->ctx.tls12_prf.key_len );
+            mbedtls_free( operation->ctx.tls12_prf.key );
         }
 
-        if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
+        if( operation->ctx.tls12_prf.Ai_with_seed != NULL )
         {
-            mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
-                             generator->ctx.tls12_prf.Ai_with_seed_len );
-            mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
+            mbedtls_platform_zeroize( operation->ctx.tls12_prf.Ai_with_seed,
+                             operation->ctx.tls12_prf.Ai_with_seed_len );
+            mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed );
         }
     }
     else
@@ -3622,32 +4125,38 @@
     {
         status = PSA_ERROR_BAD_STATE;
     }
-    memset( generator, 0, sizeof( *generator ) );
+    memset( operation, 0, sizeof( *operation ) );
     return( status );
 }
 
-psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
                                         size_t *capacity)
 {
-    *capacity = generator->capacity;
+    if( operation->alg == 0 )
+    {
+        /* This is a blank key derivation operation. */
+        return PSA_ERROR_BAD_STATE;
+    }
+
+    *capacity = operation->capacity;
     return( PSA_SUCCESS );
 }
 
-psa_status_t psa_set_generator_capacity( psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
                                          size_t capacity )
 {
-    if( generator->alg == 0 )
+    if( operation->alg == 0 )
         return( PSA_ERROR_BAD_STATE );
-    if( capacity > generator->capacity )
+    if( capacity > operation->capacity )
         return( PSA_ERROR_INVALID_ARGUMENT );
-    generator->capacity = capacity;
+    operation->capacity = capacity;
     return( PSA_SUCCESS );
 }
 
 #if defined(MBEDTLS_MD_C)
-/* Read some bytes from an HKDF-based generator. This performs a chunk
+/* Read some bytes from an HKDF-based operation. This performs a chunk
  * of the expand phase of the HKDF algorithm. */
-static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf,
+static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
                                              psa_algorithm_t hash_alg,
                                              uint8_t *output,
                                              size_t output_length )
@@ -3672,8 +4181,8 @@
         if( output_length == 0 )
             break;
         /* We can't be wanting more output after block 0xff, otherwise
-         * the capacity check in psa_generator_read() would have
-         * prevented this call. It could happen only if the generator
+         * the capacity check in psa_key_derivation_output_bytes() would have
+         * prevented this call. It could happen only if the operation
          * object was corrupted or if this function is called directly
          * inside the library. */
         if( hkdf->block_number == 0xff )
@@ -3714,8 +4223,8 @@
     return( PSA_SUCCESS );
 }
 
-static psa_status_t psa_generator_tls12_prf_generate_next_block(
-    psa_tls12_prf_generator_t *tls12_prf,
+static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
+    psa_tls12_prf_key_derivation_t *tls12_prf,
     psa_algorithm_t alg )
 {
     psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
@@ -3727,8 +4236,8 @@
     size_t Ai_len;
 
     /* We can't be wanting more output after block 0xff, otherwise
-     * the capacity check in psa_generator_read() would have
-     * prevented this call. It could happen only if the generator
+     * the capacity check in psa_key_derivation_output_bytes() would have
+     * prevented this call. It could happen only if the operation
      * object was corrupted or if this function is called directly
      * inside the library. */
     if( tls12_prf->block_number == 0xff )
@@ -3749,7 +4258,7 @@
      * A(0) = seed
      * A(i) = HMAC_hash( secret, A(i-1) )
      *
-     * The `psa_tls12_prf_generator` structures saves the block
+     * The `psa_tls12_prf_key_derivation` structures saves the block
      * `HMAC_hash(secret, A(i) + seed)` from which the output
      * is currently extracted as `output_block`, while
      * `A(i) + seed` is stored in `Ai_with_seed`.
@@ -3826,10 +4335,10 @@
     return( status );
 }
 
-/* Read some bytes from an TLS-1.2-PRF-based generator.
+/* Read some bytes from an TLS-1.2-PRF-based operation.
  * See Section 5 of RFC 5246. */
-static psa_status_t psa_generator_tls12_prf_read(
-                                        psa_tls12_prf_generator_t *tls12_prf,
+static psa_status_t psa_key_derivation_tls12_prf_read(
+                                        psa_tls12_prf_key_derivation_t *tls12_prf,
                                         psa_algorithm_t alg,
                                         uint8_t *output,
                                         size_t output_length )
@@ -3846,7 +4355,7 @@
         /* Check if we have fully processed the current block. */
         if( n == 0 )
         {
-            status = psa_generator_tls12_prf_generate_next_block( tls12_prf,
+            status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf,
                                                                   alg );
             if( status != PSA_SUCCESS )
                 return( status );
@@ -3867,48 +4376,53 @@
 }
 #endif /* MBEDTLS_MD_C */
 
-psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation,
                                  uint8_t *output,
                                  size_t output_length )
 {
     psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
 
-    if( output_length > generator->capacity )
+    if( operation->alg == 0 )
     {
-        generator->capacity = 0;
+        /* This is a blank operation. */
+        return PSA_ERROR_BAD_STATE;
+    }
+
+    if( output_length > operation->capacity )
+    {
+        operation->capacity = 0;
         /* Go through the error path to wipe all confidential data now
-         * that the generator object is useless. */
-        status = PSA_ERROR_INSUFFICIENT_CAPACITY;
+         * that the operation object is useless. */
+        status = PSA_ERROR_INSUFFICIENT_DATA;
         goto exit;
     }
-    if( output_length == 0 &&
-        generator->capacity == 0 && kdf_alg == 0 )
+    if( output_length == 0 && operation->capacity == 0 )
     {
-        /* Edge case: this is a blank or finished generator, and 0
-         * bytes were requested. The right error in this case could
+        /* Edge case: this is a finished operation, and 0 bytes
+         * were requested. The right error in this case could
          * be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
          * INSUFFICIENT_CAPACITY, which is right for a finished
-         * generator, for consistency with the case when
+         * operation, for consistency with the case when
          * output_length > 0. */
-        return( PSA_ERROR_INSUFFICIENT_CAPACITY );
+        return( PSA_ERROR_INSUFFICIENT_DATA );
     }
-    generator->capacity -= output_length;
+    operation->capacity -= output_length;
 
     if( kdf_alg == PSA_ALG_SELECT_RAW )
     {
-        /* Initially, the capacity of a selection generator is always
-         * the size of the buffer, i.e. `generator->ctx.buffer.size`,
+        /* Initially, the capacity of a selection operation is always
+         * the size of the buffer, i.e. `operation->ctx.buffer.size`,
          * abbreviated in this comment as `size`. When the remaining
          * capacity is `c`, the next bytes to serve start `c` bytes
          * from the end of the buffer, i.e. `size - c` from the
-         * beginning of the buffer. Since `generator->capacity` was just
+         * beginning of the buffer. Since `operation->capacity` was just
          * decremented above, we need to serve the bytes from
-         * `size - generator->capacity - output_length` to
-         * `size - generator->capacity`. */
+         * `size - operation->capacity - output_length` to
+         * `size - operation->capacity`. */
         size_t offset =
-            generator->ctx.buffer.size - generator->capacity - output_length;
-        memcpy( output, generator->ctx.buffer.data + offset, output_length );
+            operation->ctx.buffer.size - operation->capacity - output_length;
+        memcpy( output, operation->ctx.buffer.data + offset, output_length );
         status = PSA_SUCCESS;
     }
     else
@@ -3916,13 +4430,13 @@
     if( PSA_ALG_IS_HKDF( kdf_alg ) )
     {
         psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
-        status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg,
+        status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
                                           output, output_length );
     }
     else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
              PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
     {
-        status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf,
+        status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
                                                kdf_alg, output,
                                                output_length );
     }
@@ -3935,7 +4449,13 @@
 exit:
     if( status != PSA_SUCCESS )
     {
-        psa_generator_abort( generator );
+        /* Preserve the algorithm upon errors, but clear all sensitive state.
+         * This allows us to differentiate between exhausted operations and
+         * blank operations, so we can return PSA_ERROR_BAD_STATE on blank
+         * operations. */
+        psa_algorithm_t alg = operation->alg;
+        psa_key_derivation_abort( operation );
+        operation->alg = alg;
         memset( output, '!', output_length );
     }
     return( status );
@@ -3953,10 +4473,64 @@
 }
 #endif /* MBEDTLS_DES_C */
 
-psa_status_t psa_generator_import_key( psa_key_handle_t handle,
+static psa_status_t psa_generate_derived_key_internal(
+    psa_key_slot_t *slot,
+    size_t bits,
+    psa_key_derivation_operation_t *operation )
+{
+    uint8_t *data = NULL;
+    size_t bytes = PSA_BITS_TO_BYTES( bits );
+    psa_status_t status;
+
+    if( ! key_type_is_raw_bytes( slot->type ) )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    if( bits % 8 != 0 )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    data = mbedtls_calloc( 1, bytes );
+    if( data == NULL )
+        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+    status = psa_key_derivation_output_bytes( operation, data, bytes );
+    if( status != PSA_SUCCESS )
+        goto exit;
+#if defined(MBEDTLS_DES_C)
+    if( slot->type == PSA_KEY_TYPE_DES )
+        psa_des_set_key_parity( data, bytes );
+#endif /* MBEDTLS_DES_C */
+    status = psa_import_key_into_slot( slot, data, bytes );
+
+exit:
+    mbedtls_free( data );
+    return( status );
+}
+
+psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
+                                       psa_key_derivation_operation_t *operation,
+                                       psa_key_handle_t *handle )
+{
+    psa_status_t status;
+    psa_key_slot_t *slot = NULL;
+    status = psa_start_key_creation( attributes, handle, &slot );
+    if( status == PSA_SUCCESS )
+    {
+        status = psa_generate_derived_key_internal( slot,
+                                                    attributes->bits,
+                                                    operation );
+    }
+    if( status == PSA_SUCCESS )
+        status = psa_finish_key_creation( slot );
+    if( status != PSA_SUCCESS )
+    {
+        psa_fail_key_creation( slot );
+        *handle = 0;
+    }
+    return( status );
+}
+
+psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
                                        psa_key_type_t type,
                                        size_t bits,
-                                       psa_crypto_generator_t *generator )
+                                       psa_key_derivation_operation_t *operation )
 {
     uint8_t *data = NULL;
     size_t bytes = PSA_BITS_TO_BYTES( bits );
@@ -3970,14 +4544,14 @@
     if( data == NULL )
         return( PSA_ERROR_INSUFFICIENT_MEMORY );
 
-    status = psa_generator_read( generator, data, bytes );
+    status = psa_key_derivation_output_bytes( operation, data, bytes );
     if( status != PSA_SUCCESS )
         goto exit;
 #if defined(MBEDTLS_DES_C)
     if( type == PSA_KEY_TYPE_DES )
         psa_des_set_key_parity( data, bytes );
 #endif /* MBEDTLS_DES_C */
-    status = psa_import_key( handle, type, data, bytes );
+    status = psa_import_key_to_handle( handle, type, data, bytes );
 
 exit:
     mbedtls_free( data );
@@ -3991,25 +4565,25 @@
 /****************************************************************/
 
 #if defined(MBEDTLS_MD_C)
-/* Set up an HKDF-based generator. This is exactly the extract phase
+/* Set up an HKDF-based operation. This is exactly the extract phase
  * of the HKDF algorithm.
  *
- * Note that if this function fails, you must call psa_generator_abort()
+ * Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
  */
-static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
-                                              const uint8_t *secret,
-                                              size_t secret_length,
-                                              psa_algorithm_t hash_alg,
-                                              const uint8_t *salt,
-                                              size_t salt_length,
-                                              const uint8_t *label,
-                                              size_t label_length )
+static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf,
+                                                   const uint8_t *secret,
+                                                   size_t secret_length,
+                                                   psa_algorithm_t hash_alg,
+                                                   const uint8_t *salt,
+                                                   size_t salt_length,
+                                                   const uint8_t *label,
+                                                   size_t label_length )
 {
     psa_status_t status;
     status = psa_hmac_setup_internal( &hkdf->hmac,
                                       salt, salt_length,
-                                      PSA_ALG_HMAC_GET_HASH( hash_alg ) );
+                                      hash_alg );
     if( status != PSA_SUCCESS )
         return( status );
     status = psa_hash_update( &hkdf->hmac.hash_ctx, secret, secret_length );
@@ -4037,13 +4611,13 @@
 #endif /* MBEDTLS_MD_C */
 
 #if defined(MBEDTLS_MD_C)
-/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
+/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
  *
- * Note that if this function fails, you must call psa_generator_abort()
+ * Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
  */
-static psa_status_t psa_generator_tls12_prf_setup(
-    psa_tls12_prf_generator_t *tls12_prf,
+static psa_status_t psa_key_derivation_tls12_prf_setup(
+    psa_tls12_prf_key_derivation_t *tls12_prf,
     const unsigned char *key,
     size_t key_len,
     psa_algorithm_t hash_alg,
@@ -4063,7 +4637,7 @@
     memcpy( tls12_prf->key, key, key_len );
 
     overflow = ( salt_length + label_length               < salt_length ) ||
-               ( salt_length + label_length + hash_length < hash_length );
+        ( salt_length + label_length + hash_length < hash_length );
     if( overflow )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
@@ -4087,16 +4661,16 @@
     }
 
     /* The first block gets generated when
-     * psa_generator_read() is called. */
+     * psa_key_derivation_output_bytes() is called. */
     tls12_prf->block_number    = 0;
     tls12_prf->offset_in_block = hash_length;
 
     return( PSA_SUCCESS );
 }
 
-/* Set up a TLS-1.2-PSK-to-MS-based generator. */
-static psa_status_t psa_generator_tls12_psk_to_ms_setup(
-    psa_tls12_prf_generator_t *tls12_prf,
+/* Set up a TLS-1.2-PSK-to-MS-based operation. */
+static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
+    psa_tls12_prf_key_derivation_t *tls12_prf,
     const unsigned char *psk,
     size_t psk_len,
     psa_algorithm_t hash_alg,
@@ -4125,22 +4699,22 @@
     pms[2 + psk_len + 1] = pms[1];
     memcpy( pms + 4 + psk_len, psk, psk_len );
 
-    status = psa_generator_tls12_prf_setup( tls12_prf,
-                                            pms, 4 + 2 * psk_len,
-                                            hash_alg,
-                                            salt, salt_length,
-                                            label, label_length );
+    status = psa_key_derivation_tls12_prf_setup( tls12_prf,
+                                                 pms, 4 + 2 * psk_len,
+                                                 hash_alg,
+                                                 salt, salt_length,
+                                                 label, label_length );
 
     mbedtls_platform_zeroize( pms, sizeof( pms ) );
     return( status );
 }
 #endif /* MBEDTLS_MD_C */
 
-/* Note that if this function fails, you must call psa_generator_abort()
+/* Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
  */
 static psa_status_t psa_key_derivation_internal(
-    psa_crypto_generator_t *generator,
+    psa_key_derivation_operation_t *operation,
     const uint8_t *secret, size_t secret_length,
     psa_algorithm_t alg,
     const uint8_t *salt, size_t salt_length,
@@ -4150,8 +4724,8 @@
     psa_status_t status;
     size_t max_capacity;
 
-    /* Set generator->alg even on failure so that abort knows what to do. */
-    generator->alg = alg;
+    /* Set operation->alg even on failure so that abort knows what to do. */
+    operation->alg = alg;
 
     if( alg == PSA_ALG_SELECT_RAW )
     {
@@ -4161,11 +4735,11 @@
         (void) label;
         if( label_length != 0 )
             return( PSA_ERROR_INVALID_ARGUMENT );
-        generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
-        if( generator->ctx.buffer.data == NULL )
+        operation->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
+        if( operation->ctx.buffer.data == NULL )
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( generator->ctx.buffer.data, secret, secret_length );
-        generator->ctx.buffer.size = secret_length;
+        memcpy( operation->ctx.buffer.data, secret, secret_length );
+        operation->ctx.buffer.size = secret_length;
         max_capacity = secret_length;
         status = PSA_SUCCESS;
     }
@@ -4178,11 +4752,11 @@
         if( hash_size == 0 )
             return( PSA_ERROR_NOT_SUPPORTED );
         max_capacity = 255 * hash_size;
-        status = psa_generator_hkdf_setup( &generator->ctx.hkdf,
-                                           secret, secret_length,
-                                           hash_alg,
-                                           salt, salt_length,
-                                           label, label_length );
+        status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf,
+                                                secret, secret_length,
+                                                hash_alg,
+                                                salt, salt_length,
+                                                label, label_length );
     }
     /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
     else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
@@ -4202,15 +4776,15 @@
 
         if( PSA_ALG_IS_TLS12_PRF( alg ) )
         {
-            status = psa_generator_tls12_prf_setup( &generator->ctx.tls12_prf,
-                                                    secret, secret_length,
-                                                    hash_alg, salt, salt_length,
-                                                    label, label_length );
+            status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf,
+                                                         secret, secret_length,
+                                                         hash_alg, salt, salt_length,
+                                                         label, label_length );
         }
         else
         {
-            status = psa_generator_tls12_psk_to_ms_setup(
-                &generator->ctx.tls12_prf,
+            status = psa_key_derivation_tls12_psk_to_ms_setup(
+                &operation->ctx.tls12_prf,
                 secret, secret_length,
                 hash_alg, salt, salt_length,
                 label, label_length );
@@ -4226,16 +4800,16 @@
         return( status );
 
     if( capacity <= max_capacity )
-        generator->capacity = capacity;
-    else if( capacity == PSA_GENERATOR_UNBRIDLED_CAPACITY )
-        generator->capacity = max_capacity;
+        operation->capacity = capacity;
+    else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY )
+        operation->capacity = max_capacity;
     else
         return( PSA_ERROR_INVALID_ARGUMENT );
 
     return( PSA_SUCCESS );
 }
 
-psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
                                  psa_key_handle_t handle,
                                  psa_algorithm_t alg,
                                  const uint8_t *salt,
@@ -4247,7 +4821,7 @@
     psa_key_slot_t *slot;
     psa_status_t status;
 
-    if( generator->alg != 0 )
+    if( operation->alg != 0 )
         return( PSA_ERROR_BAD_STATE );
 
     /* Make sure that alg is a key derivation algorithm. This prevents
@@ -4263,7 +4837,7 @@
     if( slot->type != PSA_KEY_TYPE_DERIVE )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    status = psa_key_derivation_internal( generator,
+    status = psa_key_derivation_internal( operation,
                                           slot->data.raw.data,
                                           slot->data.raw.bytes,
                                           alg,
@@ -4271,12 +4845,12 @@
                                           label, label_length,
                                           capacity );
     if( status != PSA_SUCCESS )
-        psa_generator_abort( generator );
+        psa_key_derivation_abort( operation );
     return( status );
 }
 
 static psa_status_t psa_key_derivation_setup_kdf(
-    psa_crypto_generator_t *generator,
+    psa_key_derivation_operation_t *operation,
     psa_algorithm_t kdf_alg )
 {
     /* Make sure that kdf_alg is a supported key derivation algorithm. */
@@ -4291,11 +4865,11 @@
             return( PSA_ERROR_NOT_SUPPORTED );
         if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
               PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
-            ! ( hash_alg == PSA_ALG_SHA_256 && hash_alg == PSA_ALG_SHA_384 ) )
+            ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
         {
             return( PSA_ERROR_NOT_SUPPORTED );
         }
-        generator->capacity = 255 * hash_size;
+        operation->capacity = 255 * hash_size;
         return( PSA_SUCCESS );
     }
 #endif /* MBEDTLS_MD_C */
@@ -4303,12 +4877,12 @@
         return( PSA_ERROR_NOT_SUPPORTED );
 }
 
-psa_status_t psa_key_derivation_setup( psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
                                        psa_algorithm_t alg )
 {
     psa_status_t status;
 
-    if( generator->alg != 0 )
+    if( operation->alg != 0 )
         return( PSA_ERROR_BAD_STATE );
 
     if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
@@ -4316,22 +4890,22 @@
     else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
     {
         psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
-        status = psa_key_derivation_setup_kdf( generator, kdf_alg );
+        status = psa_key_derivation_setup_kdf( operation, kdf_alg );
     }
     else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
     {
-        status = psa_key_derivation_setup_kdf( generator, alg );
+        status = psa_key_derivation_setup_kdf( operation, alg );
     }
     else
         return( PSA_ERROR_INVALID_ARGUMENT );
 
     if( status == PSA_SUCCESS )
-        generator->alg = alg;
+        operation->alg = alg;
     return( status );
 }
 
 #if defined(MBEDTLS_MD_C)
-static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf,
+static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
                                     psa_algorithm_t hash_alg,
                                     psa_key_derivation_step_t step,
                                     const uint8_t *data,
@@ -4340,51 +4914,43 @@
     psa_status_t status;
     switch( step )
     {
-        case PSA_KDF_STEP_SALT:
-            if( hkdf->state == HKDF_STATE_INIT )
-            {
-                status = psa_hmac_setup_internal( &hkdf->hmac,
-                                                  data, data_length,
-                                                  hash_alg );
-                if( status != PSA_SUCCESS )
-                    return( status );
-                hkdf->state = HKDF_STATE_STARTED;
-                return( PSA_SUCCESS );
-            }
-            else
+        case PSA_KEY_DERIVATION_INPUT_SALT:
+            if( hkdf->state != HKDF_STATE_INIT )
                 return( PSA_ERROR_BAD_STATE );
-            break;
-        case PSA_KDF_STEP_SECRET:
+            status = psa_hmac_setup_internal( &hkdf->hmac,
+                                              data, data_length,
+                                              hash_alg );
+            if( status != PSA_SUCCESS )
+                return( status );
+            hkdf->state = HKDF_STATE_STARTED;
+            return( PSA_SUCCESS );
+        case PSA_KEY_DERIVATION_INPUT_SECRET:
             /* If no salt was provided, use an empty salt. */
             if( hkdf->state == HKDF_STATE_INIT )
             {
                 status = psa_hmac_setup_internal( &hkdf->hmac,
                                                   NULL, 0,
-                                                  PSA_ALG_HMAC( hash_alg ) );
+                                                  hash_alg );
                 if( status != PSA_SUCCESS )
                     return( status );
                 hkdf->state = HKDF_STATE_STARTED;
             }
-            if( hkdf->state == HKDF_STATE_STARTED )
-            {
-                status = psa_hash_update( &hkdf->hmac.hash_ctx,
-                                          data, data_length );
-                if( status != PSA_SUCCESS )
-                    return( status );
-                status = psa_hmac_finish_internal( &hkdf->hmac,
-                                                   hkdf->prk,
-                                                   sizeof( hkdf->prk ) );
-                if( status != PSA_SUCCESS )
-                    return( status );
-                hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
-                hkdf->block_number = 0;
-                hkdf->state = HKDF_STATE_KEYED;
-                return( PSA_SUCCESS );
-            }
-            else
+            if( hkdf->state != HKDF_STATE_STARTED )
                 return( PSA_ERROR_BAD_STATE );
-            break;
-        case PSA_KDF_STEP_INFO:
+            status = psa_hash_update( &hkdf->hmac.hash_ctx,
+                                      data, data_length );
+            if( status != PSA_SUCCESS )
+                return( status );
+            status = psa_hmac_finish_internal( &hkdf->hmac,
+                                               hkdf->prk,
+                                               sizeof( hkdf->prk ) );
+            if( status != PSA_SUCCESS )
+                return( status );
+            hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
+            hkdf->block_number = 0;
+            hkdf->state = HKDF_STATE_KEYED;
+            return( PSA_SUCCESS );
+        case PSA_KEY_DERIVATION_INPUT_INFO:
             if( hkdf->state == HKDF_STATE_OUTPUT )
                 return( PSA_ERROR_BAD_STATE );
             if( hkdf->info_set )
@@ -4406,74 +4972,74 @@
 #endif /* MBEDTLS_MD_C */
 
 static psa_status_t psa_key_derivation_input_raw(
-    psa_crypto_generator_t *generator,
+    psa_key_derivation_operation_t *operation,
     psa_key_derivation_step_t step,
     const uint8_t *data,
     size_t data_length )
 {
     psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
 
     if( kdf_alg == PSA_ALG_SELECT_RAW )
     {
-        if( generator->capacity != 0 )
+        if( operation->capacity != 0 )
             return( PSA_ERROR_INVALID_ARGUMENT );
-        generator->ctx.buffer.data = mbedtls_calloc( 1, data_length );
-        if( generator->ctx.buffer.data == NULL )
+        operation->ctx.buffer.data = mbedtls_calloc( 1, data_length );
+        if( operation->ctx.buffer.data == NULL )
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( generator->ctx.buffer.data, data, data_length );
-        generator->ctx.buffer.size = data_length;
-        generator->capacity = data_length;
+        memcpy( operation->ctx.buffer.data, data, data_length );
+        operation->ctx.buffer.size = data_length;
+        operation->capacity = data_length;
         status = PSA_SUCCESS;
     }
     else
 #if defined(MBEDTLS_MD_C)
     if( PSA_ALG_IS_HKDF( kdf_alg ) )
     {
-        status = psa_hkdf_input( &generator->ctx.hkdf,
+        status = psa_hkdf_input( &operation->ctx.hkdf,
                                  PSA_ALG_HKDF_GET_HASH( kdf_alg ),
                                  step, data, data_length );
     }
     else
 #endif /* MBEDTLS_MD_C */
 #if defined(MBEDTLS_MD_C)
-    /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
+        /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
     if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-             PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
+        PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
     {
-        // TODO
+        // To do: implement this
         status = PSA_ERROR_NOT_SUPPORTED;
     }
     else
 #endif /* MBEDTLS_MD_C */
     {
-        /* This can't happen unless the generator object was not initialized */
+        /* This can't happen unless the operation object was not initialized */
         return( PSA_ERROR_BAD_STATE );
     }
 
     if( status != PSA_SUCCESS )
-        psa_generator_abort( generator );
+        psa_key_derivation_abort( operation );
     return( status );
 }
 
-psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *operation,
                                              psa_key_derivation_step_t step,
                                              const uint8_t *data,
                                              size_t data_length )
 {
     switch( step )
     {
-        case PSA_KDF_STEP_LABEL:
-        case PSA_KDF_STEP_SALT:
-        case PSA_KDF_STEP_INFO:
-            return( psa_key_derivation_input_raw( generator, step,
+        case PSA_KEY_DERIVATION_INPUT_LABEL:
+        case PSA_KEY_DERIVATION_INPUT_SALT:
+        case PSA_KEY_DERIVATION_INPUT_INFO:
+            return( psa_key_derivation_input_raw( operation, step,
                                                   data, data_length ) );
         default:
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 }
 
-psa_status_t psa_key_derivation_input_key( psa_crypto_generator_t *generator,
+psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation,
                                            psa_key_derivation_step_t step,
                                            psa_key_handle_t handle )
 {
@@ -4481,10 +5047,9 @@
     psa_status_t status;
     status = psa_get_key_from_slot( handle, &slot,
                                     PSA_KEY_USAGE_DERIVE,
-                                    generator->alg );
+                                    operation->alg );
     if( status != PSA_SUCCESS )
         return( status );
-    // TODO: for a key agreement algorithm, allow the corresponding key type and step
     if( slot->type != PSA_KEY_TYPE_DERIVE )
         return( PSA_ERROR_INVALID_ARGUMENT );
     /* Don't allow a key to be used as an input that is usually public.
@@ -4493,9 +5058,9 @@
      * the material should be dedicated to a particular input step,
      * otherwise this may allow the key to be used in an unintended way
      * and leak values derived from the key. So be conservative. */
-    if( step != PSA_KDF_STEP_SECRET )
+    if( step != PSA_KEY_DERIVATION_INPUT_SECRET )
         return( PSA_ERROR_INVALID_ARGUMENT );
-    return( psa_key_derivation_input_raw( generator,
+    return( psa_key_derivation_input_raw( operation,
                                           step,
                                           slot->data.raw.data,
                                           slot->data.raw.bytes ) );
@@ -4553,10 +5118,40 @@
 
 #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
 
-/* Note that if this function fails, you must call psa_generator_abort()
+static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
+                                                    psa_key_slot_t *private_key,
+                                                    const uint8_t *peer_key,
+                                                    size_t peer_key_length,
+                                                    uint8_t *shared_secret,
+                                                    size_t shared_secret_size,
+                                                    size_t *shared_secret_length )
+{
+    switch( alg )
+    {
+#if defined(MBEDTLS_ECDH_C)
+        case PSA_ALG_ECDH:
+            if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->type ) )
+                return( PSA_ERROR_INVALID_ARGUMENT );
+            return( psa_key_agreement_ecdh( peer_key, peer_key_length,
+                                            private_key->data.ecp,
+                                            shared_secret, shared_secret_size,
+                                            shared_secret_length ) );
+#endif /* MBEDTLS_ECDH_C */
+        default:
+            (void) private_key;
+            (void) peer_key;
+            (void) peer_key_length;
+            (void) shared_secret;
+            (void) shared_secret_size;
+            (void) shared_secret_length;
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+}
+
+/* Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
  */
-static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
+static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
                                                 psa_key_derivation_step_t step,
                                                 psa_key_slot_t *private_key,
                                                 const uint8_t *peer_key,
@@ -4565,34 +5160,22 @@
     psa_status_t status;
     uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
     size_t shared_secret_length = 0;
+    psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
 
     /* Step 1: run the secret agreement algorithm to generate the shared
      * secret. */
-    switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg ) )
-    {
-#if defined(MBEDTLS_ECDH_C)
-        case PSA_ALG_ECDH:
-            if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( private_key->type ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            status = psa_key_agreement_ecdh( peer_key, peer_key_length,
-                                             private_key->data.ecp,
+    status = psa_key_agreement_raw_internal( ka_alg,
+                                             private_key,
+                                             peer_key, peer_key_length,
                                              shared_secret,
                                              sizeof( shared_secret ),
                                              &shared_secret_length );
-            break;
-#endif /* MBEDTLS_ECDH_C */
-        default:
-            (void) private_key;
-            (void) peer_key;
-            (void) peer_key_length;
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
     if( status != PSA_SUCCESS )
         goto exit;
 
     /* Step 2: set up the key derivation to generate key material from
      * the shared secret. */
-    status = psa_key_derivation_input_raw( generator, step,
+    status = psa_key_derivation_input_raw( operation, step,
                                            shared_secret, shared_secret_length );
 
 exit:
@@ -4600,28 +5183,69 @@
     return( status );
 }
 
-psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
-                                psa_key_derivation_step_t step,
-                                psa_key_handle_t private_key,
-                                const uint8_t *peer_key,
-                                size_t peer_key_length )
+psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
+                                               psa_key_derivation_step_t step,
+                                               psa_key_handle_t private_key,
+                                               const uint8_t *peer_key,
+                                               size_t peer_key_length )
 {
     psa_key_slot_t *slot;
     psa_status_t status;
-    if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
+    if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
     status = psa_get_key_from_slot( private_key, &slot,
-                                    PSA_KEY_USAGE_DERIVE, generator->alg );
+                                    PSA_KEY_USAGE_DERIVE, operation->alg );
     if( status != PSA_SUCCESS )
         return( status );
-    status = psa_key_agreement_internal( generator, step,
+    status = psa_key_agreement_internal( operation, step,
                                          slot,
                                          peer_key, peer_key_length );
     if( status != PSA_SUCCESS )
-        psa_generator_abort( generator );
+        psa_key_derivation_abort( operation );
     return( status );
 }
 
+psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
+                                    psa_key_handle_t private_key,
+                                    const uint8_t *peer_key,
+                                    size_t peer_key_length,
+                                    uint8_t *output,
+                                    size_t output_size,
+                                    size_t *output_length )
+{
+    psa_key_slot_t *slot;
+    psa_status_t status;
+
+    if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
+    {
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
+    }
+    status = psa_get_key_from_slot( private_key, &slot,
+                                    PSA_KEY_USAGE_DERIVE, alg );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    status = psa_key_agreement_raw_internal( alg, slot,
+                                             peer_key, peer_key_length,
+                                             output, output_size,
+                                             output_length );
+
+exit:
+    if( status != PSA_SUCCESS )
+    {
+        /* If an error happens and is not handled properly, the output
+         * may be used as a key to protect sensitive data. Arrange for such
+         * a key to be random, which is likely to result in decryption or
+         * verification errors. This is better than filling the buffer with
+         * some constant data such as zeros, which would result in the data
+         * being protected with a reproducible, easily knowable key.
+         */
+        psa_generate_random( output, output_size );
+        *output_length = output_size;
+    }
+    return( status );
+}
 
 
 /****************************************************************/
@@ -4638,48 +5262,12 @@
     return( mbedtls_to_psa_error( ret ) );
 }
 
-#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
-
-/* Support function for error conversion between psa_its error codes to psa crypto */
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_KEY_NOT_FOUND:
-            return( PSA_ERROR_EMPTY_SLOT );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_INVALID_KEY:
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_BAD_POINTER:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_OCCUPIED_SLOT );
-
-        default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
-    }
-}
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include "mbedtls/entropy_poll.h"
 
 psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
                                          size_t seed_size )
 {
-    psa_status_t status;
-    psa_its_status_t its_status;
-    struct psa_its_info_t p_info;
     if( global_data.initialized )
         return( PSA_ERROR_NOT_PERMITTED );
 
@@ -4688,41 +5276,50 @@
           ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
 
-    its_status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
-    status = its_to_psa_error( its_status );
-
-    if( PSA_ITS_ERROR_KEY_NOT_FOUND == its_status ) /* No seed exists */
-    {
-        its_status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
-        status = its_to_psa_error( its_status );
-    }
-    else if( PSA_ITS_SUCCESS == its_status )
-    {
-        /* You should not be here. Seed needs to be injected only once */
-        status = PSA_ERROR_NOT_PERMITTED;
-    }
-    return( status );
+    return( mbedtls_psa_storage_inject_entropy( seed, seed_size ) );
 }
-#endif
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
 
-psa_status_t psa_generate_key( psa_key_handle_t handle,
-                               psa_key_type_t type,
-                               size_t bits,
-                               const void *extra,
-                               size_t extra_size )
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
+                                           size_t domain_parameters_size,
+                                           int *exponent )
 {
-    psa_key_slot_t *slot;
-    psa_status_t status;
+    size_t i;
+    uint32_t acc = 0;
 
-    if( extra == NULL && extra_size != 0 )
+    if( domain_parameters_size == 0 )
+    {
+        *exponent = 65537;
+        return( PSA_SUCCESS );
+    }
+
+    /* Mbed TLS encodes the public exponent as an int. For simplicity, only
+     * support values that fit in a 32-bit integer, which is larger than
+     * int on just about every platform anyway. */
+    if( domain_parameters_size > sizeof( acc ) )
+        return( PSA_ERROR_NOT_SUPPORTED );
+    for( i = 0; i < domain_parameters_size; i++ )
+        acc = ( acc << 8 ) | domain_parameters[i];
+    if( acc > INT_MAX )
+        return( PSA_ERROR_NOT_SUPPORTED );
+    *exponent = acc;
+    return( PSA_SUCCESS );
+}
+#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
+
+static psa_status_t psa_generate_key_internal(
+    psa_key_slot_t *slot, size_t bits,
+    const uint8_t *domain_parameters, size_t domain_parameters_size )
+{
+    psa_key_type_t type = slot->type;
+
+    if( domain_parameters == NULL && domain_parameters_size != 0 )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    status = psa_get_empty_key_slot( handle, &slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-
     if( key_type_is_raw_bytes( type ) )
     {
+        psa_status_t status;
         status = prepare_raw_data_slot( type, bits, &slot->data.raw );
         if( status != PSA_SUCCESS )
             return( status );
@@ -4742,30 +5339,23 @@
     else
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
-    if ( type == PSA_KEY_TYPE_RSA_KEYPAIR )
+    if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
     {
         mbedtls_rsa_context *rsa;
         int ret;
-        int exponent = 65537;
+        int exponent;
+        psa_status_t status;
         if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
             return( PSA_ERROR_NOT_SUPPORTED );
         /* Accept only byte-aligned keys, for the same reasons as
          * in psa_import_rsa_key(). */
         if( bits % 8 != 0 )
             return( PSA_ERROR_NOT_SUPPORTED );
-        if( extra != NULL )
-        {
-            const psa_generate_key_extra_rsa *p = extra;
-            if( extra_size != sizeof( *p ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-#if INT_MAX < 0xffffffff
-            /* Check that the uint32_t value passed by the caller fits
-             * in the range supported by this implementation. */
-            if( p->e > INT_MAX )
-                return( PSA_ERROR_NOT_SUPPORTED );
-#endif
-            exponent = p->e;
-        }
+        status = psa_read_rsa_exponent( domain_parameters,
+                                        domain_parameters_size,
+                                        &exponent );
+        if( status != PSA_SUCCESS )
+            return( status );
         rsa = mbedtls_calloc( 1, sizeof( *rsa ) );
         if( rsa == NULL )
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
@@ -4787,7 +5377,7 @@
 #endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
 
 #if defined(MBEDTLS_ECP_C)
-    if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEYPAIR( type ) )
+    if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
     {
         psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE( type );
         mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
@@ -4795,7 +5385,7 @@
             mbedtls_ecp_curve_info_from_grp_id( grp_id );
         mbedtls_ecp_keypair *ecp;
         int ret;
-        if( extra != NULL )
+        if( domain_parameters_size != 0 )
             return( PSA_ERROR_NOT_SUPPORTED );
         if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
             return( PSA_ERROR_NOT_SUPPORTED );
@@ -4821,7 +5411,32 @@
 
         return( PSA_ERROR_NOT_SUPPORTED );
 
+    return( PSA_SUCCESS );
+}
+
+psa_status_t psa_generate_key_to_handle( psa_key_handle_t handle,
+                               psa_key_type_t type,
+                               size_t bits,
+                               const void *extra,
+                               size_t extra_size )
+{
+    psa_key_slot_t *slot;
+    psa_status_t status;
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+    /* The old public exponent encoding is no longer supported. */
+    if( extra_size != 0 )
+        return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+
+    status = psa_get_empty_key_slot( handle, &slot );
+    if( status != PSA_SUCCESS )
+        return( status );
+
     slot->type = type;
+    status = psa_generate_key_internal( slot, bits, extra, extra_size );
+    if( status != PSA_SUCCESS )
+        slot->type = 0;
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
@@ -4833,6 +5448,29 @@
     return( status );
 }
 
+psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
+                               psa_key_handle_t *handle )
+{
+    psa_status_t status;
+    psa_key_slot_t *slot = NULL;
+    status = psa_start_key_creation( attributes, handle, &slot );
+    if( status == PSA_SUCCESS )
+    {
+        status = psa_generate_key_internal(
+            slot, attributes->bits,
+            attributes->domain_parameters, attributes->domain_parameters_size );
+    }
+    if( status == PSA_SUCCESS )
+        status = psa_finish_key_creation( slot );
+    if( status != PSA_SUCCESS )
+    {
+        psa_fail_key_creation( slot );
+        *handle = 0;
+    }
+    return( status );
+}
+
+
 
 /****************************************************************/
 /* Module setup */
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index c289681..5958972 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -41,7 +41,7 @@
     psa_key_type_t type;
     psa_key_policy_t policy;
     psa_key_lifetime_t lifetime;
-    psa_key_id_t persistent_storage_id;
+    psa_key_file_id_t persistent_storage_id;
     unsigned allocated : 1;
     union
     {
@@ -68,7 +68,7 @@
  * \retval PSA_SUCCESS
  *         Success. This includes the case of a key slot that was
  *         already fully wiped.
- * \retval PSA_ERROR_TAMPERING_DETECTED
+ * \retval PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
 
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
new file mode 100644
index 0000000..44d5198
--- /dev/null
+++ b/library/psa_crypto_its.h
@@ -0,0 +1,142 @@
+/** \file psa_crypto_its.h
+ * \brief Interface of trusted storage that crypto is built on.
+ */
+/*  Copyright (C) 2019, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_ITS_H
+#define PSA_CRYPTO_ITS_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <psa/crypto_types.h>
+#include <psa/crypto_values.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** \brief Flags used when creating a data entry
+ */
+typedef uint32_t psa_storage_create_flags_t;
+
+/** \brief A type for UIDs used for identifying data
+ */
+typedef uint64_t psa_storage_uid_t;
+
+#define PSA_STORAGE_FLAG_NONE        0         /**< No flags to pass */
+#define PSA_STORAGE_FLAG_WRITE_ONCE (1 << 0) /**< The data associated with the uid will not be able to be modified or deleted. Intended to be used to set bits in `psa_storage_create_flags_t`*/
+
+/**
+ * \brief A container for metadata associated with a specific uid
+ */
+struct psa_storage_info_t
+{
+    uint32_t size;                  /**< The size of the data associated with a uid **/
+    psa_storage_create_flags_t flags;    /**< The flags set when the uid was created **/
+};
+
+/** Flag indicating that \ref psa_storage_create and \ref psa_storage_set_extended are supported */
+#define PSA_STORAGE_SUPPORT_SET_EXTENDED (1 << 0)
+
+/** \brief PSA storage specific error codes
+ */
+#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)-149)
+#define PSA_ERROR_DATA_CORRUPT          ((psa_status_t)-152)
+
+#define PSA_ITS_API_VERSION_MAJOR  1  /**< The major version number of the PSA ITS API. It will be incremented on significant updates that may include breaking changes */
+#define PSA_ITS_API_VERSION_MINOR  1  /**< The minor version number of the PSA ITS API. It will be incremented in small updates that are unlikely to include breaking changes */
+
+/**
+ * \brief create a new or modify an existing uid/value pair
+ *
+ * \param[in] uid           the identifier for the data
+ * \param[in] data_length   The size in bytes of the data in `p_data`
+ * \param[in] p_data        A buffer containing the data
+ * \param[in] create_flags  The flags that the data will be stored with
+ *
+ * \return      A status indicating the success/failure of the operation
+ *
+ * \retval      PSA_SUCCESS                      The operation completed successfully
+ * \retval      PSA_ERROR_NOT_PERMITTED          The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval      PSA_ERROR_NOT_SUPPORTED          The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid
+ * \retval      PSA_ERROR_INSUFFICIENT_STORAGE   The operation failed because there was insufficient space on the storage medium
+ * \retval      PSA_ERROR_STORAGE_FAILURE        The operation failed because the physical storage has failed (Fatal error)
+ * \retval      PSA_ERROR_INVALID_ARGUMENT       The operation failed because one of the provided pointers(`p_data`)
+ *                                               is invalid, for example is `NULL` or references memory the caller cannot access
+ */
+psa_status_t psa_its_set(psa_storage_uid_t uid,
+                         uint32_t data_length,
+                         const void *p_data,
+                         psa_storage_create_flags_t create_flags);
+
+/**
+ * \brief Retrieve the value associated with a provided uid
+ *
+ * \param[in] uid               The uid value
+ * \param[in] data_offset       The starting offset of the data requested
+ * \param[in] data_length       the amount of data requested (and the minimum allocated size of the `p_data` buffer)
+ * \param[out] p_data           The buffer where the data will be placed upon successful completion
+ *
+ *
+ * \return      A status indicating the success/failure of the operation
+ *
+ * \retval      PSA_SUCCESS                  The operation completed successfully
+ * \retval      PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided `uid` value was not found in the storage
+ * \retval      PSA_ERROR_INVALID_SIZE       The operation failed because the data associated with provided uid is larger than `data_size`
+ * \retval      PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
+ * \retval      PSA_ERROR_INVALID_ARGUMENT   The operation failed because one of the provided pointers(`p_data`, `p_data_length`)
+ *                                           is invalid. For example is `NULL` or references memory the caller cannot access.
+ *                                           In addition, this can also happen if an invalid offset was provided.
+ */
+psa_status_t psa_its_get(psa_storage_uid_t uid,
+                         uint32_t data_offset,
+                         uint32_t data_length,
+                         void *p_data);
+
+/**
+ * \brief Retrieve the metadata about the provided uid
+ *
+ * \param[in] uid           The uid value
+ * \param[out] p_info       A pointer to the `psa_storage_info_t` struct that will be populated with the metadata
+ *
+ * \return      A status indicating the success/failure of the operation
+ *
+ * \retval      PSA_SUCCESS                  The operation completed successfully
+ * \retval      PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided uid value was not found in the storage
+ * \retval      PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
+ * \retval      PSA_ERROR_INVALID_ARGUMENT   The operation failed because one of the provided pointers(`p_info`)
+ *                                           is invalid, for example is `NULL` or references memory the caller cannot access
+ */
+psa_status_t psa_its_get_info(psa_storage_uid_t uid,
+                              struct psa_storage_info_t *p_info);
+
+/**
+ * \brief Remove the provided key and its associated data from the storage
+ *
+ * \param[in] uid   The uid value
+ *
+ * \return  A status indicating the success/failure of the operation
+ *
+ * \retval      PSA_SUCCESS                  The operation completed successfully
+ * \retval      PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided key value was not found in the storage
+ * \retval      PSA_ERROR_NOT_PERMITTED      The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval      PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
+ */
+psa_status_t psa_its_remove(psa_storage_uid_t uid);
+
+#endif /* PSA_CRYPTO_ITS_H */
diff --git a/library/psa_crypto_service_integration.h b/library/psa_crypto_service_integration.h
new file mode 100644
index 0000000..938bfe1
--- /dev/null
+++ b/library/psa_crypto_service_integration.h
@@ -0,0 +1,40 @@
+/*  Copyright (C) 2019, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SERVICE_INTEGRATION_H
+#define PSA_CRYPTO_SERVICE_INTEGRATION_H
+
+/*
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
+ * (Secure Partition Manager) integration which separates the code into two
+ * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
+ * Environment). When building for the SPE, an additional header file should be
+ * included.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+/*
+ * PSA_CRYPTO_SECURE means that the file which included this file is being
+ * compiled for SPE. The files crypto_structs.h and crypto_types.h have
+ * different implementations for NSPE and SPE and are compiled according to this
+ * flag.
+ */
+#define PSA_CRYPTO_SECURE 1
+#include "crypto_spe.h"
+#endif // MBEDTLS_PSA_CRYPTO_SPM
+
+#endif // PSA_CRYPTO_SERVICE_INTEGRATION_H
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index b530ee5..3876f4b 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -27,6 +27,7 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
+#include "psa_crypto_service_integration.h"
 #include "psa/crypto.h"
 
 #include "psa_crypto_core.h"
@@ -128,7 +129,7 @@
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
 {
@@ -167,7 +168,32 @@
     psa_free_persistent_key_data( key_data, key_data_length );
     return( status );
 }
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+/** Check whether a key identifier is acceptable.
+ *
+ * For backward compatibility, key identifiers that were valid in a
+ * past released version must remain valid, unless a migration path
+ * is provided.
+ *
+ * \param file_id       The key identifier to check.
+ * \param vendor_ok     Nonzero to allow key ids in the vendor range.
+ *                      0 to allow only key ids in the application range.
+ *
+ * \return              1 if \p file_id is acceptable, otherwise 0.
+ */
+static int psa_is_key_id_valid( psa_key_file_id_t file_id,
+                                int vendor_ok )
+{
+    psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
+    if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX )
+        return( 1 );
+    else if( vendor_ok &&
+             PSA_KEY_ID_VENDOR_MIN <= key_id &&
+             key_id <= PSA_KEY_ID_VENDOR_MAX )
+        return( 1 );
+    else
+        return( 0 );
+}
 
 /** Declare a slot as persistent and load it from storage.
  *
@@ -179,7 +205,7 @@
  *
  * \retval #PSA_SUCCESS
  *         The slot content was loaded successfully.
- * \retval #PSA_ERROR_EMPTY_SLOT
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
  *         There is no content for this slot in persistent storage.
  * \retval #PSA_ERROR_INVALID_HANDLE
  * \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -188,21 +214,11 @@
  * \retval #PSA_ERROR_STORAGE_FAILURE
  */
 static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
-                                                      psa_key_id_t id )
+                                                      psa_key_file_id_t id )
 {
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     psa_key_slot_t *slot;
     psa_status_t status;
 
-    /* Reject id=0 because by general library conventions, 0 is an invalid
-     * value wherever possible. */
-    if( id == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    /* Reject high values because the file names are reserved for the
-     * library's internal use. */
-    if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
     status = psa_get_key_slot( handle, &slot );
     if( status != PSA_SUCCESS )
         return( status );
@@ -212,26 +228,45 @@
     status = psa_load_persistent_key_into_slot( slot );
 
     return( status );
+}
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+psa_status_t psa_validate_persistent_key_parameters(
+    psa_key_lifetime_t lifetime,
+    psa_key_file_id_t id,
+    int creating )
+{
+    if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+    if( ! psa_is_key_id_valid( id, ! creating ) )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    return( PSA_SUCCESS );
 
 #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-    (void) handle;
     (void) id;
+    (void) creating;
     return( PSA_ERROR_NOT_SUPPORTED );
 #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
 }
 
 static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
-                                          psa_key_id_t id,
+                                          psa_key_file_id_t id,
                                           psa_key_handle_t *handle,
-                                          psa_status_t wanted_load_status )
+                                          int creating )
 {
     psa_status_t status;
+    psa_status_t wanted_load_status =
+        ( creating ? PSA_ERROR_DOES_NOT_EXIST : PSA_SUCCESS );
 
     *handle = 0;
 
-    if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    status = psa_validate_persistent_key_parameters( lifetime, id, creating );
+    if( status != PSA_SUCCESS )
+        return( status );
 
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     status = psa_internal_allocate_key_slot( handle );
     if( status != PSA_SUCCESS )
         return( status );
@@ -243,27 +278,29 @@
         *handle = 0;
     }
     return( status );
+#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+    (void) wanted_load_status;
+    return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
 }
 
-psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
-                           psa_key_id_t id,
-                           psa_key_handle_t *handle )
+psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
 {
-    return( persistent_key_setup( lifetime, id, handle, PSA_SUCCESS ) );
+    return( persistent_key_setup( PSA_KEY_LIFETIME_PERSISTENT,
+                                  id, handle, 0 ) );
 }
 
 psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
-                             psa_key_id_t id,
+                             psa_key_file_id_t id,
                              psa_key_handle_t *handle )
 {
     psa_status_t status;
 
-    status = persistent_key_setup( lifetime, id, handle,
-                                   PSA_ERROR_EMPTY_SLOT );
+    status = persistent_key_setup( lifetime, id, handle, 1 );
     switch( status )
     {
-        case PSA_SUCCESS: return( PSA_ERROR_OCCUPIED_SLOT );
-        case PSA_ERROR_EMPTY_SLOT: return( PSA_SUCCESS );
+        case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
+        case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
         default: return( status );
     }
 }
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 6746bad..2e459d1 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -55,4 +55,29 @@
  * This does not affect persistent storage. */
 void psa_wipe_all_key_slots( void );
 
+/** Test whether the given parameters are acceptable for a persistent key.
+ *
+ * This function does not access the storage in any way. It only tests
+ * whether the parameters are meaningful and permitted by general policy.
+ * It does not test whether the a file by the given id exists or could be
+ * created.
+ *
+ * \param lifetime      The lifetime to test.
+ * \param id            The key id to test.
+ * \param creating      0 if attempting to open an existing key.
+ *                      Nonzero if attempting to create a key.
+ *
+ * \retval PSA_SUCCESS
+ *         The given parameters are valid.
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ *         \p lifetime is volatile or is invalid.
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ *         \p id is invalid.
+ */
+psa_status_t psa_validate_persistent_key_parameters(
+    psa_key_lifetime_t lifetime,
+    psa_key_file_id_t id,
+    int creating );
+
+
 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 687269b..1e3ce08 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -30,18 +30,193 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "psa_crypto_service_integration.h"
 #include "psa/crypto.h"
 #include "psa_crypto_storage.h"
-#include "psa_crypto_storage_backend.h"
 #include "mbedtls/platform_util.h"
 
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+#include "psa_crypto_its.h"
+#else /* Native ITS implementation */
+#include "psa/error.h"
+#include "psa/internal_trusted_storage.h"
+#endif
+
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
+#include <stdlib.h>
 #define mbedtls_calloc   calloc
 #define mbedtls_free     free
 #endif
 
+/* Determine a file name (ITS file identifier) for the given key file
+ * identifier. The file name must be distinct from any file that is used
+ * for a purpose other than storing a key. Currently, the only such file
+ * is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
+ * and whose value is 0xFFFFFF52. */
+static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
+{
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
+    defined(PSA_CRYPTO_SECURE)
+    /* Encode the owner in the upper 32 bits. This means that if
+     * owner values are nonzero (as they are on a PSA platform),
+     * no key file will ever have a value less than 0x100000000, so
+     * the whole range 0..0xffffffff is available for non-key files. */
+    uint32_t unsigned_owner = (uint32_t) file_id.owner;
+    return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
+#else
+    /* Use the key id directly as a file name.
+     * psa_is_key_file_id_valid() in psa_crypto_slot_management.c
+     * is responsible for ensuring that key identifiers do not have a
+     * value that is reserved for non-key files. */
+    return( file_id );
+#endif
+}
+
+/**
+ * \brief Load persistent data for the given key slot number.
+ *
+ * This function reads data from a storage backend and returns the data in a
+ * buffer.
+ *
+ * \param key               Persistent identifier of the key to be loaded. This
+ *                          should be an occupied storage location.
+ * \param[out] data         Buffer where the data is to be written.
+ * \param data_size         Size of the \c data buffer in bytes.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_DOES_NOT_EXIST
+ */
+static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
+                                             uint8_t *data,
+                                             size_t data_size )
+{
+    psa_status_t status;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
+
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( status  != PSA_SUCCESS )
+        return( status );
+
+    status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data );
+
+    return( status );
+}
+
+int psa_is_key_present_in_storage( const psa_key_file_id_t key )
+{
+    psa_status_t ret;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
+        return( 0 );
+    return( 1 );
+}
+
+/**
+ * \brief Store persistent data for the given key slot number.
+ *
+ * This function stores the given data buffer to a persistent storage.
+ *
+ * \param key           Persistent identifier of the key to be stored. This
+ *                      should be an unoccupied storage location.
+ * \param[in] data      Buffer containing the data to be stored.
+ * \param data_length   The number of bytes
+ *                      that make up the data.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ * \retval PSA_ERROR_ALREADY_EXISTS
+ */
+static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
+                                              const uint8_t *data,
+                                              size_t data_length )
+{
+    psa_status_t status;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
+
+    if( psa_is_key_present_in_storage( key ) == 1 )
+        return( PSA_ERROR_ALREADY_EXISTS );
+
+    status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
+    if( status != PSA_SUCCESS )
+    {
+        return( PSA_ERROR_STORAGE_FAILURE );
+    }
+
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( status != PSA_SUCCESS )
+    {
+        goto exit;
+    }
+
+    if( data_identifier_info.size != data_length )
+    {
+        status = PSA_ERROR_STORAGE_FAILURE;
+        goto exit;
+    }
+
+exit:
+    if( status != PSA_SUCCESS )
+        psa_its_remove( data_identifier );
+    return( status );
+}
+
+psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
+{
+    psa_status_t ret;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( ret == PSA_ERROR_DOES_NOT_EXIST )
+        return( PSA_SUCCESS );
+
+    if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
+        return( PSA_ERROR_STORAGE_FAILURE );
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( ret != PSA_ERROR_DOES_NOT_EXIST )
+        return( PSA_ERROR_STORAGE_FAILURE );
+
+    return( PSA_SUCCESS );
+}
+
+/**
+ * \brief Get data length for given key slot number.
+ *
+ * \param key               Persistent identifier whose stored data length
+ *                          is to be obtained.
+ * \param[out] data_length  The number of bytes that make up the data.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_STORAGE_FAILURE
+ */
+static psa_status_t psa_crypto_storage_get_data_length(
+    const psa_key_file_id_t key,
+    size_t *data_length )
+{
+    psa_status_t status;
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_storage_info_t data_identifier_info;
+
+    status = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    *data_length = (size_t) data_identifier_info.size;
+
+    return( PSA_SUCCESS );
+}
+
 /*
  * 32-bit integer manipulation macros (little endian)
  */
@@ -134,20 +309,26 @@
         *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
         return( PSA_ERROR_STORAGE_FAILURE );
 
-    *key_data = mbedtls_calloc( 1, *key_data_length );
-    if( *key_data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if( *key_data_length == 0 )
+    {
+        *key_data = NULL;
+    }
+    else
+    {
+        *key_data = mbedtls_calloc( 1, *key_data_length );
+        if( *key_data == NULL )
+            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+        memcpy( *key_data, storage_format->key_data, *key_data_length );
+    }
 
     GET_UINT32_LE(*type, storage_format->type, 0);
     GET_UINT32_LE(policy->usage, storage_format->policy, 0);
     GET_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
 
-    memcpy( *key_data, storage_format->key_data, *key_data_length );
-
     return( PSA_SUCCESS );
 }
 
-psa_status_t psa_save_persistent_key( const psa_key_id_t key,
+psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
                                       const psa_key_type_t type,
                                       const psa_key_policy_t *policy,
                                       const uint8_t *data,
@@ -185,7 +366,7 @@
     mbedtls_free( key_data );
 }
 
-psa_status_t psa_load_persistent_key( psa_key_id_t key,
+psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
                                       psa_key_type_t *type,
                                       psa_key_policy_t *policy,
                                       uint8_t **data,
@@ -216,4 +397,26 @@
     return( status );
 }
 
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
+                                                 size_t seed_size )
+{
+    psa_status_t status;
+    struct psa_storage_info_t p_info;
+
+    status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+
+    if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
+    {
+        status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
+    }
+    else if( PSA_SUCCESS == status )
+    {
+        /* You should not be here. Seed needs to be injected only once */
+        status = PSA_ERROR_NOT_PERMITTED;
+    }
+    return( status );
+}
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 85881c1..2af624a 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -59,7 +59,22 @@
  * This limitation will probably become moot when we implement client
  * separation for key storage.
  */
-#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xffff0000
+#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER PSA_KEY_ID_VENDOR_MAX
+
+/**
+ * \brief Checks if persistent data is stored for the given key slot number
+ *
+ * This function checks if any key data or metadata exists for the key slot in
+ * the persistent storage.
+ *
+ * \param key           Persistent identifier to check.
+ *
+ * \retval 0
+ *         No persistent data present for slot number
+ * \retval 1
+ *         Persistent data present for slot number
+ */
+int psa_is_key_present_in_storage( const psa_key_file_id_t key );
 
 /**
  * \brief Format key data and metadata and save to a location for given key
@@ -84,9 +99,9 @@
  * \retval PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
+ * \retval PSA_ERROR_ALREADY_EXISTS
  */
-psa_status_t psa_save_persistent_key( const psa_key_id_t key,
+psa_status_t psa_save_persistent_key( const psa_key_file_id_t key,
                                       const psa_key_type_t type,
                                       const psa_key_policy_t *policy,
                                       const uint8_t *data,
@@ -115,9 +130,9 @@
  * \retval PSA_SUCCESS
  * \retval PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_DOES_NOT_EXIST
  */
-psa_status_t psa_load_persistent_key( psa_key_id_t key,
+psa_status_t psa_load_persistent_key( psa_key_file_id_t key,
                                       psa_key_type_t *type,
                                       psa_key_policy_t *policy,
                                       uint8_t **data,
@@ -134,7 +149,7 @@
  *         or the key did not exist.
  * \retval PSA_ERROR_STORAGE_FAILURE
  */
-psa_status_t psa_destroy_persistent_key( const psa_key_id_t key );
+psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key );
 
 /**
  * \brief Free the temporary buffer allocated by psa_load_persistent_key().
@@ -188,6 +203,22 @@
                                               psa_key_type_t *type,
                                               psa_key_policy_t *policy );
 
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/** Backend side of mbedtls_psa_inject_entropy().
+ *
+ * This function stores the supplied data into the entropy seed file.
+ *
+ * \retval #PSA_SUCCESS
+ *         Success
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ *         The entropy seed file already exists.
+ */
+psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
+                                                 size_t seed_size );
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/library/psa_crypto_storage_backend.h b/library/psa_crypto_storage_backend.h
deleted file mode 100644
index 47896b8..0000000
--- a/library/psa_crypto_storage_backend.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/**
- * \file psa_crypto_storage_backend.h
- *
- * \brief PSA cryptography module: Mbed TLS key storage backend
- */
-/*
- *  Copyright (C) 2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef PSA_CRYPTO_STORAGE_BACKEND_H
-#define PSA_CRYPTO_STORAGE_BACKEND_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
-#include "psa/crypto.h"
-#include "psa_crypto_storage.h"
-#include <stdint.h>
-
-/**
- * \brief Load persistent data for the given key slot number.
- *
- * This function reads data from a storage backend and returns the data in a
- * buffer.
- *
- * \param key               Persistent identifier of the key to be loaded. This
- *                          should be an occupied storage location.
- * \param[out] data         Buffer where the data is to be written.
- * \param data_size         Size of the \c data buffer in bytes.
- *
- * \retval PSA_SUCCESS
- * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_EMPTY_SLOT
- */
-psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
-                                      size_t data_size );
-
-/**
- * \brief Store persistent data for the given key slot number.
- *
- * This function stores the given data buffer to a persistent storage.
- *
- * \param key           Persistent identifier of the key to be stored. This
- *                      should be an unoccupied storage location.
- * \param[in] data      Buffer containing the data to be stored.
- * \param data_length   The number of bytes
- *                      that make up the data.
- *
- * \retval PSA_SUCCESS
- * \retval PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval PSA_ERROR_STORAGE_FAILURE
- * \retval PSA_ERROR_OCCUPIED_SLOT
- */
-psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
-                                       const uint8_t *data,
-                                       size_t data_length );
-
-/**
- * \brief Checks if persistent data is stored for the given key slot number
- *
- * This function checks if any key data or metadata exists for the key slot in
- * the persistent storage.
- *
- * \param key           Persistent identifier to check.
- *
- * \retval 0
- *         No persistent data present for slot number
- * \retval 1
- *         Persistent data present for slot number
- */
-int psa_is_key_present_in_storage( const psa_key_id_t key );
-
-/**
- * \brief Get data length for given key slot number.
- *
- * \param key               Persistent identifier whose stored data length
- *                          is to be obtained.
- * \param[out] data_length  The number of bytes that make up the data.
- *
- * \retval PSA_SUCCESS
- * \retval PSA_ERROR_STORAGE_FAILURE
- */
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
-                                                 size_t *data_length );
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_STORAGE_H */
diff --git a/library/psa_crypto_storage_file.c b/library/psa_crypto_storage_file.c
deleted file mode 100644
index 87420be..0000000
--- a/library/psa_crypto_storage_file.c
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- *  PSA file storage backend for persistent keys
- */
-/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
-
-#include <string.h>
-
-#include "psa/crypto.h"
-#include "psa_crypto_storage_backend.h"
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#define mbedtls_snprintf snprintf
-#endif
-
-/* This option sets where files are to be stored. If this is left unset,
- * the files by default will be stored in the same location as the program,
- * which may not be desired or possible. */
-#if !defined(CRYPTO_STORAGE_FILE_LOCATION)
-#define CRYPTO_STORAGE_FILE_LOCATION ""
-#endif
-
-enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
-
-static void key_id_to_location( const psa_key_id_t key,
-                                char *location,
-                                size_t location_size )
-{
-    mbedtls_snprintf( location, location_size,
-                      CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%lu",
-                      (unsigned long) key );
-}
-
-psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
-                                      size_t data_size )
-{
-    psa_status_t status = PSA_SUCCESS;
-    FILE *file;
-    size_t num_read;
-    char slot_location[MAX_LOCATION_LEN];
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-    file = fopen( slot_location, "rb" );
-    if( file == NULL )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-    num_read = fread( data, 1, data_size, file );
-    if( num_read != data_size )
-        status = PSA_ERROR_STORAGE_FAILURE;
-
-exit:
-    if( file != NULL )
-        fclose( file );
-    return( status );
-}
-
-int psa_is_key_present_in_storage( const psa_key_id_t key )
-{
-    char slot_location[MAX_LOCATION_LEN];
-    FILE *file;
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    file = fopen( slot_location, "r" );
-    if( file == NULL )
-    {
-        /* File doesn't exist */
-        return( 0 );
-    }
-
-    fclose( file );
-    return( 1 );
-}
-
-psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
-                                       const uint8_t *data,
-                                       size_t data_length )
-{
-    psa_status_t status = PSA_SUCCESS;
-    int ret;
-    size_t num_written;
-    char slot_location[MAX_LOCATION_LEN];
-    FILE *file;
-    /* The storage location corresponding to "key slot 0" is used as a
-     * temporary location in order to make the apparition of the actual slot
-     * file atomic. 0 is not a valid key slot number, so this should not
-     * affect actual keys. */
-    const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_OCCUPIED_SLOT );
-
-    file = fopen( temp_location, "wb" );
-    if( file == NULL )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    num_written = fwrite( data, 1, data_length, file );
-    if( num_written != data_length )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    ret = fclose( file );
-    file = NULL;
-    if( ret != 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    if( rename( temp_location, slot_location ) != 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-exit:
-    if( file != NULL )
-        fclose( file );
-    remove( temp_location );
-    return( status );
-}
-
-psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
-{
-    FILE *file;
-    char slot_location[MAX_LOCATION_LEN];
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    /* Only try remove the file if it exists */
-    file = fopen( slot_location, "rb" );
-    if( file != NULL )
-    {
-        fclose( file );
-
-        if( remove( slot_location ) != 0 )
-            return( PSA_ERROR_STORAGE_FAILURE );
-    }
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
-                                                 size_t *data_length )
-{
-    psa_status_t status = PSA_SUCCESS;
-    FILE *file;
-    long file_size;
-    char slot_location[MAX_LOCATION_LEN];
-
-    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
-
-    file = fopen( slot_location, "rb" );
-    if( file == NULL )
-        return( PSA_ERROR_EMPTY_SLOT );
-
-    if( fseek( file, 0, SEEK_END ) != 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-    file_size = ftell( file );
-
-    if( file_size < 0 )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-#if LONG_MAX > SIZE_MAX
-    if( (unsigned long) file_size > SIZE_MAX )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-#endif
-    *data_length = (size_t) file_size;
-
-exit:
-    fclose( file );
-    return( status );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c
deleted file mode 100644
index d53467a..0000000
--- a/library/psa_crypto_storage_its.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- *  PSA storage backend for persistent keys using psa_its APIs.
- */
-/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
-
-#include "psa/crypto.h"
-#include "psa_crypto_storage_backend.h"
-#include "psa_prot_internal_storage.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#endif
-
-static psa_status_t its_to_psa_error( psa_its_status_t ret )
-{
-    switch( ret )
-    {
-        case PSA_ITS_SUCCESS:
-            return( PSA_SUCCESS );
-
-        case PSA_ITS_ERROR_KEY_NOT_FOUND:
-            return( PSA_ERROR_EMPTY_SLOT );
-
-        case PSA_ITS_ERROR_STORAGE_FAILURE:
-            return( PSA_ERROR_STORAGE_FAILURE );
-
-        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
-            return( PSA_ERROR_INSUFFICIENT_STORAGE );
-
-        case PSA_ITS_ERROR_INVALID_KEY:
-        case PSA_ITS_ERROR_OFFSET_INVALID:
-        case PSA_ITS_ERROR_INCORRECT_SIZE:
-        case PSA_ITS_ERROR_BAD_POINTER:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case PSA_ITS_ERROR_WRITE_ONCE:
-            return( PSA_ERROR_OCCUPIED_SLOT );
-
-        default:
-            return( PSA_ERROR_UNKNOWN_ERROR );
-    }
-}
-
-static uint32_t psa_its_identifier_of_slot( psa_key_id_t key )
-{
-    return( key );
-}
-
-psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
-                                      size_t data_size )
-{
-    psa_its_status_t ret;
-    psa_status_t status;
-    uint32_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    ret = psa_its_get( data_identifier, 0, data_size, data );
-    status = its_to_psa_error( ret );
-
-    return( status );
-}
-
-int psa_is_key_present_in_storage( const psa_key_id_t key )
-{
-    psa_its_status_t ret;
-    uint32_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-
-    if( ret == PSA_ITS_ERROR_KEY_NOT_FOUND )
-        return( 0 );
-    return( 1 );
-}
-
-psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
-                                       const uint8_t *data,
-                                       size_t data_length )
-{
-    psa_its_status_t ret;
-    psa_status_t status;
-    uint32_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
-
-    if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_OCCUPIED_SLOT );
-
-    ret = psa_its_set( data_identifier, data_length, data, 0 );
-    status = its_to_psa_error( ret );
-    if( status != PSA_SUCCESS )
-    {
-        return( PSA_ERROR_STORAGE_FAILURE );
-    }
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
-    if( status != PSA_SUCCESS )
-    {
-        goto exit;
-    }
-
-    if( data_identifier_info.size != data_length )
-    {
-        status = PSA_ERROR_STORAGE_FAILURE;
-        goto exit;
-    }
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_its_remove( data_identifier );
-    return( status );
-}
-
-psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
-{
-    psa_its_status_t ret;
-    uint32_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret == PSA_ITS_ERROR_KEY_NOT_FOUND )
-        return( PSA_SUCCESS );
-
-    if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS )
-        return( PSA_ERROR_STORAGE_FAILURE );
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret != PSA_ITS_ERROR_KEY_NOT_FOUND )
-        return( PSA_ERROR_STORAGE_FAILURE );
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
-                                                 size_t *data_length )
-{
-    psa_its_status_t ret;
-    psa_status_t status;
-    uint32_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_its_info_t data_identifier_info;
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    status = its_to_psa_error( ret );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    *data_length = (size_t) data_identifier_info.size;
-
-    return( PSA_SUCCESS );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
new file mode 100644
index 0000000..8cdf783
--- /dev/null
+++ b/library/psa_its_file.c
@@ -0,0 +1,247 @@
+/*
+ *  PSA ITS simulator over stdio files.
+ */
+/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if defined(MBEDTLS_CONFIG_FILE)
+#include MBEDTLS_CONFIG_FILE
+#else
+#include "mbedtls/config.h"
+#endif
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_snprintf   snprintf
+#endif
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "psa_crypto_its.h"
+
+#include <limits.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+#define PSA_ITS_STORAGE_PREFIX ""
+
+#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
+#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
+#define PSA_ITS_STORAGE_FILENAME_LENGTH         \
+    ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
+      16 + /*UID (64-bit number in hex)*/                               \
+      sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
+      1 /*terminating null byte*/ )
+#define PSA_ITS_STORAGE_TEMP \
+    PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
+
+/* The maximum value of psa_storage_info_t.size */
+#define PSA_ITS_MAX_SIZE 0xffffffff
+
+#define PSA_ITS_MAGIC_STRING "PSA\0ITS\0"
+#define PSA_ITS_MAGIC_LENGTH 8
+
+/* As rename fails on Windows if the new filepath already exists,
+ * use MoveFileExA with the MOVEFILE_REPLACE_EXISTING flag instead.
+ * Returns 0 on success, nonzero on failure. */
+#if defined(_WIN32)
+#define rename_replace_existing( oldpath, newpath ) \
+    ( ! MoveFileExA( oldpath, newpath, MOVEFILE_REPLACE_EXISTING ) )
+#else
+#define rename_replace_existing( oldpath, newpath ) rename( oldpath, newpath )
+#endif
+
+typedef struct
+{
+    uint8_t magic[PSA_ITS_MAGIC_LENGTH];
+    uint8_t size[sizeof( uint32_t )];
+    uint8_t flags[sizeof( psa_storage_create_flags_t )];
+} psa_its_file_header_t;
+
+static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+{
+    /* Break up the UID into two 32-bit pieces so as not to rely on
+     * long long support in snprintf. */
+    mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+                      "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+                      PSA_ITS_STORAGE_PREFIX,
+                      (unsigned long) ( uid >> 32 ),
+                      (unsigned long) ( uid & 0xffffffff ),
+                      PSA_ITS_STORAGE_SUFFIX );
+}
+
+static psa_status_t psa_its_read_file( psa_storage_uid_t uid,
+                                       struct psa_storage_info_t *p_info,
+                                       FILE **p_stream )
+{
+    char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+    psa_its_file_header_t header;
+    size_t n;
+
+    *p_stream = NULL;
+    psa_its_fill_filename( uid, filename );
+    *p_stream = fopen( filename, "rb" );
+    if( *p_stream == NULL )
+        return( PSA_ERROR_DOES_NOT_EXIST );
+
+    n = fread( &header, 1, sizeof( header ), *p_stream );
+    if( n != sizeof( header ) )
+        return( PSA_ERROR_DATA_CORRUPT );
+    if( memcmp( header.magic, PSA_ITS_MAGIC_STRING,
+                PSA_ITS_MAGIC_LENGTH ) != 0 )
+        return( PSA_ERROR_DATA_CORRUPT );
+
+    p_info->size = ( header.size[0] |
+                     header.size[1] << 8 |
+                     header.size[2] << 16 |
+                     header.size[3] << 24 );
+    p_info->flags = ( header.flags[0] |
+                      header.flags[1] << 8 |
+                      header.flags[2] << 16 |
+                      header.flags[3] << 24 );
+    return( PSA_SUCCESS );
+}
+
+psa_status_t psa_its_get_info( psa_storage_uid_t uid,
+                               struct psa_storage_info_t *p_info )
+{
+    psa_status_t status;
+    FILE *stream = NULL;
+    status = psa_its_read_file( uid, p_info, &stream );
+    if( stream != NULL )
+        fclose( stream );
+    return( status );
+}
+
+psa_status_t psa_its_get( psa_storage_uid_t uid,
+                          uint32_t data_offset,
+                          uint32_t data_length,
+                          void *p_data )
+{
+    psa_status_t status;
+    FILE *stream = NULL;
+    size_t n;
+    struct psa_storage_info_t info;
+
+    status = psa_its_read_file( uid, &info, &stream );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    status = PSA_ERROR_INVALID_ARGUMENT;
+    if( data_offset + data_length < data_offset )
+        goto exit;
+#if SIZE_MAX < 0xffffffff
+    if( data_offset + data_length > SIZE_MAX )
+        goto exit;
+#endif
+    if( data_offset + data_length > info.size )
+        goto exit;
+
+    status = PSA_ERROR_STORAGE_FAILURE;
+#if LONG_MAX < 0xffffffff
+    while( data_offset > LONG_MAX )
+    {
+        if( fseek( stream, LONG_MAX, SEEK_CUR ) != 0 )
+            goto exit;
+        data_offset -= LONG_MAX;
+    }
+#endif
+    if( fseek( stream, data_offset, SEEK_CUR ) != 0 )
+        goto exit;
+    n = fread( p_data, 1, data_length, stream );
+    if( n != data_length )
+        goto exit;
+    status = PSA_SUCCESS;
+
+exit:
+    if( stream != NULL )
+        fclose( stream );
+    return( status );
+}
+
+psa_status_t psa_its_set( psa_storage_uid_t uid,
+                          uint32_t data_length,
+                          const void *p_data,
+                          psa_storage_create_flags_t create_flags )
+{
+    psa_status_t status = PSA_ERROR_STORAGE_FAILURE;
+    char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+    FILE *stream = NULL;
+    psa_its_file_header_t header;
+    size_t n;
+
+    memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
+    header.size[0] = data_length & 0xff;
+    header.size[1] = ( data_length >> 8 ) & 0xff;
+    header.size[2] = ( data_length >> 16 ) & 0xff;
+    header.size[3] = ( data_length >> 24 ) & 0xff;
+    header.flags[0] = create_flags & 0xff;
+    header.flags[1] = ( create_flags >> 8 ) & 0xff;
+    header.flags[2] = ( create_flags >> 16 ) & 0xff;
+    header.flags[3] = ( create_flags >> 24 ) & 0xff;
+
+    psa_its_fill_filename( uid, filename );
+    stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
+    if( stream == NULL )
+        goto exit;
+
+    status = PSA_ERROR_INSUFFICIENT_STORAGE;
+    n = fwrite( &header, 1, sizeof( header ), stream );
+    if( n != sizeof( header ) )
+        goto exit;
+    n = fwrite( p_data, 1, data_length, stream );
+    if( n != data_length )
+        goto exit;
+    status = PSA_SUCCESS;
+
+exit:
+    if( stream != NULL )
+    {
+        int ret = fclose( stream );
+        if( status == PSA_SUCCESS && ret != 0 )
+            status = PSA_ERROR_INSUFFICIENT_STORAGE;
+    }
+    if( status == PSA_SUCCESS )
+    {
+        if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 )
+            status = PSA_ERROR_STORAGE_FAILURE;
+    }
+    remove( PSA_ITS_STORAGE_TEMP );
+    return( status );
+}
+
+psa_status_t psa_its_remove( psa_storage_uid_t uid )
+{
+    char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+    FILE *stream;
+    psa_its_fill_filename( uid, filename );
+    stream = fopen( filename, "rb" );
+    if( stream == NULL )
+        return( PSA_ERROR_DOES_NOT_EXIST );
+    fclose( stream );
+    if( remove( filename ) != 0 )
+        return( PSA_ERROR_STORAGE_FAILURE );
+    return( PSA_SUCCESS );
+}
+
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
diff --git a/library/rsa.c b/library/rsa.c
index c64f148..a35af44 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -71,6 +71,12 @@
 
 #if !defined(MBEDTLS_RSA_ALT)
 
+/* Parameter validation macros */
+#define RSA_VALIDATE_RET( cond )                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
+#define RSA_VALIDATE( cond )                                           \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if defined(MBEDTLS_PKCS1_V15)
 /* constant-time buffer comparison */
 static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
@@ -93,6 +99,7 @@
                         const mbedtls_mpi *D, const mbedtls_mpi *E )
 {
     int ret;
+    RSA_VALIDATE_RET( ctx != NULL );
 
     if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
         ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
@@ -117,6 +124,7 @@
                             unsigned char const *E, size_t E_len )
 {
     int ret = 0;
+    RSA_VALIDATE_RET( ctx != NULL );
 
     if( N != NULL )
     {
@@ -240,12 +248,16 @@
 int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
 {
     int ret = 0;
+    int have_N, have_P, have_Q, have_D, have_E;
+    int n_missing, pq_missing, d_missing, is_pub, is_priv;
 
-    const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
-    const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
-    const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
-    const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
-    const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
+    RSA_VALIDATE_RET( ctx != NULL );
+
+    have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
+    have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
+    have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
+    have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
+    have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
 
     /*
      * Check whether provided parameters are enough
@@ -257,13 +269,13 @@
      *
      */
 
-    const int n_missing  =              have_P &&  have_Q &&  have_D && have_E;
-    const int pq_missing =   have_N && !have_P && !have_Q &&  have_D && have_E;
-    const int d_missing  =              have_P &&  have_Q && !have_D && have_E;
-    const int is_pub     =   have_N && !have_P && !have_Q && !have_D && have_E;
+    n_missing  =              have_P &&  have_Q &&  have_D && have_E;
+    pq_missing =   have_N && !have_P && !have_Q &&  have_D && have_E;
+    d_missing  =              have_P &&  have_Q && !have_D && have_E;
+    is_pub     =   have_N && !have_P && !have_Q && !have_D && have_E;
 
     /* These three alternatives are mutually exclusive */
-    const int is_priv = n_missing || pq_missing || d_missing;
+    is_priv = n_missing || pq_missing || d_missing;
 
     if( !is_priv && !is_pub )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -336,9 +348,11 @@
                             unsigned char *E, size_t E_len )
 {
     int ret = 0;
+    int is_priv;
+    RSA_VALIDATE_RET( ctx != NULL );
 
     /* Check if key is private or public */
-    const int is_priv =
+    is_priv =
         mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
         mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
         mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
@@ -379,9 +393,11 @@
                         mbedtls_mpi *D, mbedtls_mpi *E )
 {
     int ret;
+    int is_priv;
+    RSA_VALIDATE_RET( ctx != NULL );
 
     /* Check if key is private or public */
-    int is_priv =
+    is_priv =
         mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
         mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
         mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
@@ -421,9 +437,11 @@
                             mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
 {
     int ret;
+    int is_priv;
+    RSA_VALIDATE_RET( ctx != NULL );
 
     /* Check if key is private or public */
-    int is_priv =
+    is_priv =
         mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
         mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
         mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
@@ -459,6 +477,10 @@
                int padding,
                int hash_id )
 {
+    RSA_VALIDATE( ctx != NULL );
+    RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
+                  padding == MBEDTLS_RSA_PKCS_V21 );
+
     memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
 
     mbedtls_rsa_set_padding( ctx, padding, hash_id );
@@ -471,8 +493,13 @@
 /*
  * Set padding for an existing RSA context
  */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
+void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+                              int hash_id )
 {
+    RSA_VALIDATE( ctx != NULL );
+    RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
+                  padding == MBEDTLS_RSA_PKCS_V21 );
+
     ctx->padding = padding;
     ctx->hash_id = hash_id;
 }
@@ -503,11 +530,10 @@
     int ret;
     mbedtls_mpi H, G, L;
     int prime_quality = 0;
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( f_rng != NULL );
 
-    if( f_rng == NULL || nbits < 128 || exponent < 3 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( nbits % 2 )
+    if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     /*
@@ -612,6 +638,8 @@
  */
 int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
 {
+    RSA_VALIDATE_RET( ctx != NULL );
+
     if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
 
@@ -635,6 +663,8 @@
  */
 int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
 {
+    RSA_VALIDATE_RET( ctx != NULL );
+
     if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
         rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
     {
@@ -664,6 +694,9 @@
 int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
                                 const mbedtls_rsa_context *prv )
 {
+    RSA_VALIDATE_RET( pub != NULL );
+    RSA_VALIDATE_RET( prv != NULL );
+
     if( mbedtls_rsa_check_pubkey( pub )  != 0 ||
         mbedtls_rsa_check_privkey( prv ) != 0 )
     {
@@ -689,6 +722,9 @@
     int ret;
     size_t olen;
     mbedtls_mpi T;
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( input != NULL );
+    RSA_VALIDATE_RET( output != NULL );
 
     if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -831,6 +867,10 @@
      * checked result; should be the same in the end. */
     mbedtls_mpi I, C;
 
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( input  != NULL );
+    RSA_VALIDATE_RET( output != NULL );
+
     if( rsa_check_context( ctx, 1             /* private key checks */,
                                 f_rng != NULL /* blinding y/n       */ ) != 0 )
     {
@@ -1091,6 +1131,13 @@
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
 
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( output != NULL );
+    RSA_VALIDATE_RET( ilen == 0 || input != NULL );
+    RSA_VALIDATE_RET( label_len == 0 || label != NULL );
+
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
@@ -1168,13 +1215,13 @@
     int ret;
     unsigned char *p = output;
 
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( output != NULL );
+    RSA_VALIDATE_RET( ilen == 0 || input != NULL );
 
-    // We don't check p_rng because it won't be dereferenced here
-    if( f_rng == NULL || output == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    if( ilen != 0 && input == NULL )
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     olen = ctx->len;
@@ -1188,6 +1235,9 @@
     *p++ = 0;
     if( mode == MBEDTLS_RSA_PUBLIC )
     {
+        if( f_rng == NULL )
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
         *p++ = MBEDTLS_RSA_CRYPT;
 
         while( nb_pad-- > 0 )
@@ -1233,6 +1283,12 @@
                        const unsigned char *input,
                        unsigned char *output )
 {
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( output != NULL );
+    RSA_VALIDATE_RET( ilen == 0 || input != NULL );
+
     switch( ctx->padding )
     {
 #if defined(MBEDTLS_PKCS1_V15)
@@ -1275,6 +1331,14 @@
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
 
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
+    RSA_VALIDATE_RET( label_len == 0 || label != NULL );
+    RSA_VALIDATE_RET( input != NULL );
+    RSA_VALIDATE_RET( olen != NULL );
+
     /*
      * Parameters sanity checks
      */
@@ -1392,6 +1456,97 @@
 #endif /* MBEDTLS_PKCS1_V21 */
 
 #if defined(MBEDTLS_PKCS1_V15)
+/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches.
+ *
+ * \param value     The value to analyze.
+ * \return          Zero if \p value is zero, otherwise all-bits-one.
+ */
+static unsigned all_or_nothing_int( unsigned value )
+{
+    /* MSVC has a warning about unary minus on unsigned, but this is
+     * well-defined and precisely what we want to do here */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+}
+
+/** Check whether a size is out of bounds, without branches.
+ *
+ * This is equivalent to `size > max`, but is likely to be compiled to
+ * to code using bitwise operation rather than a branch.
+ *
+ * \param size      Size to check.
+ * \param max       Maximum desired value for \p size.
+ * \return          \c 0 if `size <= max`.
+ * \return          \c 1 if `size > max`.
+ */
+static unsigned size_greater_than( size_t size, size_t max )
+{
+    /* Return the sign bit (1 for negative) of (max - size). */
+    return( ( max - size ) >> ( sizeof( size_t ) * 8 - 1 ) );
+}
+
+/** Choose between two integer values, without branches.
+ *
+ * This is equivalent to `cond ? if1 : if0`, but is likely to be compiled
+ * to code using bitwise operation rather than a branch.
+ *
+ * \param cond      Condition to test.
+ * \param if1       Value to use if \p cond is nonzero.
+ * \param if0       Value to use if \p cond is zero.
+ * \return          \c if1 if \p cond is nonzero, otherwise \c if0.
+ */
+static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 )
+{
+    unsigned mask = all_or_nothing_int( cond );
+    return( ( mask & if1 ) | (~mask & if0 ) );
+}
+
+/** Shift some data towards the left inside a buffer without leaking
+ * the length of the data through side channels.
+ *
+ * `mem_move_to_left(start, total, offset)` is functionally equivalent to
+ * ```
+ * memmove(start, start + offset, total - offset);
+ * memset(start + offset, 0, total - offset);
+ * ```
+ * but it strives to use a memory access pattern (and thus total timing)
+ * that does not depend on \p offset. This timing independence comes at
+ * the expense of performance.
+ *
+ * \param start     Pointer to the start of the buffer.
+ * \param total     Total size of the buffer.
+ * \param offset    Offset from which to copy \p total - \p offset bytes.
+ */
+static void mem_move_to_left( void *start,
+                              size_t total,
+                              size_t offset )
+{
+    volatile unsigned char *buf = start;
+    size_t i, n;
+    if( total == 0 )
+        return;
+    for( i = 0; i < total; i++ )
+    {
+        unsigned no_op = size_greater_than( total - offset, i );
+        /* The first `total - offset` passes are a no-op. The last
+         * `offset` passes shift the data one byte to the left and
+         * zero out the last byte. */
+        for( n = 0; n < total - 1; n++ )
+        {
+            unsigned char current = buf[n];
+            unsigned char next = buf[n+1];
+            buf[n] = if_int( no_op, current, next );
+        }
+        buf[total-1] = if_int( no_op, buf[total-1], 0 );
+    }
+}
+
 /*
  * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
  */
@@ -1401,18 +1556,42 @@
                                  int mode, size_t *olen,
                                  const unsigned char *input,
                                  unsigned char *output,
-                                 size_t output_max_len)
+                                 size_t output_max_len )
 {
     int ret;
-    size_t ilen, pad_count = 0, i;
-    unsigned char *p, bad, pad_done = 0;
+    size_t ilen, i, plaintext_max_size;
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    /* The following variables take sensitive values: their value must
+     * not leak into the observable behavior of the function other than
+     * the designated outputs (output, olen, return value). Otherwise
+     * this would open the execution of the function to
+     * side-channel-based variants of the Bleichenbacher padding oracle
+     * attack. Potential side channels include overall timing, memory
+     * access patterns (especially visible to an adversary who has access
+     * to a shared memory cache), and branches (especially visible to
+     * an adversary who has access to a shared code cache or to a shared
+     * branch predictor). */
+    size_t pad_count = 0;
+    unsigned bad = 0;
+    unsigned char pad_done = 0;
+    size_t plaintext_size = 0;
+    unsigned output_too_large;
+
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
+    RSA_VALIDATE_RET( input != NULL );
+    RSA_VALIDATE_RET( olen != NULL );
+
+    ilen = ctx->len;
+    plaintext_max_size = ( output_max_len > ilen - 11 ?
+                           ilen - 11 :
+                           output_max_len );
 
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
-    ilen = ctx->len;
-
     if( ilen < 16 || ilen > sizeof( buf ) )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
@@ -1423,64 +1602,115 @@
     if( ret != 0 )
         goto cleanup;
 
-    p = buf;
-    bad = 0;
+    /* Check and get padding length in constant time and constant
+     * memory trace. The first byte must be 0. */
+    bad |= buf[0];
 
-    /*
-     * Check and get padding len in "constant-time"
-     */
-    bad |= *p++; /* First byte must be 0 */
-
-    /* This test does not depend on secret data */
     if( mode == MBEDTLS_RSA_PRIVATE )
     {
-        bad |= *p++ ^ MBEDTLS_RSA_CRYPT;
+        /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
+         * where PS must be at least 8 nonzero bytes. */
+        bad |= buf[1] ^ MBEDTLS_RSA_CRYPT;
 
-        /* Get padding len, but always read till end of buffer
-         * (minus one, for the 00 byte) */
-        for( i = 0; i < ilen - 3; i++ )
+        /* Read the whole buffer. Set pad_done to nonzero if we find
+         * the 0x00 byte and remember the padding length in pad_count. */
+        for( i = 2; i < ilen; i++ )
         {
-            pad_done  |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
+            pad_done  |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1;
             pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
         }
-
-        p += pad_count;
-        bad |= *p++; /* Must be zero */
     }
     else
     {
-        bad |= *p++ ^ MBEDTLS_RSA_SIGN;
+        /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
+         * where PS must be at least 8 bytes with the value 0xFF. */
+        bad |= buf[1] ^ MBEDTLS_RSA_SIGN;
 
-        /* Get padding len, but always read till end of buffer
-         * (minus one, for the 00 byte) */
-        for( i = 0; i < ilen - 3; i++ )
+        /* Read the whole buffer. Set pad_done to nonzero if we find
+         * the 0x00 byte and remember the padding length in pad_count.
+         * If there's a non-0xff byte in the padding, the padding is bad. */
+        for( i = 2; i < ilen; i++ )
         {
-            pad_done |= ( p[i] != 0xFF );
-            pad_count += ( pad_done == 0 );
+            pad_done |= if_int( buf[i], 0, 1 );
+            pad_count += if_int( pad_done, 0, 1 );
+            bad |= if_int( pad_done, 0, buf[i] ^ 0xFF );
         }
-
-        p += pad_count;
-        bad |= *p++; /* Must be zero */
     }
 
-    bad |= ( pad_count < 8 );
+    /* If pad_done is still zero, there's no data, only unfinished padding. */
+    bad |= if_int( pad_done, 0, 1 );
 
-    if( bad )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto cleanup;
-    }
+    /* There must be at least 8 bytes of padding. */
+    bad |= size_greater_than( 8, pad_count );
 
-    if( ilen - ( p - buf ) > output_max_len )
-    {
-        ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
-        goto cleanup;
-    }
+    /* If the padding is valid, set plaintext_size to the number of
+     * remaining bytes after stripping the padding. If the padding
+     * is invalid, avoid leaking this fact through the size of the
+     * output: use the maximum message size that fits in the output
+     * buffer. Do it without branches to avoid leaking the padding
+     * validity through timing. RSA keys are small enough that all the
+     * size_t values involved fit in unsigned int. */
+    plaintext_size = if_int( bad,
+                             (unsigned) plaintext_max_size,
+                             (unsigned) ( ilen - pad_count - 3 ) );
 
-    *olen = ilen - (p - buf);
-    if( *olen != 0 )
-        memcpy( output, p, *olen );
-    ret = 0;
+    /* Set output_too_large to 0 if the plaintext fits in the output
+     * buffer and to 1 otherwise. */
+    output_too_large = size_greater_than( plaintext_size,
+                                          plaintext_max_size );
+
+    /* Set ret without branches to avoid timing attacks. Return:
+     * - INVALID_PADDING if the padding is bad (bad != 0).
+     * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
+     *   plaintext does not fit in the output buffer.
+     * - 0 if the padding is correct. */
+    ret = - (int) if_int( bad, - MBEDTLS_ERR_RSA_INVALID_PADDING,
+                  if_int( output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
+                          0 ) );
+
+    /* If the padding is bad or the plaintext is too large, zero the
+     * data that we're about to copy to the output buffer.
+     * We need to copy the same amount of data
+     * from the same buffer whether the padding is good or not to
+     * avoid leaking the padding validity through overall timing or
+     * through memory or cache access patterns. */
+    bad = all_or_nothing_int( bad | output_too_large );
+    for( i = 11; i < ilen; i++ )
+        buf[i] &= ~bad;
+
+    /* If the plaintext is too large, truncate it to the buffer size.
+     * Copy anyway to avoid revealing the length through timing, because
+     * revealing the length is as bad as revealing the padding validity
+     * for a Bleichenbacher attack. */
+    plaintext_size = if_int( output_too_large,
+                             (unsigned) plaintext_max_size,
+                             (unsigned) plaintext_size );
+
+    /* Move the plaintext to the leftmost position where it can start in
+     * the working buffer, i.e. make it start plaintext_max_size from
+     * the end of the buffer. Do this with a memory access trace that
+     * does not depend on the plaintext size. After this move, the
+     * starting location of the plaintext is no longer sensitive
+     * information. */
+    mem_move_to_left( buf + ilen - plaintext_max_size,
+                      plaintext_max_size,
+                      plaintext_max_size - plaintext_size );
+
+    /* Finally copy the decrypted plaintext plus trailing zeros into the output
+     * buffer. If output_max_len is 0, then output may be an invalid pointer
+     * and the result of memcpy() would be undefined; prevent undefined
+     * behavior making sure to depend only on output_max_len (the size of the
+     * user-provided output buffer), which is independent from plaintext
+     * length, validity of padding, success of the decryption, and other
+     * secrets. */
+    if( output_max_len != 0 )
+        memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
+
+    /* Report the amount of data we copied to the output buffer. In case
+     * of errors (bad padding or output too large), the value of *olen
+     * when this function returns is not specified. Making it equivalent
+     * to the good case limits the risks of leaking the padding validity. */
+    *olen = plaintext_size;
 
 cleanup:
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
@@ -1500,6 +1730,13 @@
                        unsigned char *output,
                        size_t output_max_len)
 {
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
+    RSA_VALIDATE_RET( input != NULL );
+    RSA_VALIDATE_RET( olen != NULL );
+
     switch( ctx->padding )
     {
 #if defined(MBEDTLS_PKCS1_V15)
@@ -1541,6 +1778,13 @@
     size_t msb;
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
+                        hashlen == 0 ) ||
+                      hash != NULL );
+    RSA_VALIDATE_RET( sig != NULL );
 
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1788,6 +2032,14 @@
     int ret;
     unsigned char *sig_try = NULL, *verif = NULL;
 
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
+                        hashlen == 0 ) ||
+                      hash != NULL );
+    RSA_VALIDATE_RET( sig != NULL );
+
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
@@ -1857,6 +2109,14 @@
                     const unsigned char *hash,
                     unsigned char *sig )
 {
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
+                        hashlen == 0 ) ||
+                      hash != NULL );
+    RSA_VALIDATE_RET( sig != NULL );
+
     switch( ctx->padding )
     {
 #if defined(MBEDTLS_PKCS1_V15)
@@ -1903,6 +2163,14 @@
     mbedtls_md_context_t md_ctx;
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
 
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( sig != NULL );
+    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
+                        hashlen == 0 ) ||
+                      hash != NULL );
+
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
@@ -2031,7 +2299,16 @@
                            const unsigned char *hash,
                            const unsigned char *sig )
 {
-    mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
+    mbedtls_md_type_t mgf1_hash_id;
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( sig != NULL );
+    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
+                        hashlen == 0 ) ||
+                      hash != NULL );
+
+    mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
                              ? (mbedtls_md_type_t) ctx->hash_id
                              : md_alg;
 
@@ -2057,9 +2334,19 @@
                                  const unsigned char *sig )
 {
     int ret = 0;
-    const size_t sig_len = ctx->len;
+    size_t sig_len;
     unsigned char *encoded = NULL, *encoded_expected = NULL;
 
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( sig != NULL );
+    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
+                        hashlen == 0 ) ||
+                      hash != NULL );
+
+    sig_len = ctx->len;
+
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
@@ -2129,6 +2416,14 @@
                       const unsigned char *hash,
                       const unsigned char *sig )
 {
+    RSA_VALIDATE_RET( ctx != NULL );
+    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+                      mode == MBEDTLS_RSA_PUBLIC );
+    RSA_VALIDATE_RET( sig != NULL );
+    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
+                        hashlen == 0 ) ||
+                      hash != NULL );
+
     switch( ctx->padding )
     {
 #if defined(MBEDTLS_PKCS1_V15)
@@ -2154,6 +2449,8 @@
 int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
 {
     int ret;
+    RSA_VALIDATE_RET( dst != NULL );
+    RSA_VALIDATE_RET( src != NULL );
 
     dst->ver = src->ver;
     dst->len = src->len;
@@ -2193,14 +2490,23 @@
  */
 void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
 {
-    mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D  );
-    mbedtls_mpi_free( &ctx->Q  ); mbedtls_mpi_free( &ctx->P  );
-    mbedtls_mpi_free( &ctx->E  ); mbedtls_mpi_free( &ctx->N  );
+    if( ctx == NULL )
+        return;
+
+    mbedtls_mpi_free( &ctx->Vi );
+    mbedtls_mpi_free( &ctx->Vf );
+    mbedtls_mpi_free( &ctx->RN );
+    mbedtls_mpi_free( &ctx->D  );
+    mbedtls_mpi_free( &ctx->Q  );
+    mbedtls_mpi_free( &ctx->P  );
+    mbedtls_mpi_free( &ctx->E  );
+    mbedtls_mpi_free( &ctx->N  );
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ );
+    mbedtls_mpi_free( &ctx->RQ );
+    mbedtls_mpi_free( &ctx->RP );
+    mbedtls_mpi_free( &ctx->QP );
+    mbedtls_mpi_free( &ctx->DQ );
     mbedtls_mpi_free( &ctx->DP );
 #endif /* MBEDTLS_RSA_NO_CRT */
 
diff --git a/library/sha1.c b/library/sha1.c
index bab6087..e8d4096 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -46,6 +46,11 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
+#define SHA1_VALIDATE_RET(cond)                             \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
+
+#define SHA1_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if !defined(MBEDTLS_SHA1_ALT)
 
 /*
@@ -73,6 +78,8 @@
 
 void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
 {
+    SHA1_VALIDATE( ctx != NULL );
+
     memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
 }
 
@@ -87,6 +94,9 @@
 void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
                          const mbedtls_sha1_context *src )
 {
+    SHA1_VALIDATE( dst != NULL );
+    SHA1_VALIDATE( src != NULL );
+
     *dst = *src;
 }
 
@@ -95,6 +105,8 @@
  */
 int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
 {
+    SHA1_VALIDATE_RET( ctx != NULL );
+
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
@@ -120,6 +132,9 @@
 {
     uint32_t temp, W[16], A, B, C, D, E;
 
+    SHA1_VALIDATE_RET( ctx != NULL );
+    SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
+
     GET_UINT32_BE( W[ 0], data,  0 );
     GET_UINT32_BE( W[ 1], data,  4 );
     GET_UINT32_BE( W[ 2], data,  8 );
@@ -294,6 +309,9 @@
     size_t fill;
     uint32_t left;
 
+    SHA1_VALIDATE_RET( ctx != NULL );
+    SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
+
     if( ilen == 0 )
         return( 0 );
 
@@ -352,6 +370,9 @@
     uint32_t used;
     uint32_t high, low;
 
+    SHA1_VALIDATE_RET( ctx != NULL );
+    SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+
     /*
      * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
      */
@@ -420,6 +441,9 @@
     int ret;
     mbedtls_sha1_context ctx;
 
+    SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
+    SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+
     mbedtls_sha1_init( &ctx );
 
     if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
diff --git a/library/sha256.c b/library/sha256.c
index dbb4a89..8a540ad 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -49,6 +49,10 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
+#define SHA256_VALIDATE_RET(cond)                           \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
+#define SHA256_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if !defined(MBEDTLS_SHA256_ALT)
 
 /*
@@ -76,6 +80,8 @@
 
 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
 {
+    SHA256_VALIDATE( ctx != NULL );
+
     memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
 }
 
@@ -90,6 +96,9 @@
 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
                            const mbedtls_sha256_context *src )
 {
+    SHA256_VALIDATE( dst != NULL );
+    SHA256_VALIDATE( src != NULL );
+
     *dst = *src;
 }
 
@@ -98,6 +107,9 @@
  */
 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
 {
+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
@@ -192,6 +204,9 @@
     uint32_t A[8];
     unsigned int i;
 
+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
+
     for( i = 0; i < 8; i++ )
         A[i] = ctx->state[i];
 
@@ -263,6 +278,9 @@
     size_t fill;
     uint32_t left;
 
+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+
     if( ilen == 0 )
         return( 0 );
 
@@ -321,6 +339,9 @@
     uint32_t used;
     uint32_t high, low;
 
+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
     /*
      * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
      */
@@ -395,6 +416,10 @@
     int ret;
     mbedtls_sha256_context ctx;
 
+    SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+    SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+    SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
     mbedtls_sha256_init( &ctx );
 
     if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
diff --git a/library/sha512.c b/library/sha512.c
index a9440e8..941ecda 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -55,6 +55,10 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
+#define SHA512_VALIDATE_RET(cond)                           \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
+#define SHA512_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if !defined(MBEDTLS_SHA512_ALT)
 
 /*
@@ -90,6 +94,8 @@
 
 void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
 {
+    SHA512_VALIDATE( ctx != NULL );
+
     memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
 }
 
@@ -104,6 +110,9 @@
 void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
                            const mbedtls_sha512_context *src )
 {
+    SHA512_VALIDATE( dst != NULL );
+    SHA512_VALIDATE( src != NULL );
+
     *dst = *src;
 }
 
@@ -112,6 +121,9 @@
  */
 int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
 {
+    SHA512_VALIDATE_RET( ctx != NULL );
+    SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
@@ -209,6 +221,9 @@
     uint64_t temp1, temp2, W[80];
     uint64_t A, B, C, D, E, F, G, H;
 
+    SHA512_VALIDATE_RET( ctx != NULL );
+    SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
+
 #define  SHR(x,n) (x >> n)
 #define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
 
@@ -294,6 +309,9 @@
     size_t fill;
     unsigned int left;
 
+    SHA512_VALIDATE_RET( ctx != NULL );
+    SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
+
     if( ilen == 0 )
         return( 0 );
 
@@ -351,6 +369,9 @@
     unsigned used;
     uint64_t high, low;
 
+    SHA512_VALIDATE_RET( ctx != NULL );
+    SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
+
     /*
      * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
      */
@@ -427,6 +448,10 @@
     int ret;
     mbedtls_sha512_context ctx;
 
+    SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+    SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
+    SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
+
     mbedtls_sha512_init( &ctx );
 
     if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 47867f1..62a0a29 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -40,6 +40,7 @@
 #endif
 
 #include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_internal.h"
 
 #include <string.h>
 
@@ -92,16 +93,24 @@
                     entry->session.id_len ) != 0 )
             continue;
 
-        memcpy( session->master, entry->session.master, 48 );
+        ret = mbedtls_ssl_session_copy( session, &entry->session );
+        if( ret != 0 )
+        {
+            ret = 1;
+            goto exit;
+        }
 
-        session->verify_result = entry->session.verify_result;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         /*
          * Restore peer certificate (without rest of the original chain)
          */
         if( entry->peer_cert.p != NULL )
         {
+            /* `session->peer_cert` is NULL after the call to
+             * mbedtls_ssl_session_copy(), because cache entries
+             * have the `peer_cert` field set to NULL. */
+
             if( ( session->peer_cert = mbedtls_calloc( 1,
                                  sizeof(mbedtls_x509_crt) ) ) == NULL )
             {
@@ -119,7 +128,7 @@
                 goto exit;
             }
         }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
         ret = 0;
         goto exit;
@@ -239,9 +248,8 @@
 #endif
     }
 
-    memcpy( &cur->session, session, sizeof( mbedtls_ssl_session ) );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     /*
      * If we're reusing an entry, free its certificate first
      */
@@ -250,26 +258,43 @@
         mbedtls_free( cur->peer_cert.p );
         memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
     }
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-    /*
-     * Store peer certificate
-     */
-    if( session->peer_cert != NULL )
+    /* Copy the entire session; this temporarily makes a copy of the
+     * X.509 CRT structure even though we only want to store the raw CRT.
+     * This inefficiency will go away as soon as we implement on-demand
+     * parsing of CRTs, in which case there's no need for the `peer_cert`
+     * field anymore in the first place, and we're done after this call. */
+    ret = mbedtls_ssl_session_copy( &cur->session, session );
+    if( ret != 0 )
     {
-        cur->peer_cert.p = mbedtls_calloc( 1, session->peer_cert->raw.len );
+        ret = 1;
+        goto exit;
+    }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    /* If present, free the X.509 structure and only store the raw CRT data. */
+    if( cur->session.peer_cert != NULL )
+    {
+        cur->peer_cert.p =
+            mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
         if( cur->peer_cert.p == NULL )
         {
             ret = 1;
             goto exit;
         }
 
-        memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
-                session->peer_cert->raw.len );
+        memcpy( cur->peer_cert.p,
+                cur->session.peer_cert->raw.p,
+                cur->session.peer_cert->raw.len );
         cur->peer_cert.len = session->peer_cert->raw.len;
 
+        mbedtls_x509_crt_free( cur->session.peer_cert );
+        mbedtls_free( cur->session.peer_cert );
         cur->session.peer_cert = NULL;
     }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     ret = 0;
 
@@ -311,9 +336,10 @@
 
         mbedtls_ssl_session_free( &prv->session );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         mbedtls_free( prv->peer_cert.p );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
         mbedtls_free( prv );
     }
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 745474e..518f7dd 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -43,11 +43,11 @@
 /*
  * Ordered from most preferred to least preferred in terms of security.
  *
- * Current rule (except rc4, weak and null which come last):
+ * Current rule (except RC4 and 3DES, weak and null which come last):
  * 1. By key exchange:
  *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
  * 2. By key length and cipher:
- *    ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
+ *    ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
  * 4. By hash function used when relevant
  * 5. By key exchange/auth again: EC > non-EC
@@ -126,11 +126,6 @@
     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
 
-    /* All remaining >= 128-bit ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-
     /* The PSK ephemeral suites */
     MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
@@ -162,9 +157,6 @@
     MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
 
-    MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
-
     /* The ECJPAKE suite */
     MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
 
@@ -228,11 +220,6 @@
     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
     MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
 
-    /* All remaining >= 128-bit suites */
-    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-
     /* The RSA PSK suites */
     MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
@@ -251,8 +238,6 @@
     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
 
-    MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
-
     /* The PSK suites */
     MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
@@ -275,6 +260,16 @@
     MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
     MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
 
+    /* 3DES suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
     MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
 
     /* RC4 suites */
@@ -2187,6 +2182,26 @@
 static int supported_ciphersuites[MAX_CIPHERSUITES];
 static int supported_init = 0;
 
+static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
+{
+    (void)cs_info;
+
+#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
+    if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+        return( 1 );
+#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
+
+#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
+    if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
+        cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC )
+    {
+        return( 1 );
+    }
+#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+
+    return( 0 );
+}
+
 const int *mbedtls_ssl_list_ciphersuites( void )
 {
     /*
@@ -2202,14 +2217,12 @@
              *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
              p++ )
         {
-#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
             const mbedtls_ssl_ciphersuite_t *cs_info;
             if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
-                cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 )
-#else
-            if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL )
-#endif
+                !ciphersuite_is_removed( cs_info ) )
+            {
                 *(q++) = *p;
+            }
         }
         *q = 0;
 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index cd25dca..c20ff1e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -39,6 +39,10 @@
 #include "mbedtls/ssl.h"
 #include "mbedtls/ssl_internal.h"
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #include <string.h>
 
 #include <stdint.h>
@@ -2074,8 +2078,14 @@
 static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
 {
     const mbedtls_ecp_curve_info *curve_info;
+    mbedtls_ecp_group_id grp_id;
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    grp_id = ssl->handshake->ecdh_ctx.grp.id;
+#else
+    grp_id = ssl->handshake->ecdh_ctx.grp_id;
+#endif
 
-    curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
+    curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
     if( curve_info == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@@ -2085,14 +2095,15 @@
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
 
 #if defined(MBEDTLS_ECP_C)
-    if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
+    if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
 #else
     if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
         ssl->handshake->ecdh_ctx.grp.nbits > 521 )
 #endif
         return( -1 );
 
-    MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
+    MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                            MBEDTLS_DEBUG_ECDH_QP );
 
     return( 0 );
 }
@@ -2102,6 +2113,64 @@
           MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
+        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
+          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
+                                             unsigned char **p,
+                                             unsigned char *end )
+{
+    uint16_t tls_id;
+    uint8_t ecpoint_len;
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+    /*
+     * Parse ECC group
+     */
+
+    if( end - *p < 4 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+    /* First byte is curve_type; only named_curve is handled */
+    if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+    /* Next two bytes are the namedcurve value */
+    tls_id = *(*p)++;
+    tls_id <<= 8;
+    tls_id |= *(*p)++;
+
+    /* Convert EC group to PSA key type. */
+    if( ( handshake->ecdh_psa_curve =
+          mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
+
+    /*
+     * Put peer's ECDH public key in the format understood by PSA.
+     */
+
+    ecpoint_len = *(*p)++;
+    if( (size_t)( end - *p ) < ecpoint_len )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+    if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve,
+                                    *p, ecpoint_len,
+                                    handshake->ecdh_psa_peerkey,
+                                    sizeof( handshake->ecdh_psa_peerkey ),
+                                    &handshake->ecdh_psa_peerkey_len ) != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    }
+
+    *p += ecpoint_len;
+    return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+            ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@@ -2196,6 +2265,7 @@
     int ret;
     size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
     unsigned char *p = ssl->handshake->premaster + pms_offset;
+    mbedtls_pk_context * peer_pk;
 
     if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN )
     {
@@ -2221,23 +2291,28 @@
 
     ssl->handshake->pmslen = 48;
 
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     if( ssl->session_negotiate->peer_cert == NULL )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        /* Should never happen */
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
+    peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     /*
      * Now write it out, encrypted
      */
-    if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
-                MBEDTLS_PK_RSA ) )
+    if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
         return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
     }
 
-    if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
+    if( ( ret = mbedtls_pk_encrypt( peer_pk,
                             p, ssl->handshake->pmslen,
                             ssl->out_msg + offset + len_bytes, olen,
                             MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
@@ -2257,6 +2332,10 @@
     }
 #endif
 
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    /* We don't need the peer's public key anymore. Free it. */
+    mbedtls_pk_free( peer_pk );
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     return( 0 );
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
@@ -2332,21 +2411,27 @@
 {
     int ret;
     const mbedtls_ecp_keypair *peer_key;
+    mbedtls_pk_context * peer_pk;
 
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     if( ssl->session_negotiate->peer_cert == NULL )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        /* Should never happen */
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
+    peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-    if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
-                     MBEDTLS_PK_ECKEY ) )
+    if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
         return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
     }
 
-    peer_key = mbedtls_pk_ec( ssl->session_negotiate->peer_cert->pk );
+    peer_key = mbedtls_pk_ec( *peer_pk );
 
     if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
                                  MBEDTLS_ECDH_THEIRS ) ) != 0 )
@@ -2361,6 +2446,13 @@
         return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
     }
 
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    /* We don't need the peer's public key anymore. Free it,
+     * so that more RAM is available for upcoming expensive
+     * operations like ECDHE. */
+    mbedtls_pk_free( peer_pk );
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
     return( ret );
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
@@ -2503,6 +2595,24 @@
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
+        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
+          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+    {
+        if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
+    }
+    else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+            ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@@ -2553,6 +2663,8 @@
         size_t params_len = p - params;
         void *rs_ctx = NULL;
 
+        mbedtls_pk_context * peer_pk;
+
         /*
          * Handle the digitally-signed structure
          */
@@ -2655,18 +2767,22 @@
 
         MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
 
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+        peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
         if( ssl->session_negotiate->peer_cert == NULL )
         {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            /* Should never happen */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
+        peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
         /*
          * Verify signature
          */
-        if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+        if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
             mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -2679,8 +2795,7 @@
             rs_ctx = &ssl->handshake->ecrs_ctx.pk;
 #endif
 
-        if( ( ret = mbedtls_pk_verify_restartable(
-                        &ssl->session_negotiate->peer_cert->pk,
+        if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
                         md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
         {
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
@@ -2695,6 +2810,13 @@
 #endif
             return( ret );
         }
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+        /* We don't need the peer's public key anymore. Free it,
+         * so that more RAM is available for upcoming expensive
+         * operations like ECDHE. */
+        mbedtls_pk_free( peer_pk );
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     }
 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
 
@@ -2931,7 +3053,9 @@
 static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
 {
     int ret;
-    size_t i, n;
+
+    size_t header_len;
+    size_t content_len;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->transform_negotiate->ciphersuite_info;
 
@@ -2943,16 +3067,16 @@
         /*
          * DHM key exchange -- send G^X mod P
          */
-        n = ssl->handshake->dhm_ctx.len;
+        content_len = ssl->handshake->dhm_ctx.len;
 
-        ssl->out_msg[4] = (unsigned char)( n >> 8 );
-        ssl->out_msg[5] = (unsigned char)( n      );
-        i = 6;
+        ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
+        ssl->out_msg[5] = (unsigned char)( content_len      );
+        header_len = 6;
 
         ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                                (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
-                               &ssl->out_msg[i], n,
-                                ssl->conf->f_rng, ssl->conf->p_rng );
+                           (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                           &ssl->out_msg[header_len], content_len,
+                           ssl->conf->f_rng, ssl->conf->p_rng );
         if( ret != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
@@ -2963,10 +3087,10 @@
         MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
 
         if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      ssl->handshake->premaster,
-                                      MBEDTLS_PREMASTER_SIZE,
-                                     &ssl->handshake->pmslen,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+                                   ssl->handshake->premaster,
+                                   MBEDTLS_PREMASTER_SIZE,
+                                   &ssl->handshake->pmslen,
+                                   ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
             return( ret );
@@ -2976,6 +3100,119 @@
     }
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
+        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
+          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+    {
+        psa_status_t status;
+        psa_key_policy_t policy;
+
+        mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+        unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+        size_t own_pubkey_len;
+        unsigned char *own_pubkey_ecpoint;
+        size_t own_pubkey_ecpoint_len;
+
+        psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+        header_len = 4;
+
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+        /*
+         * Generate EC private key for ECDHE exchange.
+         */
+
+        /* Allocate a new key slot for the private key. */
+
+        status = psa_allocate_key( &handshake->ecdh_psa_privkey );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+        /* The master secret is obtained from the shared ECDH secret by
+         * applying the TLS 1.2 PRF with a specific salt and label. While
+         * the PSA Crypto API encourages combining key agreement schemes
+         * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
+         * yet support the provisioning of salt + label to the KDF.
+         * For the time being, we therefore need to split the computation
+         * of the ECDH secret and the application of the TLS 1.2 PRF. */
+        policy = psa_key_policy_init();
+        psa_key_policy_set_usage( &policy,
+                                  PSA_KEY_USAGE_DERIVE,
+                                  PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
+        status = psa_set_key_policy( handshake->ecdh_psa_privkey, &policy );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+        /* Generate ECDH private key. */
+        status = psa_generate_key_to_handle( handshake->ecdh_psa_privkey,
+                          PSA_KEY_TYPE_ECC_KEY_PAIR( handshake->ecdh_psa_curve ),
+                          MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( handshake->ecdh_psa_curve ),
+                          NULL, 0 );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+        /* Export the public part of the ECDH private key from PSA
+         * and convert it to ECPoint format used in ClientKeyExchange. */
+        status = psa_export_public_key( handshake->ecdh_psa_privkey,
+                                        own_pubkey, sizeof( own_pubkey ),
+                                        &own_pubkey_len );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+        if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
+                                               own_pubkey_len,
+                                               &own_pubkey_ecpoint,
+                                               &own_pubkey_ecpoint_len ) != 0 )
+        {
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        /* Copy ECPoint structure to outgoing message buffer. */
+        ssl->out_msg[header_len] = own_pubkey_ecpoint_len;
+        memcpy( ssl->out_msg + header_len + 1,
+                own_pubkey_ecpoint, own_pubkey_ecpoint_len );
+        content_len = own_pubkey_ecpoint_len + 1;
+
+        /* Compute ECDH shared secret. */
+        status = psa_key_derivation_key_agreement( &generator,
+                                    handshake->ecdh_psa_privkey,
+                                    handshake->ecdh_psa_peerkey,
+                                    handshake->ecdh_psa_peerkey_len,
+                                    PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+        /* The ECDH secret is the premaster secret used for key derivation. */
+
+        ssl->handshake->pmslen =
+            MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( handshake->ecdh_psa_curve );
+
+        status = psa_key_derivation_output_bytes( &generator,
+                                     ssl->handshake->premaster,
+                                     ssl->handshake->pmslen );
+        if( status != PSA_SUCCESS )
+        {
+            psa_key_derivation_abort( &generator );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        status = psa_key_derivation_abort( &generator );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+        status = psa_destroy_key( handshake->ecdh_psa_privkey );
+        if( status != PSA_SUCCESS )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        handshake->ecdh_psa_privkey = 0;
+    }
+    else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+            ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
@@ -2988,7 +3225,7 @@
         /*
          * ECDH key exchange -- send client public value
          */
-        i = 4;
+        header_len = 4;
 
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
         if( ssl->handshake->ecrs_enabled )
@@ -3001,8 +3238,8 @@
 #endif
 
         ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
-                                &n,
-                                &ssl->out_msg[i], 1000,
+                                &content_len,
+                                &ssl->out_msg[header_len], 1000,
                                 ssl->conf->f_rng, ssl->conf->p_rng );
         if( ret != 0 )
         {
@@ -3014,24 +3251,25 @@
             return( ret );
         }
 
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_Q );
 
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
         if( ssl->handshake->ecrs_enabled )
         {
-            ssl->handshake->ecrs_n = n;
+            ssl->handshake->ecrs_n = content_len;
             ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
         }
 
 ecdh_calc_secret:
         if( ssl->handshake->ecrs_enabled )
-            n = ssl->handshake->ecrs_n;
+            content_len = ssl->handshake->ecrs_n;
 #endif
         if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
-                                      &ssl->handshake->pmslen,
-                                       ssl->handshake->premaster,
-                                       MBEDTLS_MPI_MAX_SIZE,
-                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+                                   &ssl->handshake->pmslen,
+                                   ssl->handshake->premaster,
+                                   MBEDTLS_MPI_MAX_SIZE,
+                                   ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
@@ -3041,7 +3279,8 @@
             return( ret );
         }
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_Z );
     }
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -3062,26 +3301,28 @@
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
 
-        i = 4;
-        n = ssl->conf->psk_identity_len;
+        header_len = 4;
+        content_len = ssl->conf->psk_identity_len;
 
-        if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
+        if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
                                         "SSL buffer too short" ) );
             return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
         }
 
-        ssl->out_msg[i++] = (unsigned char)( n >> 8 );
-        ssl->out_msg[i++] = (unsigned char)( n      );
+        ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
+        ssl->out_msg[header_len++] = (unsigned char)( content_len      );
 
-        memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
-        i += ssl->conf->psk_identity_len;
+        memcpy( ssl->out_msg + header_len,
+                ssl->conf->psk_identity,
+                ssl->conf->psk_identity_len );
+        header_len += ssl->conf->psk_identity_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
         if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
         {
-            n = 0;
+            content_len = 0;
         }
         else
 #endif
@@ -3094,7 +3335,8 @@
                 return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-            if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
+            if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
+                                                 &content_len, 2 ) ) != 0 )
                 return( ret );
         }
         else
@@ -3111,21 +3353,22 @@
             /*
              * ClientDiffieHellmanPublic public (DHM send G^X mod P)
              */
-            n = ssl->handshake->dhm_ctx.len;
+            content_len = ssl->handshake->dhm_ctx.len;
 
-            if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
+            if( header_len + 2 + content_len >
+                MBEDTLS_SSL_OUT_CONTENT_LEN )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
                                             " or SSL buffer too short" ) );
                 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
             }
 
-            ssl->out_msg[i++] = (unsigned char)( n >> 8 );
-            ssl->out_msg[i++] = (unsigned char)( n      );
+            ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
+            ssl->out_msg[header_len++] = (unsigned char)( content_len      );
 
             ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
                     (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
-                    &ssl->out_msg[i], n,
+                    &ssl->out_msg[header_len], content_len,
                     ssl->conf->f_rng, ssl->conf->p_rng );
             if( ret != 0 )
             {
@@ -3147,8 +3390,10 @@
             /*
              * ClientECDiffieHellmanPublic public;
              */
-            ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
-                    &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
+            ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
+                    &content_len,
+                    &ssl->out_msg[header_len],
+                    MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
                     ssl->conf->f_rng, ssl->conf->p_rng );
             if( ret != 0 )
             {
@@ -3156,7 +3401,8 @@
                 return( ret );
             }
 
-            MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+            MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                    MBEDTLS_DEBUG_ECDH_Q );
         }
         else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -3188,8 +3434,9 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
     if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
     {
-        i = 4;
-        if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
+        header_len = 4;
+        if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
+                                             &content_len, 0 ) ) != 0 )
             return( ret );
     }
     else
@@ -3197,10 +3444,12 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
     {
-        i = 4;
+        header_len = 4;
 
         ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
-                ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
+                ssl->out_msg + header_len,
+                MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
+                &content_len,
                 ssl->conf->f_rng, ssl->conf->p_rng );
         if( ret != 0 )
         {
@@ -3225,7 +3474,7 @@
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
-    ssl->out_msglen  = i + n;
+    ssl->out_msglen  = header_len + content_len;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
 
@@ -3242,12 +3491,7 @@
     return( 0 );
 }
 
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)  && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
 static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -3262,11 +3506,7 @@
         return( ret );
     }
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
         ssl->state++;
@@ -3276,7 +3516,7 @@
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
-#else
+#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
 static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -3305,11 +3545,7 @@
         return( ret );
     }
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
         ssl->state++;
@@ -3452,12 +3688,7 @@
 
     return( ret );
 }
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
@@ -3531,6 +3762,15 @@
     if( ticket_len == 0 )
         return( 0 );
 
+    if( ssl->session != NULL && ssl->session->ticket != NULL )
+    {
+        mbedtls_platform_zeroize( ssl->session->ticket,
+                                  ssl->session->ticket_len );
+        mbedtls_free( ssl->session->ticket );
+        ssl->session->ticket = NULL;
+        ssl->session->ticket_len = 0;
+    }
+
     mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
                               ssl->session_negotiate->ticket_len );
     mbedtls_free( ssl->session_negotiate->ticket );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 4d99f88..c969089 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1489,7 +1489,7 @@
      */
 
     /*
-     * Minimal length (with everything empty and extensions ommitted) is
+     * Minimal length (with everything empty and extensions omitted) is
      * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
      * read at least up to session id length without worrying.
      */
@@ -2680,12 +2680,7 @@
     return( ret );
 }
 
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)  && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
 static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -2693,11 +2688,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
         ssl->state++;
@@ -2707,7 +2698,7 @@
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
-#else
+#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
 static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -2731,11 +2722,7 @@
 #endif
         authmode = ssl->conf->authmode;
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
+    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ||
         authmode == MBEDTLS_SSL_VERIFY_NONE )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
@@ -2874,12 +2861,7 @@
 
     return( ret );
 }
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@@ -3088,8 +3070,8 @@
 
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
 
-        if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp,
-                                       (*curve)->grp_id ) ) != 0 )
+        if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
+                                        (*curve)->grp_id ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
             return( ret );
@@ -3111,7 +3093,8 @@
 
         ssl->out_msglen += len;
 
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_Q );
     }
 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
 
@@ -3832,7 +3815,8 @@
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
         }
 
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_QP );
 
         if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
                                       &ssl->handshake->pmslen,
@@ -3844,7 +3828,8 @@
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
         }
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z  ", &ssl->handshake->ecdh_ctx.z );
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_Z );
     }
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -3982,7 +3967,8 @@
             return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 #endif
 
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_QP );
 
         if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
                         ciphersuite_info->key_exchange ) ) != 0 )
@@ -4044,12 +4030,7 @@
     return( 0 );
 }
 
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)  && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -4057,11 +4038,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
         ssl->state++;
@@ -4071,7 +4048,7 @@
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
-#else
+#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -4085,21 +4062,33 @@
     mbedtls_md_type_t md_alg;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->transform_negotiate->ciphersuite_info;
+    mbedtls_pk_context * peer_pk;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
-        ssl->session_negotiate->peer_cert == NULL )
+    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
         ssl->state++;
         return( 0 );
     }
 
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+        ssl->state++;
+        return( 0 );
+    }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    if( ssl->session_negotiate->peer_cert_digest == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+        ssl->state++;
+        return( 0 );
+    }
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
     /* Read the message without adding it to the checksum */
     ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ );
     if( 0 != ret )
@@ -4120,6 +4109,17 @@
 
     i = mbedtls_ssl_hs_hdr_len( ssl );
 
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        /* Should never happen */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+    peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
     /*
      *  struct {
      *     SignatureAndHashAlgorithm algorithm; -- TLS 1.2 only
@@ -4134,8 +4134,7 @@
         hashlen = 36;
 
         /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
-        if( mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
-                        MBEDTLS_PK_ECDSA ) )
+        if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) )
         {
             hash_start += 16;
             hashlen -= 16;
@@ -4190,7 +4189,7 @@
         /*
          * Check the certificate's key type matches the signature alg
          */
-        if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+        if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
             return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
@@ -4223,7 +4222,7 @@
     /* Calculate hash and verify signature */
     ssl->handshake->calc_verify( ssl, hash );
 
-    if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
+    if( ( ret = mbedtls_pk_verify( peer_pk,
                            md_alg, hash_start, hashlen,
                            ssl->in_msg + i, sig_len ) ) != 0 )
     {
@@ -4237,12 +4236,7 @@
 
     return( ret );
 }
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 9fc690f..ed65bcd 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -187,9 +187,16 @@
 
 /*
  * Serialize a session in the following format:
- *  0   .   n-1     session structure, n = sizeof(mbedtls_ssl_session)
- *  n   .   n+2     peer_cert length = m (0 if no certificate)
- *  n+3 .   n+2+m   peer cert ASN.1
+ *
+ * - If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is enabled:
+ *    0       .   n-1   session structure, n = sizeof(mbedtls_ssl_session)
+ *    n       .   n+2   peer_cert length = m (0 if no certificate)
+ *    n+3     .   n+2+m peer cert ASN.1
+ *
+ * - If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is disabled:
+ *    0       .   n-1   session structure, n = sizeof(mbedtls_ssl_session)
+ *    n       .   n     length of peer certificate digest = k (0 if no digest)
+ *    n+1     .   n+k   peer certificate digest (digest type encoded in session)
  */
 static int ssl_save_session( const mbedtls_ssl_session *session,
                              unsigned char *buf, size_t buf_len,
@@ -198,17 +205,25 @@
     unsigned char *p = buf;
     size_t left = buf_len;
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     size_t cert_len;
+#else
+    size_t cert_digest_len;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     if( left < sizeof( mbedtls_ssl_session ) )
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
 
+    /* This also copies the values of pointer fields in the
+     * session to be serialized, but they'll be ignored when
+     * loading the session through ssl_load_session(). */
     memcpy( p, session, sizeof( mbedtls_ssl_session ) );
     p += sizeof( mbedtls_ssl_session );
     left -= sizeof( mbedtls_ssl_session );
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     if( session->peer_cert == NULL )
         cert_len = 0;
     else
@@ -217,14 +232,34 @@
     if( left < 3 + cert_len )
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
 
-    *p++ = (unsigned char)( cert_len >> 16 & 0xFF );
-    *p++ = (unsigned char)( cert_len >>  8 & 0xFF );
-    *p++ = (unsigned char)( cert_len       & 0xFF );
+    *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
+    *p++ = (unsigned char)( ( cert_len >>  8 ) & 0xFF );
+    *p++ = (unsigned char)( ( cert_len       ) & 0xFF );
+    left -= 3;
 
     if( session->peer_cert != NULL )
         memcpy( p, session->peer_cert->raw.p, cert_len );
 
     p += cert_len;
+    left -= cert_len;
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    if( session->peer_cert_digest != NULL )
+        cert_digest_len = 0;
+    else
+        cert_digest_len = session->peer_cert_digest_len;
+
+    if( left < 1 + cert_digest_len )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    *p++ = (unsigned char) cert_digest_len;
+    left--;
+
+    if( session->peer_cert_digest != NULL )
+        memcpy( p, session->peer_cert_digest, cert_digest_len );
+
+    p    += cert_digest_len;
+    left -= cert_digest_len;
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     *olen = p - buf;
@@ -241,31 +276,46 @@
     const unsigned char *p = buf;
     const unsigned char * const end = buf + len;
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     size_t cert_len;
+#else
+    size_t cert_digest_len;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-    if( p + sizeof( mbedtls_ssl_session ) > end )
+    if( sizeof( mbedtls_ssl_session ) > (size_t)( end - p ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     memcpy( session, p, sizeof( mbedtls_ssl_session ) );
     p += sizeof( mbedtls_ssl_session );
 
+    /* Non-NULL pointer fields of `session` are meaningless
+     * and potentially harmful. Zeroize them for safety. */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( p + 3 > end )
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    session->peer_cert = NULL;
+#else
+    session->peer_cert_digest = NULL;
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    session->ticket = NULL;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    /* Deserialize CRT from the end of the ticket. */
+    if( 3 > (size_t)( end - p ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
     p += 3;
 
-    if( cert_len == 0 )
-    {
-        session->peer_cert = NULL;
-    }
-    else
+    if( cert_len != 0 )
     {
         int ret;
 
-        if( p + cert_len > end )
+        if( cert_len > (size_t)( end - p ) )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
         session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
@@ -276,7 +326,7 @@
         mbedtls_x509_crt_init( session->peer_cert );
 
         if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
-                                        p, cert_len ) ) != 0 )
+                                                p, cert_len ) ) != 0 )
         {
             mbedtls_x509_crt_free( session->peer_cert );
             mbedtls_free( session->peer_cert );
@@ -286,6 +336,30 @@
 
         p += cert_len;
     }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    /* Deserialize CRT digest from the end of the ticket. */
+    if( 1 > (size_t)( end - p ) )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    cert_digest_len = (size_t) p[0];
+    p++;
+
+    if( cert_digest_len != 0 )
+    {
+        if( cert_digest_len > (size_t)( end - p ) ||
+            cert_digest_len != session->peer_cert_digest_len )
+        {
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        }
+
+        session->peer_cert_digest = mbedtls_calloc( 1, cert_digest_len );
+        if( session->peer_cert_digest == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        memcpy( session->peer_cert_digest, p, cert_digest_len );
+        p += cert_digest_len;
+    }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     if( p != end )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d14434a..42d8230 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -50,10 +50,19 @@
 
 #include <string.h>
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#include "psa/crypto.h"
+#endif
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #include "mbedtls/oid.h"
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#endif
+
 static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
 static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
 
@@ -270,13 +279,15 @@
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
-#if defined(MBEDTLS_SSL_CLI_C)
-static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src )
+int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
+                              const mbedtls_ssl_session *src )
 {
     mbedtls_ssl_session_free( dst );
     memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     if( src->peer_cert != NULL )
     {
         int ret;
@@ -295,6 +306,21 @@
             return( ret );
         }
     }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    if( src->peer_cert_digest != NULL )
+    {
+        dst->peer_cert_digest =
+            mbedtls_calloc( 1, src->peer_cert_digest_len );
+        if( dst->peer_cert_digest == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        memcpy( dst->peer_cert_digest, src->peer_cert_digest,
+                src->peer_cert_digest_len );
+        dst->peer_cert_digest_type = src->peer_cert_digest_type;
+        dst->peer_cert_digest_len = src->peer_cert_digest_len;
+    }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -310,7 +336,6 @@
 
     return( 0 );
 }
-#endif /* MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
 int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
@@ -490,6 +515,76 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int tls_prf_generic( mbedtls_md_type_t md_type,
+                            const unsigned char *secret, size_t slen,
+                            const char *label,
+                            const unsigned char *random, size_t rlen,
+                            unsigned char *dstbuf, size_t dlen )
+{
+    psa_status_t status;
+    psa_algorithm_t alg;
+    psa_key_policy_t policy;
+    psa_key_handle_t master_slot;
+    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+    if( ( status = psa_allocate_key( &master_slot ) ) != PSA_SUCCESS )
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+    if( md_type == MBEDTLS_MD_SHA384 )
+        alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384);
+    else
+        alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256);
+
+    policy = psa_key_policy_init();
+    psa_key_policy_set_usage( &policy,
+                              PSA_KEY_USAGE_DERIVE,
+                              alg );
+    status = psa_set_key_policy( master_slot, &policy );
+    if( status != PSA_SUCCESS )
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+    status = psa_import_key_to_handle( master_slot, PSA_KEY_TYPE_DERIVE, secret, slen );
+    if( status != PSA_SUCCESS )
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+    status = psa_key_derivation( &generator,
+                                 master_slot, alg,
+                                 random, rlen,
+                                 (unsigned char const *) label,
+                                 (size_t) strlen( label ),
+                                 dlen );
+    if( status != PSA_SUCCESS )
+    {
+        psa_key_derivation_abort( &generator );
+        psa_destroy_key( master_slot );
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    }
+
+    status = psa_key_derivation_output_bytes( &generator, dstbuf, dlen );
+    if( status != PSA_SUCCESS )
+    {
+        psa_key_derivation_abort( &generator );
+        psa_destroy_key( master_slot );
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    }
+
+    status = psa_key_derivation_abort( &generator );
+    if( status != PSA_SUCCESS )
+    {
+        psa_destroy_key( master_slot );
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    }
+
+    status = psa_destroy_key( master_slot );
+    if( status != PSA_SUCCESS )
+        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+    return( 0 );
+}
+
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
 static int tls_prf_generic( mbedtls_md_type_t md_type,
                             const unsigned char *secret, size_t slen,
                             const char *label,
@@ -552,7 +647,7 @@
 
     return( 0 );
 }
-
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_SHA256_C)
 static int tls_prf_sha256( const unsigned char *secret, size_t slen,
                            const char *label,
@@ -797,8 +892,8 @@
             /* Perform PSK-to-MS expansion in a single step. */
             psa_status_t status;
             psa_algorithm_t alg;
-            psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
-            psa_key_slot_t psk;
+            psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+            psa_key_handle_t psk;
 
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
 
@@ -818,19 +913,19 @@
                                          master_secret_len );
             if( status != PSA_SUCCESS )
             {
-                psa_generator_abort( &generator );
+                psa_key_derivation_abort( &generator );
                 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
             }
 
-            status = psa_generator_read( &generator, session->master,
+            status = psa_key_derivation_output_bytes( &generator, session->master,
                                          master_secret_len );
             if( status != PSA_SUCCESS )
             {
-                psa_generator_abort( &generator );
+                psa_key_derivation_abort( &generator );
                 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
             }
 
-            status = psa_generator_abort( &generator );
+            status = psa_key_derivation_abort( &generator );
             if( status != PSA_SUCCESS )
                 return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
         }
@@ -1347,7 +1442,7 @@
     mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
     mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
 
-     mbedtls_md5_finish_ret( &md5,  hash );
+    mbedtls_md5_finish_ret( &md5,  hash );
     mbedtls_sha1_finish_ret( &sha1, hash + 16 );
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
@@ -1364,6 +1459,28 @@
 #if defined(MBEDTLS_SHA256_C)
 void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    size_t hash_size;
+    psa_status_t status;
+    psa_hash_operation_t sha256_psa = psa_hash_operation_init();
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return;
+    }
+
+    status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return;
+    }
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 32 );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+#else
     mbedtls_sha256_context sha256;
 
     mbedtls_sha256_init( &sha256 );
@@ -1377,7 +1494,7 @@
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
 
     mbedtls_sha256_free( &sha256 );
-
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     return;
 }
 #endif /* MBEDTLS_SHA256_C */
@@ -1385,6 +1502,28 @@
 #if defined(MBEDTLS_SHA512_C)
 void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    size_t hash_size;
+    psa_status_t status;
+    psa_hash_operation_t sha384_psa = psa_hash_operation_init();
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return;
+    }
+
+    status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return;
+    }
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 48 );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+#else
     mbedtls_sha512_context sha512;
 
     mbedtls_sha512_init( &sha512 );
@@ -1398,7 +1537,7 @@
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
 
     mbedtls_sha512_free( &sha512 );
-
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     return;
 }
 #endif /* MBEDTLS_SHA512_C */
@@ -1499,7 +1638,8 @@
         *(p++) = (unsigned char)( zlen      );
         p += zlen;
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_Z );
     }
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -2771,7 +2911,7 @@
         }
 
         /*
-         * A record can't be split accross datagrams. If we need to read but
+         * A record can't be split across datagrams. If we need to read but
          * are not at the beginning of a new record, the caller did something
          * wrong.
          */
@@ -3366,8 +3506,10 @@
         }
     }
 
-    if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-        hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
+    /* Whenever we send anything different from a
+     * HelloRequest we should be in a handshake - double check. */
+    if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+            hs_type          == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
         ssl->handshake == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@@ -3461,8 +3603,8 @@
     /* Either send now, or just save to be sent (and resent) later */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
-          hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) )
+        ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+            hs_type          == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
     {
         if( ( ret = ssl_flight_append( ssl ) ) != 0 )
         {
@@ -5428,16 +5570,33 @@
     return( 0 );
 }
 
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
+{
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    if( session->peer_cert != NULL )
+    {
+        mbedtls_x509_crt_free( session->peer_cert );
+        mbedtls_free( session->peer_cert );
+        session->peer_cert = NULL;
+    }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    if( session->peer_cert_digest != NULL )
+    {
+        /* Zeroization is not necessary. */
+        mbedtls_free( session->peer_cert_digest );
+        session->peer_cert_digest      = NULL;
+        session->peer_cert_digest_type = MBEDTLS_MD_NONE;
+        session->peer_cert_digest_len  = 0;
+    }
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
 /*
  * Handshake functions
  */
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)         && \
-    !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)     && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)     && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)    && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
 /* No certificate support -> dummy functions */
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
 {
@@ -5445,10 +5604,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
         ssl->state++;
@@ -5465,10 +5621,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
         ssl->state++;
@@ -5479,7 +5632,7 @@
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
 
-#else
+#else /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
 /* Some certificate support -> implement write and parse */
 
 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
@@ -5491,10 +5644,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
         ssl->state++;
@@ -5598,63 +5748,68 @@
     return( ret );
 }
 
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
+                                         unsigned char *crt_buf,
+                                         size_t crt_buf_len )
+{
+    mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
+
+    if( peer_crt == NULL )
+        return( -1 );
+
+    if( peer_crt->raw.len != crt_buf_len )
+        return( -1 );
+
+    return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
+}
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
+                                         unsigned char *crt_buf,
+                                         size_t crt_buf_len )
+{
+    int ret;
+    unsigned char const * const peer_cert_digest =
+        ssl->session->peer_cert_digest;
+    mbedtls_md_type_t const peer_cert_digest_type =
+        ssl->session->peer_cert_digest_type;
+    mbedtls_md_info_t const * const digest_info =
+        mbedtls_md_info_from_type( peer_cert_digest_type );
+    unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
+    size_t digest_len;
+
+    if( peer_cert_digest == NULL || digest_info == NULL )
+        return( -1 );
+
+    digest_len = mbedtls_md_get_size( digest_info );
+    if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
+        return( -1 );
+
+    ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
+    if( ret != 0 )
+        return( -1 );
+
+    return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
+}
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
 /*
  * Once the certificate message is read, parse it into a cert chain and
  * perform basic checks, but leave actual verification to the caller
  */
-static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
+                                        mbedtls_x509_crt *chain )
 {
     int ret;
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+    int crt_cnt=0;
+#endif
     size_t i, n;
     uint8_t alert;
 
-#if defined(MBEDTLS_SSL_SRV_C)
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    /*
-     * Check if the client sent an empty certificate
-     */
-    if( ssl->conf->endpoint  == MBEDTLS_SSL_IS_SERVER &&
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        if( ssl->in_msglen  == 2                        &&
-            ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT            &&
-            ssl->in_msg[0]  == MBEDTLS_SSL_ALERT_LEVEL_WARNING  &&
-            ssl->in_msg[1]  == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
-
-            /* The client was asked for a certificate but didn't send
-               one. The client should know what's going on, so we
-               don't send an alert. */
-            ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
-            return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->conf->endpoint  == MBEDTLS_SSL_IS_SERVER &&
-        ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        if( ssl->in_hslen   == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
-            ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE    &&
-            ssl->in_msg[0]  == MBEDTLS_SSL_HS_CERTIFICATE   &&
-            memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
-
-            /* The client was asked for a certificate but didn't send
-               one. The client should know what's going on, so we
-               don't send an alert. */
-            ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
-            return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_SSL_SRV_C */
-
     if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
@@ -5688,43 +5843,32 @@
         return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
     }
 
-    /* In case we tried to reuse a session but it failed */
-    if( ssl->session_negotiate->peer_cert != NULL )
-    {
-        mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
-        mbedtls_free( ssl->session_negotiate->peer_cert );
-    }
-
-    if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
-                    sizeof( mbedtls_x509_crt ) ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
-                       sizeof( mbedtls_x509_crt ) ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
-
+    /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
     i += 3;
 
+    /* Iterate through and parse the CRTs in the provided chain. */
     while( i < ssl->in_hslen )
     {
+        /* Check that there's room for the next CRT's length fields. */
         if ( i + 3 > ssl->in_hslen ) {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+            mbedtls_ssl_send_alert_message( ssl,
+                              MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                              MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
             return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
         }
+        /* In theory, the CRT can be up to 2**24 Bytes, but we don't support
+         * anything beyond 2**16 ~ 64K. */
         if( ssl->in_msg[i] != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+            mbedtls_ssl_send_alert_message( ssl,
+                            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
             return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
         }
 
+        /* Read length of the next CRT in the chain. */
         n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
             | (unsigned int) ssl->in_msg[i + 2];
         i += 3;
@@ -5732,80 +5876,359 @@
         if( n < 128 || i + n > ssl->in_hslen )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+            mbedtls_ssl_send_alert_message( ssl,
+                                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                 MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
             return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
         }
 
-        ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
-                                  ssl->in_msg + i, n );
+        /* Check if we're handling the first CRT in the chain. */
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+        if( crt_cnt++ == 0 &&
+            ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+            ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+        {
+            /* During client-side renegotiation, check that the server's
+             * end-CRTs hasn't changed compared to the initial handshake,
+             * mitigating the triple handshake attack. On success, reuse
+             * the original end-CRT instead of parsing it again. */
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
+            if( ssl_check_peer_crt_unchanged( ssl,
+                                              &ssl->in_msg[i],
+                                              n ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
+                mbedtls_ssl_send_alert_message( ssl,
+                                                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                                MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
+                return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+            }
+
+            /* Now we can safely free the original chain. */
+            ssl_clear_peer_cert( ssl->session );
+        }
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
+        /* Parse the next certificate in the chain. */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+        ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
+#else
+        /* If we don't need to store the CRT chain permanently, parse
+         * it in-place from the input buffer instead of making a copy. */
+        ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
         switch( ret )
         {
-        case 0: /*ok*/
-        case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
-            /* Ignore certificate with an unknown algorithm: maybe a
-               prior certificate was already trusted. */
-            break;
+            case 0: /*ok*/
+            case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+                /* Ignore certificate with an unknown algorithm: maybe a
+                   prior certificate was already trusted. */
+                break;
 
-        case MBEDTLS_ERR_X509_ALLOC_FAILED:
-            alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
-            goto crt_parse_der_failed;
+            case MBEDTLS_ERR_X509_ALLOC_FAILED:
+                alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
+                goto crt_parse_der_failed;
 
-        case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
-            alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            goto crt_parse_der_failed;
+            case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
+                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+                goto crt_parse_der_failed;
 
-        default:
-            alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
-        crt_parse_der_failed:
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
-            MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
-            return( ret );
+            default:
+                alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
+            crt_parse_der_failed:
+                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
+                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+                return( ret );
         }
 
         i += n;
     }
 
-    MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
-
-    /*
-     * On client, make sure the server cert doesn't change during renego to
-     * avoid "triple handshake" attack: https://secure-resumption.com/
-     */
-#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
-        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-    {
-        if( ssl->session->peer_cert == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-        }
-
-        if( ssl->session->peer_cert->raw.len !=
-            ssl->session_negotiate->peer_cert->raw.len ||
-            memcmp( ssl->session->peer_cert->raw.p,
-                    ssl->session_negotiate->peer_cert->raw.p,
-                    ssl->session->peer_cert->raw.len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-        }
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
-
+    MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain );
     return( 0 );
 }
 
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+#if defined(MBEDTLS_SSL_SRV_C)
+static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
+{
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+        return( -1 );
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    /*
+     * Check if the client sent an empty certificate
+     */
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        if( ssl->in_msglen  == 2                        &&
+            ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT            &&
+            ssl->in_msg[0]  == MBEDTLS_SSL_ALERT_LEVEL_WARNING  &&
+            ssl->in_msg[1]  == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
+            return( 0 );
+        }
+
+        return( -1 );
+    }
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( ssl->in_hslen   == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
+        ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE    &&
+        ssl->in_msg[0]  == MBEDTLS_SSL_HS_CERTIFICATE   &&
+        memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
+        return( 0 );
+    }
+
+    return( -1 );
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
+          MBEDTLS_SSL_PROTO_TLS1_2 */
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+/* Check if a certificate message is expected.
+ * Return either
+ * - SSL_CERTIFICATE_EXPECTED, or
+ * - SSL_CERTIFICATE_SKIP
+ * indicating whether a Certificate message is expected or not.
+ */
+#define SSL_CERTIFICATE_EXPECTED 0
+#define SSL_CERTIFICATE_SKIP     1
+static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
+                                             int authmode )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+        ssl->transform_negotiate->ciphersuite_info;
+
+    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
+        return( SSL_CERTIFICATE_SKIP );
+
+#if defined(MBEDTLS_SSL_SRV_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+            return( SSL_CERTIFICATE_SKIP );
+
+        if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+        {
+            ssl->session_negotiate->verify_result =
+                MBEDTLS_X509_BADCERT_SKIP_VERIFY;
+            return( SSL_CERTIFICATE_SKIP );
+        }
+    }
+#else
+    ((void) authmode);
+#endif /* MBEDTLS_SSL_SRV_C */
+
+    return( SSL_CERTIFICATE_EXPECTED );
+}
+
+static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
+                                         int authmode,
+                                         mbedtls_x509_crt *chain,
+                                         void *rs_ctx )
+{
+    int ret = 0;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+        ssl->transform_negotiate->ciphersuite_info;
+    mbedtls_x509_crt *ca_chain;
+    mbedtls_x509_crl *ca_crl;
+
+    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+        return( 0 );
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_ca_chain != NULL )
+    {
+        ca_chain = ssl->handshake->sni_ca_chain;
+        ca_crl   = ssl->handshake->sni_ca_crl;
+    }
+    else
+#endif
+    {
+        ca_chain = ssl->conf->ca_chain;
+        ca_crl   = ssl->conf->ca_crl;
+    }
+
+    /*
+     * Main check: verify certificate
+     */
+    ret = mbedtls_x509_crt_verify_restartable(
+        chain,
+        ca_chain, ca_crl,
+        ssl->conf->cert_profile,
+        ssl->hostname,
+        &ssl->session_negotiate->verify_result,
+        ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx );
+
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+    }
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+    if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+        return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+#endif
+
+    /*
+     * Secondary checks: always done, but change 'ret' only if it was 0
+     */
+
+#if defined(MBEDTLS_ECP_C)
+    {
+        const mbedtls_pk_context *pk = &chain->pk;
+
+        /* If certificate uses an EC key, make sure the curve is OK */
+        if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
+            mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
+        {
+            ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
+            if( ret == 0 )
+                ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+        }
+    }
+#endif /* MBEDTLS_ECP_C */
+
+    if( mbedtls_ssl_check_cert_usage( chain,
+                                      ciphersuite_info,
+                                      ! ssl->conf->endpoint,
+                                      &ssl->session_negotiate->verify_result ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
+        if( ret == 0 )
+            ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+    }
+
+    /* mbedtls_x509_crt_verify_with_profile is supposed to report a
+     * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
+     * with details encoded in the verification flags. All other kinds
+     * of error codes, including those from the user provided f_vrfy
+     * functions, are treated as fatal and lead to a failure of
+     * ssl_parse_certificate even if verification was optional. */
+    if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
+        ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+          ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
+    {
+        ret = 0;
+    }
+
+    if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+        ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
+    }
+
+    if( ret != 0 )
+    {
+        uint8_t alert;
+
+        /* The certificate may have been rejected for several reasons.
+           Pick one and send the corresponding alert. Which alert to send
+           may be a subject of debate in some cases. */
+        if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
+            alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
+            alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
+            alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
+            alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
+            alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
+            alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
+            alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
+            alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
+            alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
+        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
+            alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
+        else
+            alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        alert );
+    }
+
+#if defined(MBEDTLS_DEBUG_C)
+    if( ssl->session_negotiate->verify_result != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
+                                    ssl->session_negotiate->verify_result ) );
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
+    }
+#endif /* MBEDTLS_DEBUG_C */
+
+    return( ret );
+}
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
+                                         unsigned char *start, size_t len )
 {
     int ret;
-    const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
-          ssl->transform_negotiate->ciphersuite_info;
+    /* Remember digest of the peer's end-CRT. */
+    ssl->session_negotiate->peer_cert_digest =
+        mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
+    if( ssl->session_negotiate->peer_cert_digest == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+                                    sizeof( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ) );
+        mbedtls_ssl_send_alert_message( ssl,
+                                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    ret = mbedtls_md( mbedtls_md_info_from_type(
+                          MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
+                      start, len,
+                      ssl->session_negotiate->peer_cert_digest );
+
+    ssl->session_negotiate->peer_cert_digest_type =
+        MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
+    ssl->session_negotiate->peer_cert_digest_len =
+        MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
+
+    return( ret );
+}
+
+static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
+                                     unsigned char *start, size_t len )
+{
+    unsigned char *end = start + len;
+    int ret;
+
+    /* Make a copy of the peer's raw public key. */
+    mbedtls_pk_init( &ssl->handshake->peer_pubkey );
+    ret = mbedtls_pk_parse_subpubkey( &start, end,
+                                      &ssl->handshake->peer_pubkey );
+    if( ret != 0 )
+    {
+        /* We should have parsed the public key before. */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    return( 0 );
+}
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+    int crt_expected;
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
                        ? ssl->handshake->sni_authmode
@@ -5814,43 +6237,23 @@
     const int authmode = ssl->conf->authmode;
 #endif
     void *rs_ctx = NULL;
+    mbedtls_x509_crt *chain = NULL;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
 
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    crt_expected = ssl_parse_certificate_coordinate( ssl, authmode );
+    if( crt_expected == SSL_CERTIFICATE_SKIP )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-        ssl->state++;
-        return( 0 );
+        goto exit;
     }
 
-#if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-        authmode == MBEDTLS_SSL_VERIFY_NONE )
-    {
-        ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-
-        ssl->state++;
-        return( 0 );
-    }
-#endif
-
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
     if( ssl->handshake->ecrs_enabled &&
         ssl->handshake->ecrs_state == ssl_ecrs_crt_verify )
     {
+        chain = ssl->handshake->ecrs_peer_cert;
+        ssl->handshake->ecrs_peer_cert = NULL;
         goto crt_verify;
     }
 #endif
@@ -5860,22 +6263,44 @@
         /* mbedtls_ssl_read_record may have sent an alert already. We
            let it decide whether to alert. */
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+        goto exit;
     }
 
-    if( ( ret = ssl_parse_certificate_chain( ssl ) ) != 0 )
-    {
 #if defined(MBEDTLS_SSL_SRV_C)
-        if( ret == MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE &&
-            authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
-        {
-            ret = 0;
-        }
-#endif
+    if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 )
+    {
+        ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
 
-        ssl->state++;
-        return( ret );
+        if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
+            ret = 0;
+        else
+            ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
+
+        goto exit;
     }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+    /* Clear existing peer CRT structure in case we tried to
+     * reuse a session but it failed, and allocate a new one. */
+    ssl_clear_peer_cert( ssl->session_negotiate );
+
+    chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+    if( chain == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+                                    sizeof( mbedtls_x509_crt ) ) );
+        mbedtls_ssl_send_alert_message( ssl,
+                                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+
+        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        goto exit;
+    }
+    mbedtls_x509_crt_init( chain );
+
+    ret = ssl_parse_certificate_chain( ssl, chain );
+    if( ret != 0 )
+        goto exit;
 
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
     if( ssl->handshake->ecrs_enabled)
@@ -5886,154 +6311,71 @@
         rs_ctx = &ssl->handshake->ecrs_ctx;
 #endif
 
-    if( authmode != MBEDTLS_SSL_VERIFY_NONE )
+    ret = ssl_parse_certificate_verify( ssl, authmode,
+                                        chain, rs_ctx );
+    if( ret != 0 )
+        goto exit;
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     {
-        mbedtls_x509_crt *ca_chain;
-        mbedtls_x509_crl *ca_crl;
+        unsigned char *crt_start, *pk_start;
+        size_t crt_len, pk_len;
 
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        if( ssl->handshake->sni_ca_chain != NULL )
-        {
-            ca_chain = ssl->handshake->sni_ca_chain;
-            ca_crl   = ssl->handshake->sni_ca_crl;
-        }
-        else
-#endif
-        {
-            ca_chain = ssl->conf->ca_chain;
-            ca_crl   = ssl->conf->ca_crl;
-        }
+        /* We parse the CRT chain without copying, so
+         * these pointers point into the input buffer,
+         * and are hence still valid after freeing the
+         * CRT chain. */
 
-        /*
-         * Main check: verify certificate
-         */
-        ret = mbedtls_x509_crt_verify_restartable(
-                                ssl->session_negotiate->peer_cert,
-                                ca_chain, ca_crl,
-                                ssl->conf->cert_profile,
-                                ssl->hostname,
-                               &ssl->session_negotiate->verify_result,
-                                ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx );
+        crt_start = chain->raw.p;
+        crt_len   = chain->raw.len;
 
+        pk_start = chain->pk_raw.p;
+        pk_len   = chain->pk_raw.len;
+
+        /* Free the CRT structures before computing
+         * digest and copying the peer's public key. */
+        mbedtls_x509_crt_free( chain );
+        mbedtls_free( chain );
+        chain = NULL;
+
+        ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len );
         if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
-        }
+            goto exit;
 
-#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
-        if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-            return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
-#endif
-
-        /*
-         * Secondary checks: always done, but change 'ret' only if it was 0
-         */
-
-#if defined(MBEDTLS_ECP_C)
-        {
-            const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
-
-            /* If certificate uses an EC key, make sure the curve is OK */
-            if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
-                mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
-            {
-                ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
-                if( ret == 0 )
-                    ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
-            }
-        }
-#endif /* MBEDTLS_ECP_C */
-
-        if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
-                                 ciphersuite_info,
-                                 ! ssl->conf->endpoint,
-                                 &ssl->session_negotiate->verify_result ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
-            if( ret == 0 )
-                ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
-        }
-
-        /* mbedtls_x509_crt_verify_with_profile is supposed to report a
-         * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
-         * with details encoded in the verification flags. All other kinds
-         * of error codes, including those from the user provided f_vrfy
-         * functions, are treated as fatal and lead to a failure of
-         * ssl_parse_certificate even if verification was optional. */
-        if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
-            ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
-              ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
-        {
-            ret = 0;
-        }
-
-        if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
-            ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
-        }
-
+        ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len );
         if( ret != 0 )
-        {
-            uint8_t alert;
-
-            /* The certificate may have been rejected for several reasons.
-               Pick one and send the corresponding alert. Which alert to send
-               may be a subject of debate in some cases. */
-            if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
-                alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
-                alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
-                alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
-                alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
-            else
-                alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            alert );
-        }
-
-#if defined(MBEDTLS_DEBUG_C)
-        if( ssl->session_negotiate->verify_result != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
-                                        ssl->session_negotiate->verify_result ) );
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
-        }
-#endif /* MBEDTLS_DEBUG_C */
+            goto exit;
     }
-
-    ssl->state++;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+    /* Pass ownership to session structure. */
+    ssl->session_negotiate->peer_cert = chain;
+    chain = NULL;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
 
+exit:
+
+    if( ret == 0 )
+        ssl->state++;
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+    if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+    {
+        ssl->handshake->ecrs_peer_cert = chain;
+        chain = NULL;
+    }
+#endif
+
+    if( chain != NULL )
+    {
+        mbedtls_x509_crt_free( chain );
+        mbedtls_free( chain );
+    }
+
     return( ret );
 }
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
 
 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
 {
@@ -6169,11 +6511,21 @@
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_abort( &ssl->handshake->fin_sha256_psa );
+    psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+#else
     mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
 #endif
+#endif
 #if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_abort( &ssl->handshake->fin_sha384_psa );
+    psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
     mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 );
 #endif
+#endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 }
 
@@ -6187,11 +6539,19 @@
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+#else
     mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
 #endif
+#endif
 #if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+#else
     mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
 #endif
+#endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 }
 
@@ -6210,7 +6570,11 @@
 static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
                                         const unsigned char *buf, size_t len )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+#else
     mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+#endif
 }
 #endif
 
@@ -6218,7 +6582,11 @@
 static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
                                         const unsigned char *buf, size_t len )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+#else
     mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+#endif
 }
 #endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -6374,13 +6742,44 @@
 {
     int len = 12;
     const char *sender;
-    mbedtls_sha256_context sha256;
     unsigned char padbuf[32];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    size_t hash_size;
+    psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
+    psa_status_t status;
+#else
+    mbedtls_sha256_context sha256;
+#endif
 
     mbedtls_ssl_session *session = ssl->session_negotiate;
     if( !session )
         session = ssl->session;
 
+    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+             ? "client finished"
+             : "server finished";
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    sha256_psa = psa_hash_operation_init();
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
+
+    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return;
+    }
+
+    status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return;
+    }
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
+#else
+
     mbedtls_sha256_init( &sha256 );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha256" ) );
@@ -6398,19 +6797,15 @@
                    sha256.state, sizeof( sha256.state ) );
 #endif
 
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
-             ? "client finished"
-             : "server finished";
-
     mbedtls_sha256_finish_ret( &sha256, padbuf );
+    mbedtls_sha256_free( &sha256 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     ssl->handshake->tls_prf( session->master, 48, sender,
                              padbuf, 32, buf, len );
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
 
-    mbedtls_sha256_free( &sha256 );
-
     mbedtls_platform_zeroize(  padbuf, sizeof(  padbuf ) );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
@@ -6423,13 +6818,43 @@
 {
     int len = 12;
     const char *sender;
-    mbedtls_sha512_context sha512;
     unsigned char padbuf[48];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    size_t hash_size;
+    psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
+    psa_status_t status;
+#else
+    mbedtls_sha512_context sha512;
+#endif
 
     mbedtls_ssl_session *session = ssl->session_negotiate;
     if( !session )
         session = ssl->session;
 
+    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+                ? "client finished"
+                : "server finished";
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    sha384_psa = psa_hash_operation_init();
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) );
+
+    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return;
+    }
+
+    status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return;
+    }
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 );
+#else
     mbedtls_sha512_init( &sha512 );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha384" ) );
@@ -6447,19 +6872,15 @@
                    sha512.state, sizeof( sha512.state ) );
 #endif
 
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
-             ? "client finished"
-             : "server finished";
-
     mbedtls_sha512_finish_ret( &sha512, padbuf );
+    mbedtls_sha512_free( &sha512 );
+#endif
 
     ssl->handshake->tls_prf( session->master, 48, sender,
                              padbuf, 48, buf, len );
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
 
-    mbedtls_sha512_free( &sha512 );
-
     mbedtls_platform_zeroize(  padbuf, sizeof( padbuf ) );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
@@ -6770,13 +7191,23 @@
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    handshake->fin_sha256_psa = psa_hash_operation_init();
+    psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+#else
     mbedtls_sha256_init(   &handshake->fin_sha256    );
     mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
 #endif
+#endif
 #if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    handshake->fin_sha384_psa = psa_hash_operation_init();
+    psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
     mbedtls_sha512_init(   &handshake->fin_sha512    );
     mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
 #endif
+#endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
     handshake->update_checksum = ssl_update_checksum_start;
@@ -6807,6 +7238,11 @@
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
 #endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    mbedtls_pk_init( &handshake->peer_pubkey );
+#endif
 }
 
 static void ssl_transform_init( mbedtls_ssl_transform *transform )
@@ -7356,7 +7792,8 @@
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
-    if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
+    if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
+                                          session ) ) != 0 )
         return( ret );
 
     ssl->handshake->resume = 1;
@@ -7617,7 +8054,7 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
-                                 psa_key_slot_t psk_slot,
+                                 psa_key_handle_t psk_slot,
                                  const unsigned char *psk_identity,
                                  size_t psk_identity_len )
 {
@@ -7640,7 +8077,7 @@
 }
 
 int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
-                                   psa_key_slot_t psk_slot )
+                                   psa_key_handle_t psk_slot )
 {
     if( psk_slot == 0 || ssl->handshake == NULL )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -8275,12 +8712,17 @@
     if( ssl == NULL || ssl->session == NULL )
         return( NULL );
 
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     return( ssl->session->peer_cert );
+#else
+    return( NULL );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst )
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
+                             mbedtls_ssl_session *dst )
 {
     if( ssl == NULL ||
         dst == NULL ||
@@ -8290,7 +8732,7 @@
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
-    return( ssl_session_copy( dst, ssl->session ) );
+    return( mbedtls_ssl_session_copy( dst, ssl->session ) );
 }
 #endif /* MBEDTLS_SSL_CLI_C */
 
@@ -9079,11 +9521,19 @@
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_abort( &handshake->fin_sha256_psa );
+#else
     mbedtls_sha256_free(   &handshake->fin_sha256    );
 #endif
+#endif
 #if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_abort( &handshake->fin_sha384_psa );
+#else
     mbedtls_sha512_free(   &handshake->fin_sha512    );
 #endif
+#endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_DHM_C)
@@ -9136,14 +9586,29 @@
 
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
     mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
+    if( handshake->ecrs_peer_cert != NULL )
+    {
+        mbedtls_x509_crt_free( handshake->ecrs_peer_cert );
+        mbedtls_free( handshake->ecrs_peer_cert );
+    }
 #endif
 
+#if defined(MBEDTLS_X509_CRT_PARSE_C) &&        \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    mbedtls_pk_free( &handshake->peer_pubkey );
+#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     mbedtls_free( handshake->verify_cookie );
     ssl_flight_free( handshake->flight );
     ssl_buffering_free( ssl );
 #endif
 
+#if defined(MBEDTLS_ECDH_C) &&                  \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_destroy_key( handshake->ecdh_psa_privkey );
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
+
     mbedtls_platform_zeroize( handshake,
                               sizeof( mbedtls_ssl_handshake_params ) );
 }
@@ -9154,11 +9619,7 @@
         return;
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( session->peer_cert != NULL )
-    {
-        mbedtls_x509_crt_free( session->peer_cert );
-        mbedtls_free( session->peer_cert );
-    }
+    ssl_clear_peer_cert( session );
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -9972,6 +10433,70 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
+                                            unsigned char *hash, size_t *hashlen,
+                                            unsigned char *data, size_t data_len,
+                                            mbedtls_md_type_t md_alg )
+{
+    psa_status_t status;
+    psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+    psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
+
+    if( ( status = psa_hash_setup( &hash_operation,
+                                   hash_alg ) ) != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
+        goto exit;
+    }
+
+    if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
+                                    64 ) ) != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+        goto exit;
+    }
+
+    if( ( status = psa_hash_update( &hash_operation,
+                                    data, data_len ) ) != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+        goto exit;
+    }
+
+    if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE,
+                                    hashlen ) ) != PSA_SUCCESS )
+    {
+         MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
+         goto exit;
+    }
+
+exit:
+    if( status != PSA_SUCCESS )
+    {
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+        switch( status )
+        {
+            case PSA_ERROR_NOT_SUPPORTED:
+                return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+            case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
+            case PSA_ERROR_BUFFER_TOO_SMALL:
+                return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            case PSA_ERROR_INSUFFICIENT_MEMORY:
+                return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+            default:
+                return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED );
+        }
+    }
+    return( 0 );
+}
+
+#else
+
 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
                                             unsigned char *hash, size_t *hashlen,
                                             unsigned char *data, size_t data_len,
@@ -9982,6 +10507,8 @@
     const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
     *hashlen = mbedtls_md_get_size( md_info );
 
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
+
     mbedtls_md_init( &ctx );
 
     /*
@@ -10026,6 +10553,8 @@
 
     return( ret );
 }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
           MBEDTLS_SSL_PROTO_TLS1_2 */
 
diff --git a/library/version_features.c b/library/version_features.c
index 2bfcfc0..bc34c1c 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -72,6 +72,9 @@
 #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
     "MBEDTLS_PLATFORM_SNPRINTF_ALT",
 #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+    "MBEDTLS_PLATFORM_VSNPRINTF_ALT",
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
 #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
     "MBEDTLS_PLATFORM_NV_SEED_ALT",
 #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
@@ -84,6 +87,9 @@
 #if defined(MBEDTLS_DEPRECATED_REMOVED)
     "MBEDTLS_DEPRECATED_REMOVED",
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_CHECK_PARAMS)
+    "MBEDTLS_CHECK_PARAMS",
+#endif /* MBEDTLS_CHECK_PARAMS */
 #if defined(MBEDTLS_TIMING_ALT)
     "MBEDTLS_TIMING_ALT",
 #endif /* MBEDTLS_TIMING_ALT */
@@ -297,6 +303,9 @@
 #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
     "MBEDTLS_REMOVE_ARC4_CIPHERSUITES",
 #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
+#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
+    "MBEDTLS_REMOVE_3DES_CIPHERSUITES",
+#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
     "MBEDTLS_ECP_DP_SECP192R1_ENABLED",
 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -342,6 +351,9 @@
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     "MBEDTLS_ECP_RESTARTABLE",
 #endif /* MBEDTLS_ECP_RESTARTABLE */
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    "MBEDTLS_ECDH_LEGACY_CONTEXT",
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
     "MBEDTLS_ECDSA_DETERMINISTIC",
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@@ -402,9 +414,9 @@
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
     "MBEDTLS_ENTROPY_NV_SEED",
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
-    "MBEDTLS_PSA_HAS_ITS_IO",
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+    "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER",
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
 #if defined(MBEDTLS_MEMORY_DEBUG)
     "MBEDTLS_MEMORY_DEBUG",
 #endif /* MBEDTLS_MEMORY_DEBUG */
@@ -423,9 +435,9 @@
 #if defined(MBEDTLS_PSA_CRYPTO_SPM)
     "MBEDTLS_PSA_CRYPTO_SPM",
 #endif /* MBEDTLS_PSA_CRYPTO_SPM */
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
-    "MBEDTLS_PSA_HAS_ITS_IO",
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+    "MBEDTLS_PSA_INJECT_ENTROPY",
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
 #if defined(MBEDTLS_RSA_NO_CRT)
     "MBEDTLS_RSA_NO_CRT",
 #endif /* MBEDTLS_RSA_NO_CRT */
@@ -453,6 +465,9 @@
 #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
     "MBEDTLS_SSL_FALLBACK_SCSV",
 #endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE",
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
     "MBEDTLS_SSL_HW_RECORD_ACCEL",
 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
@@ -699,12 +714,9 @@
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
     "MBEDTLS_PSA_CRYPTO_STORAGE_C",
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
-    "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C",
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
-    "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C",
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+    "MBEDTLS_PSA_ITS_FILE_C",
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
 #if defined(MBEDTLS_RIPEMD160_C)
     "MBEDTLS_RIPEMD160_C",
 #endif /* MBEDTLS_RIPEMD160_C */
diff --git a/library/x509.c b/library/x509.c
index 52b5b64..6b7899f 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -116,7 +116,7 @@
 }
 
 /*
- * Parse an algorithm identifier with (optional) paramaters
+ * Parse an algorithm identifier with (optional) parameters
  */
 int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
                   mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c5b6a12..5d82816 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -373,7 +373,7 @@
     for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
     {
         ver_chain->items[i].crt = NULL;
-        ver_chain->items[i].flags = -1;
+        ver_chain->items[i].flags = (uint32_t) -1;
     }
 
     ver_chain->len = 0;
@@ -834,8 +834,10 @@
 /*
  * Parse and fill a single X.509 certificate in DER format
  */
-static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
-                                    size_t buflen )
+static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
+                                    const unsigned char *buf,
+                                    size_t buflen,
+                                    int make_copy )
 {
     int ret;
     size_t len;
@@ -852,7 +854,7 @@
     if( crt == NULL || buf == NULL )
         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
 
-    // Use the original buffer until we figure out actual length
+    /* Use the original buffer until we figure out actual length. */
     p = (unsigned char*) buf;
     len = buflen;
     end = p + len;
@@ -870,25 +872,26 @@
         return( MBEDTLS_ERR_X509_INVALID_FORMAT );
     }
 
-    if( len > (size_t) ( end - p ) )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-    crt_end = p + len;
-
-    // Create and populate a new buffer for the raw field
-    crt->raw.len = crt_end - buf;
-    crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
-    if( p == NULL )
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-    memcpy( p, buf, crt->raw.len );
-
-    // Direct pointers to the new buffer
-    p += crt->raw.len - len;
     end = crt_end = p + len;
+    crt->raw.len = crt_end - buf;
+    if( make_copy != 0 )
+    {
+        /* Create and populate a new buffer for the raw field. */
+        crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
+        if( crt->raw.p == NULL )
+            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+        memcpy( crt->raw.p, buf, crt->raw.len );
+        crt->own_buffer = 1;
+
+        p += crt->raw.len - len;
+        end = crt_end = p + len;
+    }
+    else
+    {
+        crt->raw.p = (unsigned char*) buf;
+        crt->own_buffer = 0;
+    }
 
     /*
      * TBSCertificate  ::=  SEQUENCE  {
@@ -993,11 +996,13 @@
     /*
      * SubjectPublicKeyInfo
      */
+    crt->pk_raw.p = p;
     if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
     {
         mbedtls_x509_crt_free( crt );
         return( ret );
     }
+    crt->pk_raw.len = p - crt->pk_raw.p;
 
     /*
      *  issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
@@ -1091,8 +1096,10 @@
  * Parse one X.509 certificate in DER format from a buffer and add them to a
  * chained list
  */
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
-                        size_t buflen )
+static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
+                                                const unsigned char *buf,
+                                                size_t buflen,
+                                                int make_copy )
 {
     int ret;
     mbedtls_x509_crt *crt = chain, *prev = NULL;
@@ -1124,7 +1131,7 @@
         crt = crt->next;
     }
 
-    if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
+    if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 )
     {
         if( prev )
             prev->next = NULL;
@@ -1138,11 +1145,27 @@
     return( 0 );
 }
 
+int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
+                                       const unsigned char *buf,
+                                       size_t buflen )
+{
+    return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) );
+}
+
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
+                                const unsigned char *buf,
+                                size_t buflen )
+{
+    return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) );
+}
+
 /*
  * Parse one or more PEM certificates from a buffer and add them to the chained
  * list
  */
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
+int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain,
+                            const unsigned char *buf,
+                            size_t buflen )
 {
 #if defined(MBEDTLS_PEM_PARSE_C)
     int success = 0, first_error = 0, total_failed = 0;
@@ -1908,7 +1931,7 @@
     if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
         return( -1 );
 #else
-    psa_hash_operation_t hash_operation;
+    psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
     psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
 
     if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
@@ -2203,7 +2226,7 @@
     }
 
     /* extra precaution against mistakes in the caller */
-    if( parent == NULL )
+    if( *parent == NULL )
     {
         *parent_is_trusted = 0;
         *signature_is_good = 0;
@@ -2261,7 +2284,7 @@
  * Tests for (aspects of) this function should include at least:
  * - trusted EE
  * - EE -> trusted root
- * - EE -> intermedate CA -> trusted root
+ * - EE -> intermediate CA -> trusted root
  * - if relevant: EE untrusted
  * - if relevant: EE -> intermediate, untrusted
  * with the aspect under test checked at each relevant level (EE, int, root).
@@ -2699,7 +2722,7 @@
             mbedtls_free( seq_prv );
         }
 
-        if( cert_cur->raw.p != NULL )
+        if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
         {
             mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
             mbedtls_free( cert_cur->raw.p );
diff --git a/library/x509_csr.c b/library/x509_csr.c
index f844257..c8c08c8 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -279,15 +279,24 @@
     {
         mbedtls_pem_init( &pem );
         ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN CERTIFICATE REQUEST-----",
-                               "-----END CERTIFICATE REQUEST-----",
-                               buf, NULL, 0, &use_len );
+                                       "-----BEGIN CERTIFICATE REQUEST-----",
+                                       "-----END CERTIFICATE REQUEST-----",
+                                       buf, NULL, 0, &use_len );
+        if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        {
+            ret = mbedtls_pem_read_buffer( &pem,
+                                           "-----BEGIN NEW CERTIFICATE REQUEST-----",
+                                           "-----END NEW CERTIFICATE REQUEST-----",
+                                           buf, NULL, 0, &use_len );
+        }
 
         if( ret == 0 )
+        {
             /*
              * Was PEM encoded, parse the result
              */
             ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+        }
 
         mbedtls_pem_free( &pem );
         if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index b1ef216..b6cb745 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -221,23 +221,36 @@
 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
                                          unsigned int key_usage )
 {
-    unsigned char buf[4], ku;
+    unsigned char buf[5], ku[2];
     unsigned char *c;
     int ret;
+    const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
+        MBEDTLS_X509_KU_NON_REPUDIATION   |
+        MBEDTLS_X509_KU_KEY_ENCIPHERMENT  |
+        MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
+        MBEDTLS_X509_KU_KEY_AGREEMENT     |
+        MBEDTLS_X509_KU_KEY_CERT_SIGN     |
+        MBEDTLS_X509_KU_CRL_SIGN          |
+        MBEDTLS_X509_KU_ENCIPHER_ONLY     |
+        MBEDTLS_X509_KU_DECIPHER_ONLY;
 
-    /* We currently only support 7 bits, from 0x80 to 0x02 */
-    if( ( key_usage & ~0xfe ) != 0 )
+    /* Check that nothing other than the allowed flags is set */
+    if( ( key_usage & ~allowed_bits ) != 0 )
         return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
 
-    c = buf + 4;
-    ku = (unsigned char) key_usage;
+    c = buf + 5;
+    ku[0] = (unsigned char)( key_usage      );
+    ku[1] = (unsigned char)( key_usage >> 8 );
+    ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
 
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
+    if( ret < 0 )
         return( ret );
+    else if( ret < 3 || ret > 5 )
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
 
     ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
-                                       1, buf, 4 );
+                                       1, c, (size_t)ret );
     if( ret != 0 )
         return( ret );
 
@@ -253,12 +266,13 @@
 
     c = buf + 4;
 
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+    ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
+    if( ret < 3 || ret > 4 )
         return( ret );
 
     ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
-                                       0, buf, 4 );
+                                       0, c, (size_t)ret );
     if( ret != 0 )
         return( ret );
 
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index f2950ad..8dc39e7 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -94,12 +94,13 @@
 
     c = buf + 4;
 
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
+    ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 );
+    if( ret < 3 || ret > 4 )
         return( ret );
 
     ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
-                                       buf, 4 );
+                                       c, (size_t)ret );
     if( ret != 0 )
         return( ret );
 
@@ -115,12 +116,13 @@
 
     c = buf + 4;
 
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+    ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
+    if( ret < 3 || ret > 4 )
         return( ret );
 
     ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
-                                       buf, 4 );
+                                       c, (size_t)ret );
     if( ret != 0 )
         return( ret );
 
@@ -142,7 +144,7 @@
     size_t len = 0;
     mbedtls_pk_type_t pk_alg;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_operation_t hash_operation;
+    psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
     size_t hash_len;
     psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/programs/.gitignore b/programs/.gitignore
index 453ae0d..30489be 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -9,9 +9,7 @@
 hash/md5sum
 hash/sha1sum
 hash/sha2sum
-pkey/dh_client
 pkey/dh_genprime
-pkey/dh_server
 pkey/ecdsa
 pkey/ecdh_curve25519
 pkey/gen_key
@@ -53,6 +51,7 @@
 test/ssl_cert_test
 test/udp_proxy
 test/zeroize
+test/query_compile_time_config
 util/pem2der
 util/strerror
 x509/cert_app
diff --git a/programs/Makefile b/programs/Makefile
index 2792b09..939f4d5 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -47,35 +47,58 @@
 LOCAL_LDFLAGS += -lz
 endif
 
-APPS =	aes/aescrypt2$(EXEXT)		aes/crypt_and_hash$(EXEXT)	\
-	hash/hello$(EXEXT)		hash/generic_sum$(EXEXT)	\
-					pkey/dh_client$(EXEXT)		\
-	pkey/dh_genprime$(EXEXT)	pkey/dh_server$(EXEXT)		\
-	pkey/ecdh_curve25519$(EXEXT)					\
-	pkey/ecdsa$(EXEXT)		pkey/gen_key$(EXEXT)		\
-	pkey/key_app$(EXEXT)		pkey/key_app_writer$(EXEXT)	\
-	pkey/mpi_demo$(EXEXT)		pkey/pk_decrypt$(EXEXT)		\
-	pkey/pk_encrypt$(EXEXT)		pkey/pk_sign$(EXEXT)		\
-	pkey/pk_verify$(EXEXT)		pkey/rsa_genkey$(EXEXT)		\
-	pkey/rsa_decrypt$(EXEXT)	pkey/rsa_encrypt$(EXEXT)	\
-	pkey/rsa_sign$(EXEXT)		pkey/rsa_verify$(EXEXT)		\
-	pkey/rsa_sign_pss$(EXEXT)	pkey/rsa_verify_pss$(EXEXT)	\
-	psa/crypto_examples$(EXEXT)					\
-	psa/key_ladder_demo$(EXEXT)	psa/psa_constant_names$(EXEXT)	\
-	ssl/dtls_client$(EXEXT)		ssl/dtls_server$(EXEXT)		\
-	ssl/ssl_client1$(EXEXT)		ssl/ssl_client2$(EXEXT)		\
-	ssl/ssl_server$(EXEXT)		ssl/ssl_server2$(EXEXT)		\
-	ssl/ssl_fork_server$(EXEXT)	ssl/mini_client$(EXEXT)		\
-	ssl/ssl_mail_client$(EXEXT)	random/gen_entropy$(EXEXT)	\
-	random/gen_random_havege$(EXEXT)				\
-	random/gen_random_ctr_drbg$(EXEXT)				\
-	test/ssl_cert_test$(EXEXT)	test/benchmark$(EXEXT)		\
-	test/selftest$(EXEXT)		test/udp_proxy$(EXEXT)		\
-	test/zeroize$(EXEXT)						\
-	util/pem2der$(EXEXT)		util/strerror$(EXEXT)		\
-	x509/cert_app$(EXEXT)		x509/crl_app$(EXEXT)		\
-	x509/cert_req$(EXEXT)		x509/cert_write$(EXEXT)		\
-	x509/req_app$(EXEXT)
+APPS = \
+	aes/aescrypt2$(EXEXT) \
+	aes/crypt_and_hash$(EXEXT) \
+	hash/hello$(EXEXT) \
+	hash/generic_sum$(EXEXT) \
+	pkey/dh_genprime$(EXEXT) \
+	pkey/ecdh_curve25519$(EXEXT) \
+	pkey/ecdsa$(EXEXT) \
+	pkey/gen_key$(EXEXT) \
+	pkey/key_app$(EXEXT) \
+	pkey/key_app_writer$(EXEXT) \
+	pkey/mpi_demo$(EXEXT) \
+	pkey/pk_decrypt$(EXEXT) \
+	pkey/pk_encrypt$(EXEXT) \
+	pkey/pk_sign$(EXEXT) \
+	pkey/pk_verify$(EXEXT) \
+	pkey/rsa_genkey$(EXEXT) \
+	pkey/rsa_decrypt$(EXEXT) \
+	pkey/rsa_encrypt$(EXEXT) \
+	pkey/rsa_sign$(EXEXT) \
+	pkey/rsa_verify$(EXEXT) \
+	pkey/rsa_sign_pss$(EXEXT) \
+	pkey/rsa_verify_pss$(EXEXT) \
+	psa/crypto_examples$(EXEXT) \
+	psa/key_ladder_demo$(EXEXT) \
+	psa/psa_constant_names$(EXEXT) \
+	ssl/dtls_client$(EXEXT) \
+	ssl/dtls_server$(EXEXT) \
+	ssl/ssl_client1$(EXEXT) \
+	ssl/ssl_client2$(EXEXT) \
+	ssl/ssl_server$(EXEXT) \
+	ssl/ssl_server2$(EXEXT) \
+	ssl/ssl_fork_server$(EXEXT) \
+	ssl/mini_client$(EXEXT) \
+	ssl/ssl_mail_client$(EXEXT) \
+	random/gen_entropy$(EXEXT) \
+	random/gen_random_havege$(EXEXT) \
+	random/gen_random_ctr_drbg$(EXEXT) \
+	test/ssl_cert_test$(EXEXT) \
+	test/benchmark$(EXEXT) \
+	test/selftest$(EXEXT) \
+	test/udp_proxy$(EXEXT) \
+	test/zeroize$(EXEXT) \
+	test/query_compile_time_config$(EXEXT) \
+	util/pem2der$(EXEXT) \
+	util/strerror$(EXEXT) \
+	x509/cert_app$(EXEXT) \
+	x509/crl_app$(EXEXT) \
+	x509/cert_req$(EXEXT) \
+	x509/cert_write$(EXEXT) \
+	x509/req_app$(EXEXT) \
+# End of APPS
 
 ifdef PTHREAD
 APPS +=	ssl/ssl_pthread_server$(EXEXT)
@@ -103,7 +126,7 @@
 endif
 
 psa/psa_constant_names$(EXEXT): psa/psa_constant_names_generated.c
-psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto_values.h
+psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto_values.h ../include/psa/crypto_extra.h
 	../scripts/generate_psa_constants.py
 
 aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
@@ -122,18 +145,10 @@
 	echo "  CC    hash/generic_sum.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP)
-	echo "  CC    pkey/dh_client.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP)
 	echo "  CC    pkey/dh_genprime.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP)
-	echo "  CC    pkey/dh_server.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP)
 	echo "  CC    pkey/ecdh_curve25519.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -234,17 +249,17 @@
 	echo "  CC    ssl/ssl_client1.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c $(DEP)
+ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c test/query_config.c $(DEP)
 	echo "  CC    ssl/ssl_client2.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
 ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP)
 	echo "  CC    ssl/ssl_server.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(DEP)
+ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c test/query_config.c $(DEP)
 	echo "  CC    ssl/ssl_server2.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
 ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
 	echo "  CC    ssl/ssl_fork_server.c"
@@ -286,6 +301,10 @@
 	echo "  CC    test/zeroize.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.c $(DEP)
+	echo "  CC    test/query_compile_time_config.c"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 util/pem2der$(EXEXT): util/pem2der.c $(DEP)
 	echo "  CC    util/pem2der.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/README.md b/programs/README.md
index eb25a7f..6dd7f71 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -44,8 +44,6 @@
 
 ### Diffie-Hellman key exchange examples
 
-* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key.
-
 * [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.
 
 ### Bignum (`mpi`) usage examples
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 5725eb0..bdeac3a 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -37,6 +37,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -78,6 +79,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     int ret = 0;
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 88b852b..f58e616 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -38,6 +38,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -80,6 +81,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     int ret = 1, i, n;
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index bbe8d92..4b7fe37 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -50,6 +51,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
 {
     int ret = mbedtls_md_file( md_info, filename, sum );
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 2e8c224..6046f86 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -31,6 +31,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #define mbedtls_printf       printf
+#define mbedtls_exit         exit
 #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
 #endif
@@ -46,6 +47,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( void )
 {
     int i, ret;
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 5a37a42..944a100 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -1,12 +1,6 @@
-add_executable(dh_client dh_client.c)
-target_link_libraries(dh_client mbedtls)
-
 add_executable(dh_genprime dh_genprime.c)
 target_link_libraries(dh_genprime mbedtls)
 
-add_executable(dh_server dh_server.c)
-target_link_libraries(dh_server mbedtls)
-
 add_executable(ecdh_curve25519 ecdh_curve25519.c)
 target_link_libraries(ecdh_curve25519 mbedtls)
 
@@ -58,6 +52,6 @@
 add_executable(pk_decrypt pk_decrypt.c)
 target_link_libraries(pk_decrypt mbedtls)
 
-install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
+install(TARGETS dh_genprime key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
         DESTINATION "bin"
         PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
deleted file mode 100644
index 3dadf48..0000000
--- a/programs/pkey/dh_client.c
+++ /dev/null
@@ -1,311 +0,0 @@
-/*
- *  Diffie-Hellman-Merkle key exchange (client side)
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf          printf
-#define mbedtls_time_t          time_t
-#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
-    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
-    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
-    defined(MBEDTLS_SHA1_C)
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define SERVER_NAME "localhost"
-#define SERVER_PORT "11999"
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
-    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
-    !defined(MBEDTLS_SHA1_C)
-int main( void )
-{
-    mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
-           "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
-           "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
-           "MBEDTLS_CTR_DRBG_C not defined.\n");
-    return( 0 );
-}
-#else
-int main( void )
-{
-    FILE *f;
-
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t n, buflen;
-    mbedtls_net_context server_fd;
-
-    unsigned char *p, *end;
-    unsigned char buf[2048];
-    unsigned char hash[32];
-    const char *pers = "dh_client";
-
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_rsa_context rsa;
-    mbedtls_dhm_context dhm;
-    mbedtls_aes_context aes;
-
-    mbedtls_net_init( &server_fd );
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
-    mbedtls_dhm_init( &dhm );
-    mbedtls_aes_init( &aes );
-    mbedtls_ctr_drbg_init( &ctr_drbg );
-
-    /*
-     * 1. Setup the RNG
-     */
-    mbedtls_printf( "\n  . Seeding the random number generator" );
-    fflush( stdout );
-
-    mbedtls_entropy_init( &entropy );
-    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
-                               (const unsigned char *) pers,
-                               strlen( pers ) ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 2. Read the server's public RSA key
-     */
-    mbedtls_printf( "\n  . Reading public key from rsa_pub.txt" );
-    fflush( stdout );
-
-    if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
-    {
-        mbedtls_printf( " failed\n  ! Could not open rsa_pub.txt\n" \
-                "  ! Please run rsa_genkey first\n\n" );
-        goto exit;
-    }
-
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
-    if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret );
-        fclose( f );
-        goto exit;
-    }
-
-    rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
-
-    fclose( f );
-
-    /*
-     * 3. Initiate the connection
-     */
-    mbedtls_printf( "\n  . Connecting to tcp/%s/%s", SERVER_NAME,
-                                             SERVER_PORT );
-    fflush( stdout );
-
-    if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
-                                         SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_connect returned %d\n\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 4a. First get the buffer length
-     */
-    mbedtls_printf( "\n  . Receiving the server's DH parameters" );
-    fflush( stdout );
-
-    memset( buf, 0, sizeof( buf ) );
-
-    if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
-        goto exit;
-    }
-
-    n = buflen = ( buf[0] << 8 ) | buf[1];
-    if( buflen < 1 || buflen > sizeof( buf ) )
-    {
-        mbedtls_printf( " failed\n  ! Got an invalid buffer length\n\n" );
-        goto exit;
-    }
-
-    /*
-     * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
-     */
-    memset( buf, 0, sizeof( buf ) );
-
-    if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
-        goto exit;
-    }
-
-    p = buf, end = buf + buflen;
-
-    if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_dhm_read_params returned %d\n\n", ret );
-        goto exit;
-    }
-
-    if( dhm.len < 64 || dhm.len > 512 )
-    {
-        mbedtls_printf( " failed\n  ! Invalid DHM modulus size\n\n" );
-        goto exit;
-    }
-
-    /*
-     * 5. Check that the server's RSA signature matches
-     *    the SHA-256 hash of (P,G,Ys)
-     */
-    mbedtls_printf( "\n  . Verifying the server's RSA signature" );
-    fflush( stdout );
-
-    p += 2;
-
-    if( ( n = (size_t) ( end - p ) ) != rsa.len )
-    {
-        mbedtls_printf( " failed\n  ! Invalid RSA signature size\n\n" );
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_sha1_ret returned %d\n\n", ret );
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
-                                  MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 6. Send our public value: Yc = G ^ Xc mod P
-     */
-    mbedtls_printf( "\n  . Sending own public value to server" );
-    fflush( stdout );
-
-    n = dhm.len;
-    if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n,
-                                 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_dhm_make_public returned %d\n\n", ret );
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_send returned %d\n\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 7. Derive the shared secret: K = Ys ^ Xc mod P
-     */
-    mbedtls_printf( "\n  . Shared secret: " );
-    fflush( stdout );
-
-    if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
-                                 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
-        goto exit;
-    }
-
-    for( n = 0; n < 16; n++ )
-        mbedtls_printf( "%02x", buf[n] );
-
-    /*
-     * 8. Setup the AES-256 decryption key
-     *
-     * This is an overly simplified example; best practice is
-     * to hash the shared secret with a random value to derive
-     * the keying material for the encryption/decryption keys,
-     * IVs and MACs.
-     */
-    mbedtls_printf( "...\n  . Receiving and decrypting the ciphertext" );
-    fflush( stdout );
-
-    mbedtls_aes_setkey_dec( &aes, buf, 256 );
-
-    memset( buf, 0, sizeof( buf ) );
-
-    if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
-        goto exit;
-    }
-
-    mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
-    buf[16] = '\0';
-    mbedtls_printf( "\n  . Plaintext is \"%s\"\n\n", (char *) buf );
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_net_free( &server_fd );
-
-    mbedtls_aes_free( &aes );
-    mbedtls_rsa_free( &rsa );
-    mbedtls_dhm_free( &dhm );
-    mbedtls_ctr_drbg_free( &ctr_drbg );
-    mbedtls_entropy_free( &entropy );
-
-#if defined(_WIN32)
-    mbedtls_printf( "  + Press Enter to exit this program.\n" );
-    fflush( stdout ); getchar();
-#endif
-
-    return( exit_code );
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
-          MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
-          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 360e355..cca43ca 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_printf          printf
 #define mbedtls_time_t          time_t
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -68,6 +69,18 @@
  */
 #define GENERATOR "4"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char **argv )
 {
     int ret = 1;
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
deleted file mode 100644
index c4e2c39..0000000
--- a/programs/pkey/dh_server.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- *  Diffie-Hellman-Merkle key exchange (server side)
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf          printf
-#define mbedtls_time_t          time_t
-#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
-    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
-    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
-    defined(MBEDTLS_SHA1_C)
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define SERVER_PORT "11999"
-#define PLAINTEXT "==Hello there!=="
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
-    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
-    !defined(MBEDTLS_SHA1_C)
-int main( void )
-{
-    mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
-           "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
-           "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
-           "MBEDTLS_CTR_DRBG_C not defined.\n");
-    return( 0 );
-}
-#else
-int main( void )
-{
-    FILE *f;
-
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t n, buflen;
-    mbedtls_net_context listen_fd, client_fd;
-
-    unsigned char buf[2048];
-    unsigned char hash[32];
-    unsigned char buf2[2];
-    const char *pers = "dh_server";
-
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_rsa_context rsa;
-    mbedtls_dhm_context dhm;
-    mbedtls_aes_context aes;
-
-    mbedtls_mpi N, P, Q, D, E;
-
-    mbedtls_net_init( &listen_fd );
-    mbedtls_net_init( &client_fd );
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
-    mbedtls_dhm_init( &dhm );
-    mbedtls_aes_init( &aes );
-    mbedtls_ctr_drbg_init( &ctr_drbg );
-
-    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
-    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
-
-    /*
-     * 1. Setup the RNG
-     */
-    mbedtls_printf( "\n  . Seeding the random number generator" );
-    fflush( stdout );
-
-    mbedtls_entropy_init( &entropy );
-    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
-                               (const unsigned char *) pers,
-                               strlen( pers ) ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 2a. Read the server's private RSA key
-     */
-    mbedtls_printf( "\n  . Reading private key from rsa_priv.txt" );
-    fflush( stdout );
-
-    if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
-    {
-        mbedtls_printf( " failed\n  ! Could not open rsa_priv.txt\n" \
-                "  ! Please run rsa_genkey first\n\n" );
-        goto exit;
-    }
-
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
-    if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
-                        ret );
-        fclose( f );
-        goto exit;
-    }
-    fclose( f );
-
-    if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_rsa_import returned %d\n\n",
-                        ret );
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_rsa_complete returned %d\n\n",
-                        ret );
-        goto exit;
-    }
-
-    /*
-     * 2b. Get the DHM modulus and generator
-     */
-    mbedtls_printf( "\n  . Reading DH parameters from dh_prime.txt" );
-    fflush( stdout );
-
-    if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
-    {
-        mbedtls_printf( " failed\n  ! Could not open dh_prime.txt\n" \
-                "  ! Please run dh_genprime first\n\n" );
-        goto exit;
-    }
-
-    if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
-        mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! Invalid DH parameter file\n\n" );
-        fclose( f );
-        goto exit;
-    }
-
-    fclose( f );
-
-    /*
-     * 3. Wait for a client to connect
-     */
-    mbedtls_printf( "\n  . Waiting for a remote connection" );
-    fflush( stdout );
-
-    if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_bind returned %d\n\n", ret );
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
-                                    NULL, 0, NULL ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_accept returned %d\n\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 4. Setup the DH parameters (P,G,Ys)
-     */
-    mbedtls_printf( "\n  . Sending the server's DH parameters" );
-    fflush( stdout );
-
-    memset( buf, 0, sizeof( buf ) );
-
-    if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
-                                 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_dhm_make_params returned %d\n\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 5. Sign the parameters and send them
-     */
-    if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_sha1_ret returned %d\n\n", ret );
-        goto exit;
-    }
-
-    buf[n    ] = (unsigned char)( rsa.len >> 8 );
-    buf[n + 1] = (unsigned char)( rsa.len      );
-
-    if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
-                                0, hash, buf + n + 2 ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
-        goto exit;
-    }
-
-    buflen = n + 2 + rsa.len;
-    buf2[0] = (unsigned char)( buflen >> 8 );
-    buf2[1] = (unsigned char)( buflen      );
-
-    if( ( ret = mbedtls_net_send( &client_fd, buf2, 2 ) ) != 2 ||
-        ( ret = mbedtls_net_send( &client_fd, buf, buflen ) ) != (int) buflen )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_send returned %d\n\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 6. Get the client's public value: Yc = G ^ Xc mod P
-     */
-    mbedtls_printf( "\n  . Receiving the client's public value" );
-    fflush( stdout );
-
-    memset( buf, 0, sizeof( buf ) );
-
-    n = dhm.len;
-    if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_dhm_read_public returned %d\n\n", ret );
-        goto exit;
-    }
-
-    /*
-     * 7. Derive the shared secret: K = Ys ^ Xc mod P
-     */
-    mbedtls_printf( "\n  . Shared secret: " );
-    fflush( stdout );
-
-    if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
-                                 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
-        goto exit;
-    }
-
-    for( n = 0; n < 16; n++ )
-        mbedtls_printf( "%02x", buf[n] );
-
-    /*
-     * 8. Setup the AES-256 encryption key
-     *
-     * This is an overly simplified example; best practice is
-     * to hash the shared secret with a random value to derive
-     * the keying material for the encryption/decryption keys
-     * and MACs.
-     */
-    mbedtls_printf( "...\n  . Encrypting and sending the ciphertext" );
-    fflush( stdout );
-
-    mbedtls_aes_setkey_enc( &aes, buf, 256 );
-    memcpy( buf, PLAINTEXT, 16 );
-    mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
-
-    if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_net_send returned %d\n\n", ret );
-        goto exit;
-    }
-
-    mbedtls_printf( "\n\n" );
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
-    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
-
-    mbedtls_net_free( &client_fd );
-    mbedtls_net_free( &listen_fd );
-
-    mbedtls_aes_free( &aes );
-    mbedtls_rsa_free( &rsa );
-    mbedtls_dhm_free( &dhm );
-    mbedtls_ctr_drbg_free( &ctr_drbg );
-    mbedtls_entropy_free( &entropy );
-
-#if defined(_WIN32)
-    mbedtls_printf( "  + Press Enter to exit this program.\n" );
-    fflush( stdout ); getchar();
-#endif
-
-    return( exit_code );
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
-          MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
-          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 5db0408..9267c7e 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -31,16 +31,17 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
-#if !defined(MBEDTLS_ECDH_C) || \
+#if !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) || \
     !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
     !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
 int main( void )
 {
-    mbedtls_printf( "MBEDTLS_ECDH_C and/or "
+    mbedtls_printf( "MBEDTLS_ECDH_C and/or MBEDTLS_ECDH_LEGACY_CONTEXT and/or "
                     "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
                     "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
                     "not defined\n" );
@@ -52,6 +53,18 @@
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/ecdh.h"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     int ret = 1;
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index c653df9..4471a20 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -99,6 +100,18 @@
 #define dump_pubkey( a, b )
 #endif
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     int ret = 1;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index f01bf5f..35fc149 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -135,6 +136,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
@@ -322,7 +336,8 @@
     mbedtls_printf( "\n  . Generating the private key ..." );
     fflush( stdout );
 
-    if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( opt.type ) ) ) != 0 )
+    if( ( ret = mbedtls_pk_setup( &key,
+            mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 )
     {
         mbedtls_printf( " failed\n  !  mbedtls_pk_setup returned -0x%04x", -ret );
         goto exit;
@@ -344,7 +359,8 @@
 #if defined(MBEDTLS_ECP_C)
     if( opt.type == MBEDTLS_PK_ECKEY )
     {
-        ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ),
+        ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) opt.ec_curve,
+                                   mbedtls_pk_ec( key ),
                                    mbedtls_ctr_drbg_random, &ctr_drbg );
         if( ret != 0 )
         {
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 027b95f..b4860fe 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -39,7 +40,7 @@
     defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
 #include "mbedtls/error.h"
 #include "mbedtls/rsa.h"
-#include "mbedtls/x509.h"
+#include "mbedtls/pk.h"
 
 #include <string.h>
 #endif
@@ -73,6 +74,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 13602c2..b81530c 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -87,13 +88,28 @@
     USAGE_OUT                                           \
     "\n"
 
-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO)
+#if !defined(MBEDTLS_PK_PARSE_C) || \
+    !defined(MBEDTLS_PK_WRITE_C) || \
+    !defined(MBEDTLS_FS_IO)
 int main( void )
 {
-    mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
+    mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
@@ -173,7 +189,7 @@
             return( ret );
 
         len = ret;
-        c = output_buf + sizeof(output_buf) - len - 1;
+        c = output_buf + sizeof(output_buf) - len;
     }
 
     if( ( f = fopen( output_file, "w" ) ) == NULL )
@@ -433,4 +449,4 @@
 
     return( exit_code );
 }
-#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 365bdc4..80573c0 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -48,6 +49,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( void )
 {
     int ret = 1;
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 1d8c959..978f39e 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -59,6 +60,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 22dedba..806c59a 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -59,6 +60,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 7ec4675..7354082 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -59,6 +60,18 @@
 #include <stdio.h>
 #include <string.h>
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 3c7709f..9fcf029 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -55,6 +56,18 @@
 #include <stdio.h>
 #include <string.h>
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 0a252d2..dc8a920 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -58,6 +58,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 411657a..e9effe8 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -58,6 +58,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 3359e14..c66f4e7 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -41,7 +42,6 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/bignum.h"
-#include "mbedtls/x509.h"
 #include "mbedtls/rsa.h"
 
 #include <stdio.h>
@@ -62,6 +62,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( void )
 {
     int ret = 1;
@@ -146,19 +159,6 @@
         mbedtls_printf( " failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret );
         goto exit;
     }
-/*
-    mbedtls_printf( " ok\n  . Generating the certificate..." );
-
-    x509write_init_raw( &cert );
-    x509write_add_pubkey( &cert, &rsa );
-    x509write_add_subject( &cert, "CN='localhost'" );
-    x509write_add_validity( &cert, "2007-09-06 17:00:32",
-                                   "2010-09-06 17:00:32" );
-    x509write_create_selfsign( &cert, &rsa );
-    x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER );
-    x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
-    x509write_free_raw( &cert );
-*/
     mbedtls_printf( " ok\n\n" );
 
     exit_code = MBEDTLS_EXIT_SUCCESS;
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index b16fe5d..f014872 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -33,6 +33,7 @@
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
 #define mbedtls_snprintf        snprintf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -55,6 +56,18 @@
 #include <stdio.h>
 #include <string.h>
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index b0b0f7e..cb69fa6 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -54,12 +55,23 @@
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/md.h"
 #include "mbedtls/rsa.h"
-#include "mbedtls/md.h"
-#include "mbedtls/x509.h"
+#include "mbedtls/pk.h"
 
 #include <stdio.h>
 #include <string.h>
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 6f88345..5d1c085 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_printf          printf
 #define mbedtls_snprintf        snprintf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -54,6 +55,18 @@
 #include <stdio.h>
 #include <string.h>
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 7c9c68f..d745274 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -54,11 +55,22 @@
 #include "mbedtls/pem.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/md.h"
-#include "mbedtls/x509.h"
 
 #include <stdio.h>
 #include <string.h>
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index a0fe803..c80043b 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -1,7 +1,26 @@
 add_executable(crypto_examples crypto_examples.c)
 target_link_libraries(crypto_examples mbedtls)
 
-install(TARGETS crypto_examples
+add_executable(key_ladder_demo key_ladder_demo.c)
+target_link_libraries(key_ladder_demo mbedtls)
+
+add_executable(psa_constant_names psa_constant_names.c)
+target_link_libraries(psa_constant_names mbedtls)
+
+add_custom_target(
+    psa_constant_names_generated
+    COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py
+    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../
+)
+add_dependencies(psa_constant_names psa_constant_names_generated)
+
+install(TARGETS
+            crypto_examples
+            key_ladder_demo
+            psa_constant_names
         DESTINATION "bin"
         PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
 
+install(PROGRAMS
+            key_ladder_demo.sh
+        DESTINATION "bin")
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index 7291c34..1a81f45 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -1,20 +1,15 @@
 #include "psa/crypto.h"
 #include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
 #include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
 
 #define ASSERT( predicate )                                                   \
     do                                                                        \
     {                                                                         \
         if( ! ( predicate ) )                                                 \
         {                                                                     \
-            mbedtls_printf( "\tassertion failed at %s:%d - '%s'\r\n",         \
-                            __FILE__, __LINE__, #predicate);                  \
+            printf( "\tassertion failed at %s:%d - '%s'\r\n",         \
+                    __FILE__, __LINE__, #predicate);                  \
             goto exit;                                                        \
         }                                                                     \
     } while ( 0 )
@@ -24,8 +19,8 @@
     {                                                                         \
         if( ( actual ) != ( expected ) )                                      \
         {                                                                     \
-            mbedtls_printf( "\tassertion failed at %s:%d - "                  \
-                            "actual:%d expected:%d\r\n", __FILE__, __LINE__,  \
+            printf( "\tassertion failed at %s:%d - "                  \
+                    "actual:%d expected:%d\r\n", __FILE__, __LINE__,  \
                             (psa_status_t) actual, (psa_status_t) expected ); \
             goto exit;                                                        \
         }                                                                     \
@@ -36,28 +31,14 @@
     !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
 int main( void )
 {
-    mbedtls_printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
-                    "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
-                    "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
-                    "not defined.\r\n" );
+    printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
+            "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
+            "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
+            "not defined.\r\n" );
     return( 0 );
 }
 #else
 
-static psa_status_t set_key_policy( psa_key_handle_t key_handle,
-                                    psa_key_usage_t key_usage,
-                                    psa_algorithm_t alg )
-{
-    psa_status_t status;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
-    psa_key_policy_set_usage( &policy, key_usage, alg );
-    status = psa_set_key_policy( key_handle, &policy );
-    ASSERT_STATUS( status, PSA_SUCCESS );
-exit:
-    return( status );
-}
-
 static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
                                       const uint8_t * input,
                                       size_t input_size,
@@ -106,7 +87,7 @@
                                     size_t *output_len )
 {
     psa_status_t status;
-    psa_cipher_operation_t operation;
+    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
     size_t iv_len = 0;
 
     memset( &operation, 0, sizeof( operation ) );
@@ -137,7 +118,7 @@
                                     size_t *output_len )
 {
     psa_status_t status;
-    psa_cipher_operation_t operation;
+    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
 
     memset( &operation, 0, sizeof( operation ) );
     status = psa_cipher_decrypt_setup( &operation, key_handle, alg );
@@ -166,6 +147,7 @@
     const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
 
     psa_status_t status;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size];
@@ -176,16 +158,13 @@
     status = psa_generate_random( input, sizeof( input ) );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = psa_allocate_key( &key_handle );
-    ASSERT_STATUS( status, PSA_SUCCESS );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+    psa_set_key_bits( &attributes, key_bits );
 
-    status = set_key_policy( key_handle,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                             alg );
-    ASSERT_STATUS( status, PSA_SUCCESS );
-
-    status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
-                               NULL, 0 );
+    status = psa_generate_key( &attributes, &key_handle );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
     status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
@@ -218,6 +197,7 @@
     const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
 
     psa_status_t status;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size],
@@ -229,13 +209,13 @@
     status = psa_allocate_key( &key_handle );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = set_key_policy( key_handle,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                             alg );
-    ASSERT_STATUS( status, PSA_SUCCESS );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+    psa_set_key_bits( &attributes, key_bits );
 
-    status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
-                               NULL, 0 );
+    status = psa_generate_key( &attributes, &key_handle );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
     status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
@@ -267,6 +247,7 @@
     const psa_algorithm_t alg = PSA_ALG_CTR;
 
     psa_status_t status;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size], encrypt[input_size],
@@ -275,15 +256,13 @@
     status = psa_generate_random( input, sizeof( input ) );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = psa_allocate_key( &key_handle );
-    ASSERT_STATUS( status, PSA_SUCCESS );
-    status = set_key_policy( key_handle,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                             alg );
-    ASSERT_STATUS( status, PSA_SUCCESS );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+    psa_set_key_bits( &attributes, key_bits );
 
-    status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
-                               NULL, 0 );
+    status = psa_generate_key( &attributes, &key_handle );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
     status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
@@ -308,22 +287,34 @@
 {
     psa_status_t status;
 
-    mbedtls_printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
+    printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
     status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( );
     if( status == PSA_SUCCESS )
-        mbedtls_printf( "\tsuccess!\r\n" );
+        printf( "\tsuccess!\r\n" );
 
-    mbedtls_printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
+    printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
     status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( );
     if( status == PSA_SUCCESS )
-        mbedtls_printf( "\tsuccess!\r\n" );
+        printf( "\tsuccess!\r\n" );
 
-    mbedtls_printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
+    printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
     status = cipher_example_encrypt_decrypt_aes_ctr_multi( );
     if( status == PSA_SUCCESS )
-        mbedtls_printf( "\tsuccess!\r\n" );
+        printf( "\tsuccess!\r\n" );
 }
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    exit( EXIT_FAILURE );
+}
+#endif
+
 int main( void )
 {
     ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 45a9b6f..36d7b5d 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -57,16 +57,7 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
 #include <stdlib.h>
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#define mbedtls_calloc       calloc
-#define mbedtls_free         free
-#define mbedtls_printf       printf
-#endif
 #include <stdio.h>
 #include <string.h>
 
@@ -78,9 +69,9 @@
     !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO)
 int main( void )
 {
-    mbedtls_printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
-                   "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
-                   "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
+    printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
+           "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
+           "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
     return( 0 );
 }
 #else
@@ -111,10 +102,10 @@
         status = ( expr );                                      \
         if( status != PSA_SUCCESS )                             \
         {                                                       \
-            mbedtls_printf( "Error %d at line %u: %s\n",        \
-                            (int) status,                       \
-                            __LINE__,                           \
-                            #expr );                            \
+            printf( "Error %d at line %u: %s\n",                \
+                    (int) status,                               \
+                    __LINE__,                                   \
+                    #expr );                                    \
             goto exit;                                          \
         }                                                       \
     }                                                           \
@@ -209,18 +200,15 @@
 {
     psa_status_t status = PSA_SUCCESS;
     psa_key_handle_t key_handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-    PSA_CHECK( psa_allocate_key( &key_handle ) );
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
-                              KDF_ALG );
-    PSA_CHECK( psa_set_key_policy( key_handle, &policy ) );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &attributes, KDF_ALG );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+    psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
 
-    PSA_CHECK( psa_generate_key( key_handle,
-                                 PSA_KEY_TYPE_DERIVE,
-                                 PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
-                                 NULL, 0 ) );
+    PSA_CHECK( psa_generate_key( &attributes, &key_handle ) );
 
     PSA_CHECK( save_key( key_handle, key_file_name ) );
 
@@ -240,7 +228,7 @@
                                           psa_key_handle_t *master_key_handle )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     uint8_t key_data[KEY_SIZE_BYTES];
     size_t key_size;
     FILE *key_file = NULL;
@@ -253,20 +241,19 @@
                                    key_file ) ) != 0 );
     if( fread( &extra_byte, 1, 1, key_file ) != 0 )
     {
-        mbedtls_printf( "Key file too large (max: %u).\n",
-                        (unsigned) sizeof( key_data ) );
+        printf( "Key file too large (max: %u).\n",
+                (unsigned) sizeof( key_data ) );
         status = DEMO_ERROR;
         goto exit;
     }
     SYS_CHECK( fclose( key_file ) == 0 );
     key_file = NULL;
 
-    PSA_CHECK( psa_allocate_key( master_key_handle ) );
-    psa_key_policy_set_usage( &policy, usage, alg );
-    PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
-    PSA_CHECK( psa_import_key( *master_key_handle,
-                               PSA_KEY_TYPE_DERIVE,
-                               key_data, key_size ) );
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+    PSA_CHECK( psa_import_key( &attributes, key_data, key_size,
+                               master_key_handle ) );
 exit:
     if( key_file != NULL )
         fclose( key_file );
@@ -291,12 +278,15 @@
                                        psa_key_handle_t *key_handle )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
     size_t i;
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
-                              KDF_ALG );
+
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &attributes, KDF_ALG );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+    psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
 
     /* For each label in turn, ... */
     for( i = 0; i < ladder_depth; i++ )
@@ -314,20 +304,15 @@
          * since it is no longer needed. */
         PSA_CHECK( psa_close_key( *key_handle ) );
         *key_handle = 0;
-        PSA_CHECK( psa_allocate_key( key_handle ) );
-        PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
         /* Use the generator obtained from the parent key to create
          * the next intermediate key. */
-        PSA_CHECK( psa_generator_import_key(
-                       *key_handle,
-                       PSA_KEY_TYPE_DERIVE,
-                       PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
-                       &generator ) );
-        PSA_CHECK( psa_generator_abort( &generator ) );
+        PSA_CHECK( psa_key_derivation_output_key( &attributes, &generator,
+                                             key_handle ) );
+        PSA_CHECK( psa_key_derivation_abort( &generator ) );
     }
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &generator );
     if( status != PSA_SUCCESS )
     {
         psa_close_key( *key_handle );
@@ -342,13 +327,14 @@
                                          psa_key_handle_t *wrapping_key_handle )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
 
     *wrapping_key_handle = 0;
-    PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
-    psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
-    PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, WRAPPING_ALG );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+    psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
 
     PSA_CHECK( psa_key_derivation(
                    &generator,
@@ -357,14 +343,11 @@
                    WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
                    NULL, 0,
                    PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
-    PSA_CHECK( psa_generator_import_key(
-                   *wrapping_key_handle,
-                   PSA_KEY_TYPE_AES,
-                   WRAPPING_KEY_BITS,
-                   &generator ) );
+    PSA_CHECK( psa_key_derivation_output_key( &attributes, &generator,
+                                         wrapping_key_handle ) );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &generator );
     if( status != PSA_SUCCESS )
     {
         psa_close_key( *wrapping_key_handle );
@@ -394,7 +377,7 @@
 #if LONG_MAX > SIZE_MAX
     if( input_position > SIZE_MAX )
     {
-        mbedtls_printf( "Input file too large.\n" );
+        printf( "Input file too large.\n" );
         status = DEMO_ERROR;
         goto exit;
     }
@@ -404,14 +387,14 @@
     /* Check for integer overflow. */
     if( buffer_size < input_size )
     {
-        mbedtls_printf( "Input file too large.\n" );
+        printf( "Input file too large.\n" );
         status = DEMO_ERROR;
         goto exit;
     }
 
     /* Load the data to wrap. */
     SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 );
-    SYS_CHECK( ( buffer = mbedtls_calloc( 1, buffer_size ) ) != NULL );
+    SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL );
     SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size );
     SYS_CHECK( fclose( input_file ) == 0 );
     input_file = NULL;
@@ -446,7 +429,7 @@
         fclose( output_file );
     if( buffer != NULL )
         mbedtls_platform_zeroize( buffer, buffer_size );
-    mbedtls_free( buffer );
+    free( buffer );
     return( status );
 }
 
@@ -470,13 +453,13 @@
     if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
                 WRAPPED_DATA_MAGIC_LENGTH ) != 0 )
     {
-        mbedtls_printf( "The input does not start with a valid magic header.\n" );
+        printf( "The input does not start with a valid magic header.\n" );
         status = DEMO_ERROR;
         goto exit;
     }
     if( header.ad_size != sizeof( header ) )
     {
-        mbedtls_printf( "The header size is not correct.\n" );
+        printf( "The header size is not correct.\n" );
         status = DEMO_ERROR;
         goto exit;
     }
@@ -485,18 +468,18 @@
     /* Check for integer overflow. */
     if( ciphertext_size < header.payload_size )
     {
-        mbedtls_printf( "Input file too large.\n" );
+        printf( "Input file too large.\n" );
         status = DEMO_ERROR;
         goto exit;
     }
 
     /* Load the payload data. */
-    SYS_CHECK( ( buffer = mbedtls_calloc( 1, ciphertext_size ) ) != NULL );
+    SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL );
     SYS_CHECK( fread( buffer, 1, ciphertext_size,
                       input_file ) == ciphertext_size );
     if( fread( &extra_byte, 1, 1, input_file ) != 0 )
     {
-        mbedtls_printf( "Extra garbage after ciphertext\n" );
+        printf( "Extra garbage after ciphertext\n" );
         status = DEMO_ERROR;
         goto exit;
     }
@@ -512,7 +495,7 @@
                                  &plaintext_size ) );
     if( plaintext_size != header.payload_size )
     {
-        mbedtls_printf( "Incorrect payload size in the header.\n" );
+        printf( "Incorrect payload size in the header.\n" );
         status = DEMO_ERROR;
         goto exit;
     }
@@ -531,7 +514,7 @@
         fclose( output_file );
     if( buffer != NULL )
         mbedtls_platform_zeroize( buffer, ciphertext_size );
-    mbedtls_free( buffer );
+    free( buffer );
     return( status );
 }
 
@@ -599,30 +582,42 @@
 
 static void usage( void )
 {
-    mbedtls_printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
-    mbedtls_printf( "Demonstrate the usage of a key derivation ladder.\n" );
-    mbedtls_printf( "\n" );
-    mbedtls_printf( "Modes:\n" );
-    mbedtls_printf( "  generate  Generate the master key\n" );
-    mbedtls_printf( "  save      Save the derived key\n" );
-    mbedtls_printf( "  unwrap    Unwrap (decrypt) input with the derived key\n" );
-    mbedtls_printf( "  wrap      Wrap (encrypt) input with the derived key\n" );
-    mbedtls_printf( "\n" );
-    mbedtls_printf( "Options:\n" );
-    mbedtls_printf( "  input=FILENAME    Input file (required for wrap/unwrap)\n" );
-    mbedtls_printf( "  master=FILENAME   File containing the master key (default: master.key)\n" );
-    mbedtls_printf( "  output=FILENAME   Output file (required for save/wrap/unwrap)\n" );
-    mbedtls_printf( "  label=TEXT        Label for the key derivation.\n" );
-    mbedtls_printf( "                    This may be repeated multiple times.\n" );
-    mbedtls_printf( "                    To get the same key, you must use the same master key\n" );
-    mbedtls_printf( "                    and the same sequence of labels.\n" );
+    printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
+    printf( "Demonstrate the usage of a key derivation ladder.\n" );
+    printf( "\n" );
+    printf( "Modes:\n" );
+    printf( "  generate  Generate the master key\n" );
+    printf( "  save      Save the derived key\n" );
+    printf( "  unwrap    Unwrap (decrypt) input with the derived key\n" );
+    printf( "  wrap      Wrap (encrypt) input with the derived key\n" );
+    printf( "\n" );
+    printf( "Options:\n" );
+    printf( "  input=FILENAME    Input file (required for wrap/unwrap)\n" );
+    printf( "  master=FILENAME   File containing the master key (default: master.key)\n" );
+    printf( "  output=FILENAME   Output file (required for save/wrap/unwrap)\n" );
+    printf( "  label=TEXT        Label for the key derivation.\n" );
+    printf( "                    This may be repeated multiple times.\n" );
+    printf( "                    To get the same key, you must use the same master key\n" );
+    printf( "                    and the same sequence of labels.\n" );
 }
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    exit( EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
-    char *key_file_name = "master.key";
-    char *input_file_name = NULL;
-    char *output_file_name = NULL;
+    const char *key_file_name = "master.key";
+    const char *input_file_name = NULL;
+    const char *output_file_name = NULL;
     const char *ladder[MAX_LADDER_DEPTH];
     size_t ladder_depth = 0;
     int i;
@@ -635,7 +630,7 @@
         strcmp( argv[1], "--help" ) == 0 )
     {
         usage( );
-        return( MBEDTLS_EXIT_SUCCESS );
+        return( EXIT_SUCCESS );
     }
 
     for( i = 2; i < argc; i++ )
@@ -643,7 +638,7 @@
         char *q = strchr( argv[i], '=' );
         if( q == NULL )
         {
-            mbedtls_printf( "Missing argument to option %s\n", argv[i] );
+            printf( "Missing argument to option %s\n", argv[i] );
             goto usage_failure;
         }
         *q = 0;
@@ -654,9 +649,9 @@
         {
             if( ladder_depth == MAX_LADDER_DEPTH )
             {
-                mbedtls_printf( "Maximum ladder depth %u exceeded.\n",
+                printf( "Maximum ladder depth %u exceeded.\n",
                                 (unsigned) MAX_LADDER_DEPTH );
-                return( MBEDTLS_EXIT_FAILURE );
+                return( EXIT_FAILURE );
             }
             ladder[ladder_depth] = q;
             ++ladder_depth;
@@ -667,7 +662,7 @@
             output_file_name = q;
         else
         {
-            mbedtls_printf( "Unknown option: %s\n", argv[i] );
+            printf( "Unknown option: %s\n", argv[i] );
             goto usage_failure;
         }
     }
@@ -682,20 +677,20 @@
         mode = MODE_WRAP;
     else
     {
-        mbedtls_printf( "Unknown action: %s\n", argv[1] );
+        printf( "Unknown action: %s\n", argv[1] );
         goto usage_failure;
     }
 
     if( input_file_name == NULL &&
         ( mode == MODE_WRAP || mode == MODE_UNWRAP ) )
     {
-        mbedtls_printf( "Required argument missing: input\n" );
+        printf( "Required argument missing: input\n" );
         return( DEMO_ERROR );
     }
     if( output_file_name == NULL &&
         ( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) )
     {
-        mbedtls_printf( "Required argument missing: output\n" );
+        printf( "Required argument missing: output\n" );
         return( DEMO_ERROR );
     }
 
@@ -703,11 +698,11 @@
                   ladder, ladder_depth,
                   input_file_name, output_file_name );
     return( status == PSA_SUCCESS ?
-            MBEDTLS_EXIT_SUCCESS :
-            MBEDTLS_EXIT_FAILURE );
+            EXIT_SUCCESS :
+            EXIT_FAILURE );
 
 usage_failure:
     usage( );
-    return( MBEDTLS_EXIT_FAILURE );
+    return( EXIT_FAILURE );
 }
 #endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
index dd19677..73692d0 100644
--- a/programs/psa/psa_constant_names.c
+++ b/programs/psa/psa_constant_names.c
@@ -1,3 +1,5 @@
+#include <errno.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -62,6 +64,7 @@
 
 /* The code of these function is automatically generated and included below. */
 static const char *psa_ecc_curve_name(psa_ecc_curve_t curve);
+static const char *psa_dh_group_name(psa_dh_group_t group);
 static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg);
 
 static void append_with_curve(char **buffer, size_t buffer_size,
@@ -82,24 +85,41 @@
     append(buffer, buffer_size, required_size, ")", 1);
 }
 
-static void append_with_hash(char **buffer, size_t buffer_size,
-                             size_t *required_size,
-                             const char *string, size_t length,
-                             psa_algorithm_t hash_alg)
+static void append_with_group(char **buffer, size_t buffer_size,
+                              size_t *required_size,
+                              const char *string, size_t length,
+                              psa_dh_group_t group)
 {
-    const char *hash_name = psa_hash_algorithm_name(hash_alg);
+    const char *group_name = psa_dh_group_name(group);
     append(buffer, buffer_size, required_size, string, length);
     append(buffer, buffer_size, required_size, "(", 1);
-    if (hash_name != NULL) {
+    if (group_name != NULL) {
         append(buffer, buffer_size, required_size,
-               hash_name, strlen(hash_name));
+               group_name, strlen(group_name));
     } else {
         append_integer(buffer, buffer_size, required_size,
-                       "0x%08lx", hash_alg);
+                       "0x%04x", group);
     }
     append(buffer, buffer_size, required_size, ")", 1);
 }
 
+typedef const char *(*psa_get_algorithm_name_func_ptr)(psa_algorithm_t alg);
+
+static void append_with_alg(char **buffer, size_t buffer_size,
+                            size_t *required_size,
+                            psa_get_algorithm_name_func_ptr get_name,
+                            psa_algorithm_t alg)
+{
+    const char *name = get_name(alg);
+    if (name != NULL) {
+        append(buffer, buffer_size, required_size,
+               name, strlen(name));
+    } else {
+        append_integer(buffer, buffer_size, required_size,
+                       "0x%08lx", alg);
+    }
+}
+
 #include "psa_constant_names_generated.c"
 
 static int psa_snprint_status(char *buffer, size_t buffer_size,
@@ -136,25 +156,125 @@
     }
 }
 
+static int psa_snprint_dh_group(char *buffer, size_t buffer_size,
+                                psa_dh_group_t group)
+{
+    const char *name = psa_dh_group_name(group);
+    if (name == NULL) {
+        return snprintf(buffer, buffer_size, "0x%04x", (unsigned) group);
+    } else {
+        size_t length = strlen(name);
+        if (length < buffer_size) {
+            memcpy(buffer, name, length + 1);
+            return (int) length;
+        } else {
+            return (int) buffer_size;
+        }
+    }
+}
+
 static void usage(const char *program_name)
 {
-    printf("Usage: %s TYPE VALUE\n",
+    printf("Usage: %s TYPE VALUE [VALUE...]\n",
            program_name == NULL ? "psa_constant_names" : program_name);
     printf("Print the symbolic name whose numerical value is VALUE in TYPE.\n");
     printf("Supported types (with = between aliases):\n");
     printf("  alg=algorithm         Algorithm (psa_algorithm_t)\n");
     printf("  curve=ecc_curve       Elliptic curve identifier (psa_ecc_curve_t)\n");
+    printf("  group=dh_group        Diffie-Hellman group identifier (psa_dh_group_t)\n");
     printf("  type=key_type         Key type (psa_key_type_t)\n");
     printf("  usage=key_usage       Key usage (psa_key_usage_t)\n");
     printf("  error=status          Status code (psa_status_t)\n");
 }
 
+typedef enum {
+    TYPE_STATUS,
+} signed_value_type;
+
+int process_signed(signed_value_type type, long min, long max, char **argp)
+{
+    for (; *argp != NULL; argp++) {
+        char buffer[200];
+        char *end;
+        long value = strtol(*argp, &end, 0);
+        if (*end) {
+            printf("Non-numeric value: %s\n", *argp);
+            return EXIT_FAILURE;
+        }
+        if (value < min || (errno == ERANGE && value < 0)) {
+            printf("Value too small: %s\n", *argp);
+            return EXIT_FAILURE;
+        }
+        if (value > max || (errno == ERANGE && value > 0)) {
+            printf("Value too large: %s\n", *argp);
+            return EXIT_FAILURE;
+        }
+
+        switch (type) {
+            case TYPE_STATUS:
+                psa_snprint_status(buffer, sizeof(buffer),
+                                   (psa_status_t) value);
+                break;
+        }
+        puts(buffer);
+    }
+
+    return EXIT_SUCCESS;
+}
+
+typedef enum {
+    TYPE_ALGORITHM,
+    TYPE_ECC_CURVE,
+    TYPE_DH_GROUP,
+    TYPE_KEY_TYPE,
+    TYPE_KEY_USAGE,
+} unsigned_value_type;
+
+int process_unsigned(unsigned_value_type type, unsigned long max, char **argp)
+{
+    for (; *argp != NULL; argp++) {
+        char buffer[200];
+        char *end;
+        unsigned long value = strtoul(*argp, &end, 0);
+        if (*end) {
+            printf("Non-numeric value: %s\n", *argp);
+            return EXIT_FAILURE;
+        }
+        if (value > max || errno == ERANGE) {
+            printf("Value out of range: %s\n", *argp);
+            return EXIT_FAILURE;
+        }
+
+        switch (type) {
+            case TYPE_ALGORITHM:
+                psa_snprint_algorithm(buffer, sizeof(buffer),
+                                      (psa_algorithm_t) value);
+                break;
+            case TYPE_ECC_CURVE:
+                psa_snprint_ecc_curve(buffer, sizeof(buffer),
+                                      (psa_ecc_curve_t) value);
+                break;
+            case TYPE_DH_GROUP:
+                psa_snprint_dh_group(buffer, sizeof(buffer),
+                                     (psa_dh_group_t) value);
+                break;
+            case TYPE_KEY_TYPE:
+                psa_snprint_key_type(buffer, sizeof(buffer),
+                                     (psa_key_type_t) value);
+                break;
+            case TYPE_KEY_USAGE:
+                psa_snprint_key_usage(buffer, sizeof(buffer),
+                                      (psa_key_usage_t) value);
+                break;
+        }
+        puts(buffer);
+    }
+
+    return EXIT_SUCCESS;
+}
+
 int main(int argc, char *argv[])
 {
-    char buffer[200];
-    unsigned long value;
-    char *end;
-
     if (argc <= 1 ||
         !strcmp(argv[1], "help") ||
         !strcmp(argv[1], "--help"))
@@ -162,31 +282,29 @@
         usage(argv[0]);
         return EXIT_FAILURE;
     }
-    if (argc != 3) {
-        usage(argv[0]);
-        return EXIT_FAILURE;
-    }
-    value = strtoul(argv[2], &end, 0);
-    if (*end) {
-        printf("Non-numeric value: %s\n", argv[2]);
-        return EXIT_FAILURE;
-    }
 
-    if (!strcmp(argv[1], "error") || !strcmp(argv[1], "status"))
-        psa_snprint_status(buffer, sizeof(buffer), (psa_status_t) value);
-    else if (!strcmp(argv[1], "alg") || !strcmp(argv[1], "algorithm"))
-        psa_snprint_algorithm(buffer, sizeof(buffer), (psa_algorithm_t) value);
-    else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve"))
-        psa_snprint_ecc_curve(buffer, sizeof(buffer), (psa_ecc_curve_t) value);
-    else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type"))
-        psa_snprint_key_type(buffer, sizeof(buffer), (psa_key_type_t) value);
-    else if (!strcmp(argv[1], "usage") || !strcmp(argv[1], "key_usage"))
-        psa_snprint_key_usage(buffer, sizeof(buffer), (psa_key_usage_t) value);
-    else {
+    if (!strcmp(argv[1], "error") || !strcmp(argv[1], "status")) {
+        /* There's no way to obtain the actual range of a signed type,
+         * so hard-code it here: psa_status_t is int32_t. */
+        return process_signed(TYPE_STATUS, INT32_MIN, INT32_MAX,
+                              argv + 2);
+    } else if (!strcmp(argv[1], "alg") || !strcmp(argv[1], "algorithm")) {
+        return process_unsigned(TYPE_ALGORITHM, (psa_algorithm_t) (-1),
+                                argv + 2);
+    } else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) {
+        return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_curve_t) (-1),
+                                argv + 2);
+    } else if (!strcmp(argv[1], "group") || !strcmp(argv[1], "dh_group")) {
+        return process_unsigned(TYPE_DH_GROUP, (psa_dh_group_t) (-1),
+                                argv + 2);
+    } else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) {
+        return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1),
+                                argv + 2);
+    } else if (!strcmp(argv[1], "usage") || !strcmp(argv[1], "key_usage")) {
+        return process_unsigned(TYPE_KEY_USAGE, (psa_key_usage_t) (-1),
+                                argv + 2);
+    } else {
         printf("Unknown type: %s\n", argv[1]);
         return EXIT_FAILURE;
     }
-
-    puts(buffer);
-    return EXIT_SUCCESS;
 }
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index a1eb386..3b350ed 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -49,6 +50,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 5ade946..a50402f 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -52,6 +53,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 3fb3f01..ef888ff 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -50,6 +51,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 1e65633..f28a47d 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -34,12 +34,14 @@
 target_link_libraries(ssl_client1 ${libs})
 
 add_executable(ssl_client2 ssl_client2.c)
+target_sources(ssl_client2 PUBLIC ../test/query_config.c)
 target_link_libraries(ssl_client2 ${libs})
 
 add_executable(ssl_server ssl_server.c)
 target_link_libraries(ssl_server ${libs})
 
 add_executable(ssl_server2 ssl_server2.c)
+target_sources(ssl_server2 PUBLIC ../test/query_config.c)
 target_link_libraries(ssl_server2 ${libs})
 
 add_executable(ssl_fork_server ssl_fork_server.c)
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index c29ab34..90db06c 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -31,6 +31,9 @@
 #include <stdio.h>
 #define mbedtls_printf     printf
 #define mbedtls_fprintf    fprintf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif
 
 #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ||    \
@@ -79,6 +82,18 @@
 
 #define DEBUG_LEVEL 0
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 static void my_debug( void *ctx, int level,
                       const char *file, int line,
                       const char *str )
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index b4ad6b5..dd21fbf 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -32,6 +32,9 @@
 #define mbedtls_printf     printf
 #define mbedtls_fprintf    fprintf
 #define mbedtls_time_t     time_t
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif
 
 /* Uncomment out the following line to default to IPv4 and disable IPv6 */
@@ -88,6 +91,18 @@
 #define READ_TIMEOUT_MS 10000   /* 5 seconds */
 #define DEBUG_LEVEL 0
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 static void my_debug( void *ctx, int level,
                       const char *file, int line,
                       const char *str )
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 290455e..ff36128 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -26,6 +26,17 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif
+
 /*
  * We're creating and connecting the socket "manually" rather than using the
  * NET module, in order to avoid the overhead of getaddrinfo() which tends to
@@ -44,13 +55,6 @@
     !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
     !defined(UNIX)
 
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif
-
 int main( void )
 {
     mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
@@ -60,12 +64,6 @@
 }
 #else
 
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#endif
-
 #include <string.h>
 
 #include "mbedtls/net_sockets.h"
@@ -168,6 +166,18 @@
     ssl_write_failed,
 };
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( void )
 {
     int ret = exit_ok;
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index bf7c013..646909f 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -34,6 +34,7 @@
 #define mbedtls_time_t          time_t
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -70,6 +71,18 @@
 
 #define DEBUG_LEVEL 1
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 static void my_debug( void *ctx, int level,
                       const char *file, int line,
                       const char *str )
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a98a3a2..f7e2459 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -35,6 +35,9 @@
 #define mbedtls_printf     printf
 #define mbedtls_fprintf    fprintf
 #define mbedtls_snprintf   snprintf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif
 
 #if !defined(MBEDTLS_ENTROPY_C) || \
@@ -339,11 +342,27 @@
     "                        options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
     "\n"                                                    \
     "    force_ciphersuite=<name>    default: all enabled\n"\
+    "    query_config=<name>         return 0 if the specified\n"       \
+    "                                configuration macro is defined and 1\n"  \
+    "                                otherwise. The expansion of the macro\n" \
+    "                                is printed if it is defined\n"     \
     " acceptable ciphersuite names:\n"
 
 #define ALPN_LIST_SIZE  10
 #define CURVE_LIST_SIZE 20
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
@@ -402,6 +421,8 @@
     int etm;                    /* negotiate encrypt then mac?              */
 } opt;
 
+int query_config( const char *config );
+
 static void my_debug( void *ctx, int level,
                       const char *file, int line,
                       const char *str )
@@ -457,6 +478,8 @@
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+static unsigned char peer_crt_info[1024];
+
 /*
  * Enabled if debug_level > 1 in code below
  */
@@ -466,8 +489,14 @@
     char buf[1024];
     ((void) data);
 
-    mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
     mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
+    if( depth == 0 )
+        memcpy( peer_crt_info, buf, sizeof( buf ) );
+
+    if( opt.debug_level == 0 )
+        return( 0 );
+
+    mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
     mbedtls_printf( "%s", buf );
 
     if ( ( *flags ) == 0 )
@@ -571,7 +600,7 @@
     const char *pers = "ssl_client2";
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_slot_t slot = 0;
+    psa_key_handle_t slot = 0;
     psa_algorithm_t alg = 0;
     psa_key_policy_t policy;
     psa_status_t status;
@@ -594,7 +623,7 @@
     mbedtls_x509_crt clicert;
     mbedtls_pk_context pkey;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_slot_t key_slot = 0; /* invalid key slot */
+    psa_key_handle_t key_slot = 0; /* invalid key slot */
 #endif
 #endif
     char *p, *q;
@@ -1044,6 +1073,10 @@
             if( opt.dhmlen < 0 )
                 goto usage;
         }
+        else if( strcmp( p, "query_config" ) == 0 )
+        {
+            return query_config( q );
+        }
         else
             goto usage;
     }
@@ -1478,8 +1511,8 @@
         mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
     }
 
-    if( opt.debug_level > 0 )
-        mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+    mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+    memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     if( opt.auth_mode != DFL_AUTH_MODE )
@@ -1594,14 +1627,14 @@
     if( opt.psk_opaque != 0 )
     {
         /* The algorithm has already been determined earlier. */
-        status = mbedtls_psa_get_free_key_slot( &slot );
+        status = psa_allocate_key( &slot );
         if( status != PSA_SUCCESS )
         {
             ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             goto exit;
         }
 
-        psa_key_policy_init( &policy );
+        policy = psa_key_policy_init();
         psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
 
         status = psa_set_key_policy( slot, &policy );
@@ -1808,13 +1841,8 @@
     else
         mbedtls_printf( " ok\n" );
 
-    if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
-    {
-        mbedtls_printf( "  . Peer certificate information    ...\n" );
-        mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, "      ",
-                       mbedtls_ssl_get_peer_cert( &ssl ) );
-        mbedtls_printf( "%s\n", buf );
-    }
+    mbedtls_printf( "  . Peer certificate information    ...\n" );
+    mbedtls_printf( "%s\n", peer_crt_info );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -2119,6 +2147,10 @@
         mbedtls_printf( "  . Restarting connection from same port..." );
         fflush( stdout );
 
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
             mbedtls_printf( " failed\n  ! mbedtls_ssl_session_reset returned -0x%x\n\n",
@@ -2190,6 +2222,10 @@
 
         mbedtls_printf( "  . Reconnecting with saved session..." );
 
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
             mbedtls_printf( " failed\n  ! mbedtls_ssl_session_reset returned -0x%x\n\n",
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 1c3a806..b6f1cc4 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -33,6 +33,7 @@
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
 #define mbedtls_time_t          time_t
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -86,6 +87,18 @@
 
 #define DEBUG_LEVEL 0
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 static void my_debug( void *ctx, int level,
                       const char *file, int line,
                       const char *str )
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 16cedfe..bbe4c70 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -39,6 +39,7 @@
 #define mbedtls_time_t          time_t
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -141,6 +142,18 @@
     "    force_ciphersuite=<name>    default: all enabled\n"\
     " acceptable ciphersuite names:\n"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9a05ad8..b502695 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -30,9 +30,13 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
+#include <stdlib.h>
 #define mbedtls_fprintf    fprintf
 #define mbedtls_printf     printf
 #define mbedtls_snprintf   snprintf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) ||            \
@@ -77,6 +81,18 @@
 #include "mbedtls/memory_buffer_alloc.h"
 #endif
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 #define HTTP_RESPONSE \
     "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
     "<h2>mbed TLS Test Server</h2>\r\n" \
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index dcdafbb..1852b2b 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -34,6 +34,9 @@
 #define mbedtls_time_t     time_t
 #define mbedtls_fprintf    fprintf
 #define mbedtls_printf     printf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) ||    \
@@ -80,6 +83,18 @@
 
 #define DEBUG_LEVEL 0
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 static void my_debug( void *ctx, int level,
                       const char *file, int line,
                       const char *str )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 534a3f3..7858db3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -36,6 +36,9 @@
 #define mbedtls_calloc    calloc
 #define mbedtls_fprintf    fprintf
 #define mbedtls_printf     printf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif
 
 #if !defined(MBEDTLS_ENTROPY_C) || \
@@ -228,11 +231,12 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 #define USAGE_PSK_RAW                                               \
-    "    psk=%%s              default: \"\" (in hex, without 0x)\n" \
-    "    psk_identity=%%s     default: \"Client_identity\"\n"       \
+    "    psk=%%s              default: \"\" (in hex, without 0x)\n"     \
     "    psk_list=%%s         default: \"\"\n"                          \
-    "                          A list of (PSK identity, PSK value) pairs in (hex format, without 0x)\n" \
-    "                          id1,psk1[,id2,psk2[,...]]\n"
+    "                          A list of (PSK identity, PSK value) pairs.\n" \
+    "                          The PSK values are in hex, without 0x.\n" \
+    "                          id1,psk1[,id2,psk2[,...]]\n"             \
+    "    psk_identity=%%s     default: \"Client_identity\"\n"
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_PSK_SLOT                          \
     "    psk_opaque=%%d       default: 0 (don't use opaque static PSK)\n"     \
@@ -442,6 +446,10 @@
     "                                in order from ssl3 to tls1_2\n"    \
     "                                default: all enabled\n"            \
     "    force_ciphersuite=<name>    default: all enabled\n"            \
+    "    query_config=<name>         return 0 if the specified\n"       \
+    "                                configuration macro is defined and 1\n"  \
+    "                                otherwise. The expansion of the macro\n" \
+    "                                is printed if it is defined\n"     \
     " acceptable ciphersuite names:\n"
 
 
@@ -460,6 +468,18 @@
     (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0  ) & 0xFF );    \
 }
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
@@ -527,6 +547,8 @@
     int badmac_limit;           /* Limit of records with bad MAC            */
 } opt;
 
+int query_config( const char *config );
+
 static void my_debug( void *ctx, int level,
                       const char *file, int line,
                       const char *str )
@@ -806,7 +828,7 @@
     size_t key_len;
     unsigned char key[MBEDTLS_PSK_MAX_LEN];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_slot_t slot;
+    psa_key_handle_t slot;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     psk_entry *next;
 };
@@ -822,7 +844,7 @@
     {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status;
-        psa_key_slot_t const slot = head->slot;
+        psa_key_handle_t const slot = head->slot;
 
         if( slot != 0 )
         {
@@ -1231,7 +1253,7 @@
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static psa_status_t psa_setup_psk_key_slot( psa_key_slot_t slot,
+static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t slot,
                                             psa_algorithm_t alg,
                                             unsigned char *psk,
                                             size_t psk_len )
@@ -1239,7 +1261,7 @@
     psa_status_t status;
     psa_key_policy_t policy;
 
-    psa_key_policy_init( &policy );
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
 
     status = psa_set_key_policy( slot, &policy );
@@ -1268,7 +1290,7 @@
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_algorithm_t alg = 0;
-    psa_key_slot_t psk_slot = 0;
+    psa_key_handle_t psk_slot = 0;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     unsigned char psk[MBEDTLS_PSK_MAX_LEN];
     size_t psk_len = 0;
@@ -1855,6 +1877,10 @@
         {
             opt.sni = q;
         }
+        else if( strcmp( p, "query_config" ) == 0 )
+        {
+            return query_config( q );
+        }
         else
             goto usage;
     }
@@ -2667,7 +2693,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         if( opt.psk_opaque != 0 )
         {
-            status = mbedtls_psa_get_free_key_slot( &psk_slot );
+            status = psa_allocate_key( &psk_slot );
             if( status != PSA_SUCCESS )
             {
                 fprintf( stderr, "ALLOC FAIL\n" );
@@ -2711,7 +2737,7 @@
             psk_entry *cur_psk;
             for( cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next )
             {
-                status = mbedtls_psa_get_free_key_slot( &cur_psk->slot );
+                status = psa_allocate_key( &cur_psk->slot );
                 if( status != PSA_SUCCESS )
                 {
                     ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 9ca0cb2..0c92825 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -30,6 +30,10 @@
 add_executable(zeroize zeroize.c)
 target_link_libraries(zeroize ${libs})
 
-install(TARGETS selftest benchmark ssl_cert_test udp_proxy
+add_executable(query_compile_time_config query_compile_time_config.c)
+target_sources(query_compile_time_config PUBLIC query_config.c)
+target_link_libraries(query_compile_time_config ${libs})
+
+install(TARGETS selftest benchmark ssl_cert_test udp_proxy query_compile_time_config
         DESTINATION "bin"
         PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index e7d29c3..8d7ecf7 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -29,10 +29,14 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
+#include <stdlib.h>
 #define mbedtls_exit       exit
 #define mbedtls_printf     printf
 #define mbedtls_snprintf   snprintf
 #define mbedtls_free       free
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif
 
 #if !defined(MBEDTLS_TIMING_C)
@@ -254,6 +258,18 @@
          rsa, dhm, ecdsa, ecdh;
 } todo_list;
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     int i;
@@ -862,7 +878,7 @@
     }
 #endif
 
-#if defined(MBEDTLS_ECDH_C)
+#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
     if( todo.ecdh )
     {
         mbedtls_ecdh_context ecdh;
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index c652884..f943317 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -45,7 +45,6 @@
 #include "mbedtls/cipher.h"
 #include "mbedtls/cipher_internal.h"
 #include "mbedtls/cmac.h"
-#include "mbedtls/compat-1.3.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/des.h"
@@ -96,10 +95,6 @@
 #include "mbedtls/threading.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/version.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_csr.h"
 #include "mbedtls/xtea.h"
 
 #if defined(MBEDTLS_PLATFORM_C)
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
new file mode 100644
index 0000000..17becf2
--- /dev/null
+++ b/programs/test/query_compile_time_config.c
@@ -0,0 +1,56 @@
+/*
+ *  Query the Mbed TLS compile time configuration
+ *
+ *  Copyright (C) 2018, Arm Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf       printf
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#define USAGE                                                                \
+    "usage: %s <MBEDTLS_CONFIG>\n\n"                                         \
+    "This program takes one command line argument which corresponds to\n"    \
+    "the string representation of a Mbed TLS compile time configuration.\n"  \
+    "The value 0 will be returned if this configuration is defined in the\n" \
+    "Mbed TLS build and the macro expansion of that configuration will be\n" \
+    "printed (if any). Otherwise, 1 will be returned.\n"
+
+int query_config( const char *config );
+
+int main( int argc, char *argv[] )
+{
+    if ( argc != 2 )
+    {
+        mbedtls_printf( USAGE, argv[0] );
+        return( MBEDTLS_EXIT_FAILURE );
+    }
+
+    return( query_config( argv[1] ) );
+}
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
new file mode 100644
index 0000000..83efc3b
--- /dev/null
+++ b/programs/test/query_config.c
@@ -0,0 +1,2603 @@
+/*
+ *  Query Mbed TLS compile time configurations from config.h
+ *
+ *  Copyright (C) 2018, Arm Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+
+/*
+ * Include all the headers with public APIs in case they define a macro to its
+ * default value when that configuration is not set in the config.h.
+ */
+#include "mbedtls/aes.h"
+#include "mbedtls/aesni.h"
+#include "mbedtls/arc4.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/blowfish.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/des.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/havege.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/memory_buffer_alloc.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/nist_kw.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/padlock.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pkcs11.h"
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/platform_time.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_internal.h"
+#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/threading.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/version.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/xtea.h"
+
+#include <string.h>
+
+/*
+ * Helper macros to convert a macro or its expansion into a string
+ * WARNING: This does not work for expanding function-like macros. However,
+ * Mbed TLS does not currently have configuration options used in this fashion.
+ */
+#define MACRO_EXPANSION_TO_STR(macro)   MACRO_NAME_TO_STR(macro)
+#define MACRO_NAME_TO_STR(macro)                                        \
+    mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" )
+
+#if defined(_MSC_VER)
+/*
+ * Visual Studio throws the warning 4003 because many Mbed TLS feature macros
+ * are defined empty. This means that from the preprocessor's point of view
+ * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as
+ * some macros expand to nothing. We suppress that specific warning to get a
+ * clean build and to ensure that tests treating warnings as errors do not
+ * fail.
+ */
+#pragma warning(push)
+#pragma warning(disable:4003)
+#endif /* _MSC_VER */
+
+int query_config( const char *config )
+{
+#if defined(MBEDTLS_HAVE_ASM)
+    if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_ASM );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if defined(MBEDTLS_NO_UDBL_DIVISION)
+    if( strcmp( "MBEDTLS_NO_UDBL_DIVISION", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_NO_UDBL_DIVISION );
+        return( 0 );
+    }
+#endif /* MBEDTLS_NO_UDBL_DIVISION */
+
+#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
+    if( strcmp( "MBEDTLS_NO_64BIT_MULTIPLICATION", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_NO_64BIT_MULTIPLICATION );
+        return( 0 );
+    }
+#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */
+
+#if defined(MBEDTLS_HAVE_SSE2)
+    if( strcmp( "MBEDTLS_HAVE_SSE2", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_SSE2 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HAVE_SSE2 */
+
+#if defined(MBEDTLS_HAVE_TIME)
+    if( strcmp( "MBEDTLS_HAVE_TIME", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HAVE_TIME */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+    if( strcmp( "MBEDTLS_HAVE_TIME_DATE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME_DATE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+    if( strcmp( "MBEDTLS_PLATFORM_MEMORY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_MEMORY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_MEMORY */
+
+#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+    if( strcmp( "MBEDTLS_PLATFORM_NO_STD_FUNCTIONS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NO_STD_FUNCTIONS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_EXIT_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_TIME_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_PRINTF_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+    if( strcmp( "MBEDTLS_DEPRECATED_WARNING", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_WARNING );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+    if( strcmp( "MBEDTLS_DEPRECATED_REMOVED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_REMOVED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+    if( strcmp( "MBEDTLS_CHECK_PARAMS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CHECK_PARAMS */
+
+#if defined(MBEDTLS_TIMING_ALT)
+    if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_TIMING_ALT */
+
+#if defined(MBEDTLS_AES_ALT)
+    if( strcmp( "MBEDTLS_AES_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_ALT */
+
+#if defined(MBEDTLS_ARC4_ALT)
+    if( strcmp( "MBEDTLS_ARC4_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ARC4_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ARC4_ALT */
+
+#if defined(MBEDTLS_ARIA_ALT)
+    if( strcmp( "MBEDTLS_ARIA_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ARIA_ALT */
+
+#if defined(MBEDTLS_BLOWFISH_ALT)
+    if( strcmp( "MBEDTLS_BLOWFISH_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_BLOWFISH_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_BLOWFISH_ALT */
+
+#if defined(MBEDTLS_CAMELLIA_ALT)
+    if( strcmp( "MBEDTLS_CAMELLIA_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#if defined(MBEDTLS_CCM_ALT)
+    if( strcmp( "MBEDTLS_CCM_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CCM_ALT */
+
+#if defined(MBEDTLS_CHACHA20_ALT)
+    if( strcmp( "MBEDTLS_CHACHA20_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CHACHA20_ALT */
+
+#if defined(MBEDTLS_CHACHAPOLY_ALT)
+    if( strcmp( "MBEDTLS_CHACHAPOLY_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CHACHAPOLY_ALT */
+
+#if defined(MBEDTLS_CMAC_ALT)
+    if( strcmp( "MBEDTLS_CMAC_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CMAC_ALT */
+
+#if defined(MBEDTLS_DES_ALT)
+    if( strcmp( "MBEDTLS_DES_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DES_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DES_ALT */
+
+#if defined(MBEDTLS_DHM_ALT)
+    if( strcmp( "MBEDTLS_DHM_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DHM_ALT */
+
+#if defined(MBEDTLS_ECJPAKE_ALT)
+    if( strcmp( "MBEDTLS_ECJPAKE_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECJPAKE_ALT */
+
+#if defined(MBEDTLS_GCM_ALT)
+    if( strcmp( "MBEDTLS_GCM_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_GCM_ALT */
+
+#if defined(MBEDTLS_NIST_KW_ALT)
+    if( strcmp( "MBEDTLS_NIST_KW_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_NIST_KW_ALT */
+
+#if defined(MBEDTLS_MD2_ALT)
+    if( strcmp( "MBEDTLS_MD2_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD2_ALT */
+
+#if defined(MBEDTLS_MD4_ALT)
+    if( strcmp( "MBEDTLS_MD4_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD4_ALT */
+
+#if defined(MBEDTLS_MD5_ALT)
+    if( strcmp( "MBEDTLS_MD5_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD5_ALT */
+
+#if defined(MBEDTLS_POLY1305_ALT)
+    if( strcmp( "MBEDTLS_POLY1305_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_POLY1305_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_ALT)
+    if( strcmp( "MBEDTLS_RIPEMD160_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
+#if defined(MBEDTLS_RSA_ALT)
+    if( strcmp( "MBEDTLS_RSA_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_RSA_ALT */
+
+#if defined(MBEDTLS_SHA1_ALT)
+    if( strcmp( "MBEDTLS_SHA1_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA1_ALT */
+
+#if defined(MBEDTLS_SHA256_ALT)
+    if( strcmp( "MBEDTLS_SHA256_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA256_ALT */
+
+#if defined(MBEDTLS_SHA512_ALT)
+    if( strcmp( "MBEDTLS_SHA512_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA512_ALT */
+
+#if defined(MBEDTLS_XTEA_ALT)
+    if( strcmp( "MBEDTLS_XTEA_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_XTEA_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_XTEA_ALT */
+
+#if defined(MBEDTLS_ECP_ALT)
+    if( strcmp( "MBEDTLS_ECP_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_ALT */
+
+#if defined(MBEDTLS_MD2_PROCESS_ALT)
+    if( strcmp( "MBEDTLS_MD2_PROCESS_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_PROCESS_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD2_PROCESS_ALT */
+
+#if defined(MBEDTLS_MD4_PROCESS_ALT)
+    if( strcmp( "MBEDTLS_MD4_PROCESS_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_PROCESS_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD4_PROCESS_ALT */
+
+#if defined(MBEDTLS_MD5_PROCESS_ALT)
+    if( strcmp( "MBEDTLS_MD5_PROCESS_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_PROCESS_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD5_PROCESS_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
+    if( strcmp( "MBEDTLS_RIPEMD160_PROCESS_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_PROCESS_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA1_PROCESS_ALT)
+    if( strcmp( "MBEDTLS_SHA1_PROCESS_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_PROCESS_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA1_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA256_PROCESS_ALT)
+    if( strcmp( "MBEDTLS_SHA256_PROCESS_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_PROCESS_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA256_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA512_PROCESS_ALT)
+    if( strcmp( "MBEDTLS_SHA512_PROCESS_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_PROCESS_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA512_PROCESS_ALT */
+
+#if defined(MBEDTLS_DES_SETKEY_ALT)
+    if( strcmp( "MBEDTLS_DES_SETKEY_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DES_SETKEY_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DES_SETKEY_ALT */
+
+#if defined(MBEDTLS_DES_CRYPT_ECB_ALT)
+    if( strcmp( "MBEDTLS_DES_CRYPT_ECB_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DES_CRYPT_ECB_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
+    if( strcmp( "MBEDTLS_DES3_CRYPT_ECB_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DES3_CRYPT_ECB_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
+    if( strcmp( "MBEDTLS_AES_SETKEY_ENC_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_ENC_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+    if( strcmp( "MBEDTLS_AES_SETKEY_DEC_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_DEC_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
+
+#if defined(MBEDTLS_AES_ENCRYPT_ALT)
+    if( strcmp( "MBEDTLS_AES_ENCRYPT_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ENCRYPT_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_ENCRYPT_ALT */
+
+#if defined(MBEDTLS_AES_DECRYPT_ALT)
+    if( strcmp( "MBEDTLS_AES_DECRYPT_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_DECRYPT_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_DECRYPT_ALT */
+
+#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
+    if( strcmp( "MBEDTLS_ECDH_GEN_PUBLIC_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_GEN_PUBLIC_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
+
+#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
+    if( strcmp( "MBEDTLS_ECDH_COMPUTE_SHARED_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_COMPUTE_SHARED_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
+
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
+    if( strcmp( "MBEDTLS_ECDSA_VERIFY_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_VERIFY_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+    if( strcmp( "MBEDTLS_ECDSA_SIGN_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_SIGN_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+
+#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
+    if( strcmp( "MBEDTLS_ECDSA_GENKEY_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_GENKEY_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+    if( strcmp( "MBEDTLS_ECP_INTERNAL_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_INTERNAL_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
+    if( strcmp( "MBEDTLS_ECP_RANDOMIZE_JAC_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_JAC_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
+    if( strcmp( "MBEDTLS_ECP_ADD_MIXED_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ADD_MIXED_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
+    if( strcmp( "MBEDTLS_ECP_DOUBLE_JAC_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_JAC_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
+    if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
+    if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
+    if( strcmp( "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
+    if( strcmp( "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_MXZ_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
+    if( strcmp( "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_MXZ_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+    if( strcmp( "MBEDTLS_TEST_NULL_ENTROPY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_NULL_ENTROPY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_TEST_NULL_ENTROPY */
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+    if( strcmp( "MBEDTLS_ENTROPY_HARDWARE_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_HARDWARE_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+
+#if defined(MBEDTLS_AES_ROM_TABLES)
+    if( strcmp( "MBEDTLS_AES_ROM_TABLES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ROM_TABLES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_ROM_TABLES */
+
+#if defined(MBEDTLS_AES_FEWER_TABLES)
+    if( strcmp( "MBEDTLS_AES_FEWER_TABLES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_FEWER_TABLES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_FEWER_TABLES */
+
+#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
+    if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_SMALL_MEMORY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    if( strcmp( "MBEDTLS_CIPHER_MODE_CBC", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CBC );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    if( strcmp( "MBEDTLS_CIPHER_MODE_CFB", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CFB );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    if( strcmp( "MBEDTLS_CIPHER_MODE_CTR", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CTR );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    if( strcmp( "MBEDTLS_CIPHER_MODE_OFB", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_OFB );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_OFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    if( strcmp( "MBEDTLS_CIPHER_MODE_XTS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_XTS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+    if( strcmp( "MBEDTLS_CIPHER_NULL_CIPHER", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_NULL_CIPHER );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+    if( strcmp( "MBEDTLS_CIPHER_PADDING_PKCS7", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_PKCS7 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
+    if( strcmp( "MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
+    if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
+    if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+
+#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
+    if( strcmp( "MBEDTLS_ENABLE_WEAK_CIPHERSUITES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENABLE_WEAK_CIPHERSUITES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
+
+#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
+    if( strcmp( "MBEDTLS_REMOVE_ARC4_CIPHERSUITES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_REMOVE_ARC4_CIPHERSUITES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
+
+#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
+    if( strcmp( "MBEDTLS_REMOVE_3DES_CIPHERSUITES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_REMOVE_3DES_CIPHERSUITES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP224R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP256R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP384R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP384R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP521R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP521R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP192K1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192K1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP224K1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224K1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_SECP256K1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256K1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_BP256R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP256R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_BP384R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP384R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_BP512R1_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP512R1_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_CURVE25519_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE25519_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+    if( strcmp( "MBEDTLS_ECP_DP_CURVE448_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE448_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+    if( strcmp( "MBEDTLS_ECP_NIST_OPTIM", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NIST_OPTIM );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_NIST_OPTIM */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    if( strcmp( "MBEDTLS_ECP_RESTARTABLE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RESTARTABLE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+    if( strcmp( "MBEDTLS_ECDH_LEGACY_CONTEXT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_LEGACY_CONTEXT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+    if( strcmp( "MBEDTLS_ECDSA_DETERMINISTIC", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_DETERMINISTIC );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_PSK_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+    if( strcmp( "MBEDTLS_PK_PARSE_EC_EXTENDED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_EC_EXTENDED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+
+#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+    if( strcmp( "MBEDTLS_ERROR_STRERROR_DUMMY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_STRERROR_DUMMY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
+
+#if defined(MBEDTLS_GENPRIME)
+    if( strcmp( "MBEDTLS_GENPRIME", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_GENPRIME );
+        return( 0 );
+    }
+#endif /* MBEDTLS_GENPRIME */
+
+#if defined(MBEDTLS_FS_IO)
+    if( strcmp( "MBEDTLS_FS_IO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_FS_IO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+    if( strcmp( "MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
+
+#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+    if( strcmp( "MBEDTLS_NO_PLATFORM_ENTROPY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_NO_PLATFORM_ENTROPY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */
+
+#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+    if( strcmp( "MBEDTLS_ENTROPY_FORCE_SHA256", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_FORCE_SHA256 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+    if( strcmp( "MBEDTLS_ENTROPY_NV_SEED", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_NV_SEED );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
+    if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+    if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_DEBUG );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    if( strcmp( "MBEDTLS_MEMORY_BACKTRACE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BACKTRACE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MEMORY_BACKTRACE */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+    if( strcmp( "MBEDTLS_PK_RSA_ALT_SUPPORT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PK_RSA_ALT_SUPPORT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+#if defined(MBEDTLS_PKCS1_V15)
+    if( strcmp( "MBEDTLS_PKCS1_V15", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V15 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PKCS1_V15 */
+
+#if defined(MBEDTLS_PKCS1_V21)
+    if( strcmp( "MBEDTLS_PKCS1_V21", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V21 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+    if( strcmp( "MBEDTLS_PSA_CRYPTO_SPM", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SPM );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_SPM */
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+    if( strcmp( "MBEDTLS_PSA_INJECT_ENTROPY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_INJECT_ENTROPY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+#if defined(MBEDTLS_RSA_NO_CRT)
+    if( strcmp( "MBEDTLS_RSA_NO_CRT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_NO_CRT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_RSA_NO_CRT */
+
+#if defined(MBEDTLS_SELF_TEST)
+    if( strcmp( "MBEDTLS_SELF_TEST", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SELF_TEST );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SELF_TEST */
+
+#if defined(MBEDTLS_SHA256_SMALLER)
+    if( strcmp( "MBEDTLS_SHA256_SMALLER", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_SMALLER );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA256_SMALLER */
+
+#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
+    if( strcmp( "MBEDTLS_SSL_ALL_ALERT_MESSAGES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALL_ALERT_MESSAGES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+    if( strcmp( "MBEDTLS_SSL_ASYNC_PRIVATE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ASYNC_PRIVATE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+    if( strcmp( "MBEDTLS_SSL_DEBUG_ALL", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DEBUG_ALL );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_DEBUG_ALL */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    if( strcmp( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ENCRYPT_THEN_MAC );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    if( strcmp( "MBEDTLS_SSL_EXTENDED_MASTER_SECRET", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EXTENDED_MASTER_SECRET );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+    if( strcmp( "MBEDTLS_SSL_FALLBACK_SCSV", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_FALLBACK_SCSV );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    if( strcmp( "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_KEEP_PEER_CERTIFICATE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( strcmp( "MBEDTLS_SSL_HW_RECORD_ACCEL", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_HW_RECORD_ACCEL );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    if( strcmp( "MBEDTLS_SSL_CBC_RECORD_SPLITTING", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CBC_RECORD_SPLITTING );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( strcmp( "MBEDTLS_SSL_RENEGOTIATION", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RENEGOTIATION );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+    if( strcmp( "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
+
+#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
+    if( strcmp( "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    if( strcmp( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_FRAGMENT_LENGTH );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    if( strcmp( "MBEDTLS_SSL_PROTO_SSL3", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_SSL3 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+    if( strcmp( "MBEDTLS_SSL_PROTO_TLS1", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+    if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_1", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_1 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_2", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_2 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( strcmp( "MBEDTLS_SSL_PROTO_DTLS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_DTLS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+    if( strcmp( "MBEDTLS_SSL_ALPN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALPN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    if( strcmp( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_ANTI_REPLAY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+    if( strcmp( "MBEDTLS_SSL_DTLS_HELLO_VERIFY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_HELLO_VERIFY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
+    if( strcmp( "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    if( strcmp( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_BADMAC_LIMIT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    if( strcmp( "MBEDTLS_SSL_SESSION_TICKETS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_TICKETS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EXPORT_KEYS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( strcmp( "MBEDTLS_SSL_SERVER_NAME_INDICATION", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SERVER_NAME_INDICATION );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    if( strcmp( "MBEDTLS_SSL_TRUNCATED_HMAC", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRUNCATED_HMAC );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
+    if( strcmp( "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
+
+#if defined(MBEDTLS_THREADING_ALT)
+    if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_THREADING_ALT */
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+    if( strcmp( "MBEDTLS_THREADING_PTHREAD", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_PTHREAD );
+        return( 0 );
+    }
+#endif /* MBEDTLS_THREADING_PTHREAD */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( strcmp( "MBEDTLS_USE_PSA_CRYPTO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_USE_PSA_CRYPTO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_VERSION_FEATURES)
+    if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_FEATURES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_VERSION_FEATURES */
+
+#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
+    if( strcmp( "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */
+
+#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+    if( strcmp( "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+    if( strcmp( "MBEDTLS_X509_CHECK_KEY_USAGE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_KEY_USAGE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
+
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+    if( strcmp( "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_RSASSA_PSS_SUPPORT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    if( strcmp( "MBEDTLS_ZLIB_SUPPORT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ZLIB_SUPPORT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ZLIB_SUPPORT */
+
+#if defined(MBEDTLS_AESNI_C)
+    if( strcmp( "MBEDTLS_AESNI_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AESNI_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AESNI_C */
+
+#if defined(MBEDTLS_AES_C)
+    if( strcmp( "MBEDTLS_AES_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+    if( strcmp( "MBEDTLS_ARC4_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ARC4_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+    if( strcmp( "MBEDTLS_ASN1_PARSE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_PARSE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+#if defined(MBEDTLS_ASN1_WRITE_C)
+    if( strcmp( "MBEDTLS_ASN1_WRITE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_WRITE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ASN1_WRITE_C */
+
+#if defined(MBEDTLS_BASE64_C)
+    if( strcmp( "MBEDTLS_BASE64_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_BASE64_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_BASE64_C */
+
+#if defined(MBEDTLS_BIGNUM_C)
+    if( strcmp( "MBEDTLS_BIGNUM_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_BIGNUM_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_BLOWFISH_C)
+    if( strcmp( "MBEDTLS_BLOWFISH_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_BLOWFISH_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_BLOWFISH_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+    if( strcmp( "MBEDTLS_CAMELLIA_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_ARIA_C)
+    if( strcmp( "MBEDTLS_ARIA_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ARIA_C */
+
+#if defined(MBEDTLS_CCM_C)
+    if( strcmp( "MBEDTLS_CCM_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_CERTS_C)
+    if( strcmp( "MBEDTLS_CERTS_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CERTS_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CERTS_C */
+
+#if defined(MBEDTLS_CHACHA20_C)
+    if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CHACHA20_C */
+
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if( strcmp( "MBEDTLS_CHACHAPOLY_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
+#if defined(MBEDTLS_CIPHER_C)
+    if( strcmp( "MBEDTLS_CIPHER_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_CMAC_C)
+    if( strcmp( "MBEDTLS_CMAC_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CMAC_C */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+    if( strcmp( "MBEDTLS_CTR_DRBG_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CTR_DRBG_C */
+
+#if defined(MBEDTLS_DEBUG_C)
+    if( strcmp( "MBEDTLS_DEBUG_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DEBUG_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DEBUG_C */
+
+#if defined(MBEDTLS_DES_C)
+    if( strcmp( "MBEDTLS_DES_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DES_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_DHM_C)
+    if( strcmp( "MBEDTLS_DHM_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_DHM_C */
+
+#if defined(MBEDTLS_ECDH_C)
+    if( strcmp( "MBEDTLS_ECDH_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+    if( strcmp( "MBEDTLS_ECDSA_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_ECJPAKE_C)
+    if( strcmp( "MBEDTLS_ECJPAKE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECJPAKE_C */
+
+#if defined(MBEDTLS_ECP_C)
+    if( strcmp( "MBEDTLS_ECP_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_ENTROPY_C)
+    if( strcmp( "MBEDTLS_ENTROPY_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENTROPY_C */
+
+#if defined(MBEDTLS_ERROR_C)
+    if( strcmp( "MBEDTLS_ERROR_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ERROR_C */
+
+#if defined(MBEDTLS_GCM_C)
+    if( strcmp( "MBEDTLS_GCM_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_HAVEGE_C)
+    if( strcmp( "MBEDTLS_HAVEGE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HAVEGE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HAVEGE_C */
+
+#if defined(MBEDTLS_HKDF_C)
+    if( strcmp( "MBEDTLS_HKDF_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HKDF_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HKDF_C */
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+    if( strcmp( "MBEDTLS_HMAC_DRBG_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HMAC_DRBG_C */
+
+#if defined(MBEDTLS_NIST_KW_C)
+    if( strcmp( "MBEDTLS_NIST_KW_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_NIST_KW_C */
+
+#if defined(MBEDTLS_MD_C)
+    if( strcmp( "MBEDTLS_MD_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD2_C)
+    if( strcmp( "MBEDTLS_MD2_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD2_C */
+
+#if defined(MBEDTLS_MD4_C)
+    if( strcmp( "MBEDTLS_MD4_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD4_C */
+
+#if defined(MBEDTLS_MD5_C)
+    if( strcmp( "MBEDTLS_MD5_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MD5_C */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+    if( strcmp( "MBEDTLS_MEMORY_BUFFER_ALLOC_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BUFFER_ALLOC_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+
+#if defined(MBEDTLS_NET_C)
+    if( strcmp( "MBEDTLS_NET_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_NET_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_NET_C */
+
+#if defined(MBEDTLS_OID_C)
+    if( strcmp( "MBEDTLS_OID_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_OID_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_OID_C */
+
+#if defined(MBEDTLS_PADLOCK_C)
+    if( strcmp( "MBEDTLS_PADLOCK_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PADLOCK_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PADLOCK_C */
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+    if( strcmp( "MBEDTLS_PEM_PARSE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_PARSE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+    if( strcmp( "MBEDTLS_PEM_WRITE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_WRITE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#if defined(MBEDTLS_PK_C)
+    if( strcmp( "MBEDTLS_PK_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PK_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PK_C */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+    if( strcmp( "MBEDTLS_PK_PARSE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+    if( strcmp( "MBEDTLS_PK_WRITE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PK_WRITE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PK_WRITE_C */
+
+#if defined(MBEDTLS_PKCS5_C)
+    if( strcmp( "MBEDTLS_PKCS5_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS5_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PKCS5_C */
+
+#if defined(MBEDTLS_PKCS11_C)
+    if( strcmp( "MBEDTLS_PKCS11_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS11_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PKCS11_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+    if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS12_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PKCS12_C */
+
+#if defined(MBEDTLS_PLATFORM_C)
+    if( strcmp( "MBEDTLS_PLATFORM_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if defined(MBEDTLS_POLY1305_C)
+    if( strcmp( "MBEDTLS_POLY1305_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_POLY1305_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+    if( strcmp( "MBEDTLS_PSA_CRYPTO_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+    if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+    if( strcmp( "MBEDTLS_PSA_ITS_FILE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_ITS_FILE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
+
+#if defined(MBEDTLS_RIPEMD160_C)
+    if( strcmp( "MBEDTLS_RIPEMD160_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_RIPEMD160_C */
+
+#if defined(MBEDTLS_RSA_C)
+    if( strcmp( "MBEDTLS_RSA_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    if( strcmp( "MBEDTLS_SHA1_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA256_C)
+    if( strcmp( "MBEDTLS_SHA256_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    if( strcmp( "MBEDTLS_SHA512_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+    if( strcmp( "MBEDTLS_SSL_CACHE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CACHE_C */
+
+#if defined(MBEDTLS_SSL_COOKIE_C)
+    if( strcmp( "MBEDTLS_SSL_COOKIE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_COOKIE_C */
+
+#if defined(MBEDTLS_SSL_TICKET_C)
+    if( strcmp( "MBEDTLS_SSL_TICKET_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TICKET_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_TICKET_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( strcmp( "MBEDTLS_SSL_CLI_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CLI_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+    if( strcmp( "MBEDTLS_SSL_SRV_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_TLS_C)
+    if( strcmp( "MBEDTLS_SSL_TLS_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_TLS_C */
+
+#if defined(MBEDTLS_THREADING_C)
+    if( strcmp( "MBEDTLS_THREADING_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_THREADING_C */
+
+#if defined(MBEDTLS_TIMING_C)
+    if( strcmp( "MBEDTLS_TIMING_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_TIMING_C */
+
+#if defined(MBEDTLS_VERSION_C)
+    if( strcmp( "MBEDTLS_VERSION_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_VERSION_C */
+
+#if defined(MBEDTLS_X509_USE_C)
+    if( strcmp( "MBEDTLS_X509_USE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_USE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_USE_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if( strcmp( "MBEDTLS_X509_CRT_PARSE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_PARSE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+    if( strcmp( "MBEDTLS_X509_CRL_PARSE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRL_PARSE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+    if( strcmp( "MBEDTLS_X509_CSR_PARSE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_PARSE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+#if defined(MBEDTLS_X509_CREATE_C)
+    if( strcmp( "MBEDTLS_X509_CREATE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CREATE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CREATE_C */
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+    if( strcmp( "MBEDTLS_X509_CRT_WRITE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_WRITE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+    if( strcmp( "MBEDTLS_X509_CSR_WRITE_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_WRITE_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+#if defined(MBEDTLS_XTEA_C)
+    if( strcmp( "MBEDTLS_XTEA_C", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_XTEA_C );
+        return( 0 );
+    }
+#endif /* MBEDTLS_XTEA_C */
+
+#if defined(MBEDTLS_MPI_WINDOW_SIZE)
+    if( strcmp( "MBEDTLS_MPI_WINDOW_SIZE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_WINDOW_SIZE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MPI_WINDOW_SIZE */
+
+#if defined(MBEDTLS_MPI_MAX_SIZE)
+    if( strcmp( "MBEDTLS_MPI_MAX_SIZE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_MAX_SIZE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MPI_MAX_SIZE */
+
+#if defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+    if( strcmp( "MBEDTLS_CTR_DRBG_ENTROPY_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_ENTROPY_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CTR_DRBG_ENTROPY_LEN */
+
+#if defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+    if( strcmp( "MBEDTLS_CTR_DRBG_RESEED_INTERVAL", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_RESEED_INTERVAL );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CTR_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+    if( strcmp( "MBEDTLS_CTR_DRBG_MAX_INPUT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_INPUT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CTR_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+    if( strcmp( "MBEDTLS_CTR_DRBG_MAX_REQUEST", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_REQUEST );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CTR_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+    if( strcmp( "MBEDTLS_CTR_DRBG_MAX_SEED_INPUT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+    if( strcmp( "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_USE_128_BIT_KEY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
+
+#if defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+    if( strcmp( "MBEDTLS_HMAC_DRBG_RESEED_INTERVAL", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_RESEED_INTERVAL );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HMAC_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+    if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_INPUT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_INPUT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+    if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_REQUEST", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_REQUEST );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+    if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_ECP_MAX_BITS)
+    if( strcmp( "MBEDTLS_ECP_MAX_BITS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_MAX_BITS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_MAX_BITS */
+
+#if defined(MBEDTLS_ECP_WINDOW_SIZE)
+    if( strcmp( "MBEDTLS_ECP_WINDOW_SIZE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_WINDOW_SIZE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+    if( strcmp( "MBEDTLS_ECP_FIXED_POINT_OPTIM", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_FIXED_POINT_OPTIM );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+#if defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+    if( strcmp( "MBEDTLS_ENTROPY_MAX_SOURCES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_SOURCES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENTROPY_MAX_SOURCES */
+
+#if defined(MBEDTLS_ENTROPY_MAX_GATHER)
+    if( strcmp( "MBEDTLS_ENTROPY_MAX_GATHER", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_GATHER );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENTROPY_MAX_GATHER */
+
+#if defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
+    if( strcmp( "MBEDTLS_ENTROPY_MIN_HARDWARE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MIN_HARDWARE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_ENTROPY_MIN_HARDWARE */
+
+#if defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+    if( strcmp( "MBEDTLS_MEMORY_ALIGN_MULTIPLE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_ALIGN_MULTIPLE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_MEMORY_ALIGN_MULTIPLE */
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_MEM_HDR", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_MEM_HDR );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_MEM_HDR */
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_CALLOC", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_CALLOC );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_CALLOC */
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_FREE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FREE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_FREE */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT */
+
+#if defined(MBEDTLS_PLATFORM_STD_TIME)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_TIME", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_TIME );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_TIME */
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_FPRINTF", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FPRINTF );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_FPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_PRINTF", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_PRINTF );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_PRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_SNPRINTF", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_SNPRINTF );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_SNPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_SUCCESS", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_SUCCESS );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_SUCCESS */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_FAILURE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_FAILURE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_FAILURE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_READ", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_READ );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_READ */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_WRITE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
+    if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_FILE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_FILE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_FILE */
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_CALLOC_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_CALLOC_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_CALLOC_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_FREE_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FREE_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_EXIT_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_TIME_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_TIME_TYPE_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_TYPE_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_PRINTF_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_READ_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_READ_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
+    if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
+    if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
+    if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES */
+
+#if defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
+    if( strcmp( "MBEDTLS_SSL_MAX_CONTENT_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_CONTENT_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_MAX_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_IN_CONTENT_LEN)
+    if( strcmp( "MBEDTLS_SSL_IN_CONTENT_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_IN_CONTENT_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_IN_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
+    if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_OUT_CONTENT_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_OUT_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
+    if( strcmp( "MBEDTLS_SSL_DTLS_MAX_BUFFERING", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_MAX_BUFFERING );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_DTLS_MAX_BUFFERING */
+
+#if defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
+    if( strcmp( "MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME */
+
+#if defined(MBEDTLS_PSK_MAX_LEN)
+    if( strcmp( "MBEDTLS_PSK_MAX_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PSK_MAX_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PSK_MAX_LEN */
+
+#if defined(MBEDTLS_SSL_COOKIE_TIMEOUT)
+    if( strcmp( "MBEDTLS_SSL_COOKIE_TIMEOUT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_TIMEOUT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_COOKIE_TIMEOUT */
+
+#if defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
+    if( strcmp( "MBEDTLS_X509_MAX_INTERMEDIATE_CA", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_INTERMEDIATE_CA );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_MAX_INTERMEDIATE_CA */
+
+#if defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
+    if( strcmp( "MBEDTLS_X509_MAX_FILE_PATH_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_FILE_PATH_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
+
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
+    if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES );
+        return( 0 );
+    }
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES */
+
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+    if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE );
+        return( 0 );
+    }
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+    if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT );
+        return( 0 );
+    }
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+    /* If the symbol is not found, return an error */
+    return( 1 );
+}
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif /* _MSC_VER */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index f923a43..fac7e92 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -51,7 +51,6 @@
 #include "mbedtls/base64.h"
 #include "mbedtls/bignum.h"
 #include "mbedtls/rsa.h"
-#include "mbedtls/x509.h"
 #include "mbedtls/xtea.h"
 #include "mbedtls/pkcs5.h"
 #include "mbedtls/ecp.h"
@@ -77,6 +76,18 @@
 #include "mbedtls/memory_buffer_alloc.h"
 #endif
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
 {
     int ret;
@@ -233,9 +244,6 @@
 #if defined(MBEDTLS_RSA_C)
     {"rsa", mbedtls_rsa_self_test},
 #endif
-#if defined(MBEDTLS_X509_USE_C)
-    {"x509", mbedtls_x509_self_test},
-#endif
 #if defined(MBEDTLS_XTEA_C)
     {"xtea", mbedtls_xtea_self_test},
 #endif
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index fd3526f..fdf30ef 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -81,6 +82,18 @@
     "cert_digest.key"
 };
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 int main( void )
 {
     int ret = 1, i;
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 73a9fb5..0cc9d06 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -33,6 +33,7 @@
 #define mbedtls_free            free
 #define mbedtls_calloc          calloc
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -63,6 +64,19 @@
     return( 0 );
 }
 #else
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+#define mbedtls_exit            exit
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index c57ecca..38fbd51 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -34,6 +34,7 @@
 #define mbedtls_time_t          time_t
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -99,6 +100,18 @@
     "    permissive=%%d       default: 0 (disabled)\n"  \
     "\n"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#define mbedtls_exit            exit
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
@@ -454,9 +467,12 @@
         /*
          * 5. Print the certificate
          */
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+        mbedtls_printf( "  . Peer certificate information    ... skipped\n" );
+#else
         mbedtls_printf( "  . Peer certificate information    ...\n" );
         ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, "      ",
-                             ssl.session->peer_cert );
+                                     mbedtls_ssl_get_peer_cert( &ssl ) );
         if( ret == -1 )
         {
             mbedtls_printf( " failed\n  !  mbedtls_x509_crt_info returned %d\n\n", ret );
@@ -464,6 +480,7 @@
         }
 
         mbedtls_printf( "%s\n", buf );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
         mbedtls_ssl_close_notify( &ssl );
 
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 8c56287..d25ad4c 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -64,7 +65,9 @@
 #define DFL_OUTPUT_FILENAME     "cert.req"
 #define DFL_SUBJECT_NAME        "CN=Cert,O=mbed TLS,C=UK"
 #define DFL_KEY_USAGE           0
+#define DFL_FORCE_KEY_USAGE     0
 #define DFL_NS_CERT_TYPE        0
+#define DFL_FORCE_NS_CERT_TYPE  0
 #define DFL_MD_ALG              MBEDTLS_MD_SHA256
 
 #define USAGE \
@@ -84,6 +87,8 @@
     "                          key_agreement\n"         \
     "                          key_cert_sign\n"  \
     "                          crl_sign\n"              \
+    "    force_key_usage=0/1  default: off\n"           \
+    "                          Add KeyUsage even if it is empty\n"  \
     "    ns_cert_type=%%s     default: (empty)\n"       \
     "                        Comma-separated-list of values:\n"     \
     "                          ssl_client\n"            \
@@ -93,6 +98,8 @@
     "                          ssl_ca\n"                \
     "                          email_ca\n"              \
     "                          object_signing_ca\n"     \
+    "    force_ns_cert_type=0/1 default: off\n"         \
+    "                          Add NsCertType even if it is empty\n"    \
     "    md=%%s               default: SHA256\n"       \
     "                          possible values:\n"     \
     "                          MD4, MD5, SHA1\n"       \
@@ -100,6 +107,17 @@
     "                          SHA384, SHA512\n"       \
     "\n"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
@@ -111,7 +129,9 @@
     const char *output_file;    /* where to store the constructed key file  */
     const char *subject_name;   /* subject name for certificate request */
     unsigned char key_usage;    /* key usage flags                      */
+    int force_key_usage;        /* Force adding the KeyUsage extension  */
     unsigned char ns_cert_type; /* NS cert type                         */
+    int force_ns_cert_type;     /* Force adding NsCertType extension    */
     mbedtls_md_type_t md_alg;   /* Hash algorithm used for signature.   */
 } opt;
 
@@ -178,7 +198,9 @@
     opt.output_file         = DFL_OUTPUT_FILENAME;
     opt.subject_name        = DFL_SUBJECT_NAME;
     opt.key_usage           = DFL_KEY_USAGE;
+    opt.force_key_usage     = DFL_FORCE_KEY_USAGE;
     opt.ns_cert_type        = DFL_NS_CERT_TYPE;
+    opt.force_ns_cert_type  = DFL_FORCE_NS_CERT_TYPE;
     opt.md_alg              = DFL_MD_ALG;
 
     for( i = 1; i < argc; i++ )
@@ -280,6 +302,15 @@
                 q = r;
             }
         }
+        else if( strcmp( p, "force_key_usage" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0: opt.force_key_usage = 0; break;
+                case 1: opt.force_key_usage = 1; break;
+                default: goto usage;
+            }
+        }
         else if( strcmp( p, "ns_cert_type" ) == 0 )
         {
             while( q != NULL )
@@ -307,16 +338,25 @@
                 q = r;
             }
         }
+        else if( strcmp( p, "force_ns_cert_type" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0: opt.force_ns_cert_type = 0; break;
+                case 1: opt.force_ns_cert_type = 1; break;
+                default: goto usage;
+            }
+        }
         else
             goto usage;
     }
 
     mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
 
-    if( opt.key_usage )
+    if( opt.key_usage || opt.force_key_usage == 1 )
         mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
 
-    if( opt.ns_cert_type )
+    if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
         mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
 
     /*
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 3842ebc..cd39108 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -153,6 +154,18 @@
     "                            object_signing_ca\n"     \
     "\n"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#define mbedtls_exit            exit
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index f831683..a951570 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -60,6 +61,18 @@
     "    filename=%%s         default: crl.pem\n"      \
     "\n"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#define mbedtls_exit            exit
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 0f20c85..04ad119 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
+#define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -60,6 +61,18 @@
     "    filename=%%s         default: cert.req\n"      \
     "\n"
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#define mbedtls_exit            exit
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    mbedtls_printf( "%s:%i: Input param failed - %s\n",
+                    file, line, failure_condition );
+    mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+}
+#endif
+
 /*
  * global options
  */
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index 8f9cd0f..fe5dd3f 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -64,7 +64,7 @@
         )
         git_worktree_path = tempfile.mkdtemp()
         worktree_process = subprocess.Popen(
-            [self.git_command, "worktree", "add", git_worktree_path, git_rev],
+            [self.git_command, "worktree", "add", "--detach", git_worktree_path, git_rev],
             cwd=self.repo_path,
             stdout=subprocess.PIPE,
             stderr=subprocess.STDOUT
@@ -75,6 +75,18 @@
             raise Exception("Checking out worktree failed, aborting")
         return git_worktree_path
 
+    def update_git_submodules(self, git_worktree_path):
+        process = subprocess.Popen(
+            [self.git_command, "submodule", "update", "--init", '--recursive'],
+            cwd=git_worktree_path,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.STDOUT
+        )
+        output, _ = process.communicate()
+        self.log.info(output.decode("utf-8"))
+        if process.returncode != 0:
+            raise Exception("git submodule update failed, aborting")
+
     def build_shared_libraries(self, git_worktree_path):
         my_environment = os.environ.copy()
         my_environment["CFLAGS"] = "-g -Og"
@@ -131,6 +143,7 @@
 
     def get_abi_dump_for_ref(self, git_rev):
         git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev)
+        self.update_git_submodules(git_worktree_path)
         self.build_shared_libraries(git_worktree_path)
         abi_dumps = self.get_abi_dumps_from_shared_libraries(
             git_rev, git_worktree_path
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index fc8b800..cf875c8 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -132,6 +132,9 @@
 [ $VERBOSE ] && echo "Re-generating library/error.c"
 scripts/generate_errors.pl
 
+[ $VERBOSE ] && echo "Re-generating programs/test/query_config.c"
+scripts/generate_query_config.pl
+
 [ $VERBOSE ] && echo "Re-generating library/version_features.c"
 scripts/generate_features.pl
 
diff --git a/scripts/config.pl b/scripts/config.pl
index 55f4b6e..6927c4b 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -29,6 +29,7 @@
 #   MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 #   MBEDTLS_NO_PLATFORM_ENTROPY
 #   MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#   MBEDTLS_REMOVE_3DES_CIPHERSUITES
 #   MBEDTLS_SSL_HW_RECORD_ACCEL
 #   MBEDTLS_RSA_NO_CRT
 #   MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -91,6 +92,7 @@
 MBEDTLS_NO_PLATFORM_ENTROPY
 MBEDTLS_RSA_NO_CRT
 MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+MBEDTLS_REMOVE_3DES_CIPHERSUITES
 MBEDTLS_SSL_HW_RECORD_ACCEL
 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
@@ -99,8 +101,8 @@
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
 MBEDTLS_PSA_CRYPTO_SPM
-MBEDTLS_PSA_HAS_ITS_IO
-MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+MBEDTLS_PSA_INJECT_ENTROPY
 MBEDTLS_USE_PSA_CRYPTO
 _ALT\s*$
 );
@@ -122,9 +124,8 @@
 MBEDTLS_PLATFORM_TIME_ALT
 MBEDTLS_PLATFORM_FPRINTF_ALT
 MBEDTLS_PSA_CRYPTO_STORAGE_C
-MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
 MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
-MBEDTLS_PSA_HAS_ITS_IO
+MBEDTLS_PSA_ITS_FILE_C
 );
 
 # Things that should be enabled in "full" even if they match @excluded
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
new file mode 100644
index 0000000..064da4c
--- /dev/null
+++ b/scripts/data_files/query_config.fmt
@@ -0,0 +1,139 @@
+/*
+ *  Query Mbed TLS compile time configurations from config.h
+ *
+ *  Copyright (C) 2018, Arm Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+
+/*
+ * Include all the headers with public APIs in case they define a macro to its
+ * default value when that configuration is not set in the config.h.
+ */
+#include "mbedtls/aes.h"
+#include "mbedtls/aesni.h"
+#include "mbedtls/arc4.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/blowfish.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/des.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/havege.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/memory_buffer_alloc.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/nist_kw.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/padlock.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pkcs11.h"
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/platform_time.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_internal.h"
+#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/threading.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/version.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/xtea.h"
+
+#include <string.h>
+
+/*
+ * Helper macros to convert a macro or its expansion into a string
+ * WARNING: This does not work for expanding function-like macros. However,
+ * Mbed TLS does not currently have configuration options used in this fashion.
+ */
+#define MACRO_EXPANSION_TO_STR(macro)   MACRO_NAME_TO_STR(macro)
+#define MACRO_NAME_TO_STR(macro)                                        \
+    mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" )
+
+#if defined(_MSC_VER)
+/*
+ * Visual Studio throws the warning 4003 because many Mbed TLS feature macros
+ * are defined empty. This means that from the preprocessor's point of view
+ * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as
+ * some macros expand to nothing. We suppress that specific warning to get a
+ * clean build and to ensure that tests treating warnings as errors do not
+ * fail.
+ */
+#pragma warning(push)
+#pragma warning(disable:4003)
+#endif /* _MSC_VER */
+
+int query_config( const char *config )
+{
+CHECK_CONFIG    /* If the symbol is not found, return an error */
+    return( 1 );
+}
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif /* _MSC_VER */
diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj
index de18f9d8..fac9812 100644
--- a/scripts/data_files/vs2010-app-template.vcxproj
+++ b/scripts/data_files/vs2010-app-template.vcxproj
Binary files differ
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index 3e4e88b..ab7f134 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -22,6 +22,14 @@
     }
 }
 
+static const char *psa_dh_group_name(psa_dh_group_t group)
+{
+    switch (group) {
+    %(dh_group_cases)s
+    default: return NULL;
+    }
+}
+
 static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg)
 {
     switch (hash_alg) {
@@ -30,6 +38,14 @@
     }
 }
 
+static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg)
+{
+    switch (ka_alg) {
+    %(ka_algorithm_cases)s
+    default: return NULL;
+    }
+}
+
 static int psa_snprint_key_type(char *buffer, size_t buffer_size,
                                 psa_key_type_t type)
 {
@@ -47,12 +63,13 @@
     return (int) required_size;
 }
 
+#define NO_LENGTH_MODIFIER 0xfffffffflu
 static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
                                  psa_algorithm_t alg)
 {
     size_t required_size = 0;
     psa_algorithm_t core_alg = alg;
-    unsigned long length_modifier = 0;
+    unsigned long length_modifier = NO_LENGTH_MODIFIER;
     if (PSA_ALG_IS_MAC(alg)) {
         core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
         if (core_alg != alg) {
@@ -62,25 +79,39 @@
         }
     } else if (PSA_ALG_IS_AEAD(alg)) {
         core_alg = PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg);
-        if (core_alg != alg) {
+        if (core_alg == 0) {
+            /* For unknown AEAD algorithms, there is no "default tag length". */
+            core_alg = alg;
+        } else if (core_alg != alg) {
             append(&buffer, buffer_size, &required_size,
                    "PSA_ALG_AEAD_WITH_TAG_LENGTH(", 29);
             length_modifier = PSA_AEAD_TAG_LENGTH(alg);
         }
+    } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) &&
+               !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+        core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
+        append(&buffer, buffer_size, &required_size,
+               "PSA_ALG_KEY_AGREEMENT(", 22);
+        append_with_alg(&buffer, buffer_size, &required_size,
+                        psa_ka_algorithm_name,
+                        PSA_ALG_KEY_AGREEMENT_GET_BASE(alg));
+        append(&buffer, buffer_size, &required_size, ", ", 2);
     }
     switch (core_alg) {
     %(algorithm_cases)s
     default:
         %(algorithm_code)s{
             append_integer(&buffer, buffer_size, &required_size,
-                           "0x%%08lx", (unsigned long) alg);
+                           "0x%%08lx", (unsigned long) core_alg);
         }
         break;
     }
     if (core_alg != alg) {
-        append(&buffer, buffer_size, &required_size, ", ", 2);
-        append_integer(&buffer, buffer_size, &required_size,
-                       "%%lu", length_modifier);
+        if (length_modifier != NO_LENGTH_MODIFIER) {
+            append(&buffer, buffer_size, &required_size, ", ", 2);
+            append_integer(&buffer, buffer_size, &required_size,
+                           "%%lu", length_modifier);
+        }
         append(&buffer, buffer_size, &required_size, ")", 1);
     }
     buffer[0] = 0;
@@ -122,10 +153,19 @@
                               PSA_KEY_TYPE_GET_CURVE(type));
         } else '''
 
+key_type_from_group_template = '''if (%(tester)s(type)) {
+            append_with_group(&buffer, buffer_size, &required_size,
+                              "%(builder)s", %(builder_length)s,
+                              PSA_KEY_TYPE_GET_GROUP(type));
+        } else '''
+
 algorithm_from_hash_template = '''if (%(tester)s(core_alg)) {
-            append_with_hash(&buffer, buffer_size, &required_size,
-                             "%(builder)s", %(builder_length)s,
-                             PSA_ALG_GET_HASH(core_alg));
+            append(&buffer, buffer_size, &required_size,
+                   "%(builder)s(", %(builder_length)s + 1);
+            append_with_alg(&buffer, buffer_size, &required_size,
+                            psa_hash_algorithm_name,
+                            PSA_ALG_GET_HASH(core_alg));
+            append(&buffer, buffer_size, &required_size, ")", 1);
         } else '''
 
 bit_test_template = '''\
@@ -143,9 +183,12 @@
         self.statuses = set()
         self.key_types = set()
         self.key_types_from_curve = {}
+        self.key_types_from_group = {}
         self.ecc_curves = set()
+        self.dh_groups = set()
         self.algorithms = set()
         self.hash_algorithms = set()
+        self.ka_algorithms = set()
         self.algorithms_from_hash = {}
         self.key_usages = set()
 
@@ -164,13 +207,27 @@
             return
         elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \
            and not parameter:
+            if name in [
+                        'PSA_ERROR_UNKNOWN_ERROR',
+                        'PSA_ERROR_OCCUPIED_SLOT',
+                        'PSA_ERROR_EMPTY_SLOT',
+                        'PSA_ERROR_INSUFFICIENT_CAPACITY',
+                        ]:
+                # Ad hoc skipping of deprecated error codes, which share
+                # numerical values with non-deprecated error codes
+                return
+
             self.statuses.add(name)
         elif name.startswith('PSA_KEY_TYPE_') and not parameter:
             self.key_types.add(name)
         elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve':
             self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:]
+        elif name.startswith('PSA_KEY_TYPE_') and parameter == 'group':
+            self.key_types_from_group[name] = name[:13] + 'IS_' + name[13:]
         elif name.startswith('PSA_ECC_CURVE_') and not parameter:
             self.ecc_curves.add(name)
+        elif name.startswith('PSA_DH_GROUP_') and not parameter:
+            self.dh_groups.add(name)
         elif name.startswith('PSA_ALG_') and not parameter:
             if name in ['PSA_ALG_ECDSA_BASE',
                         'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']:
@@ -180,6 +237,9 @@
             # Ad hoc detection of hash algorithms
             if re.search(r'0x010000[0-9A-Fa-f]{2}', definition):
                 self.hash_algorithms.add(name)
+            # Ad hoc detection of key agreement algorithms
+            if re.search(r'0x30[0-9A-Fa-f]{2}0000', definition):
+                self.ka_algorithms.add(name)
         elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
             if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']:
                 # A naming irregularity
@@ -225,6 +285,10 @@
         return '\n    '.join(map(self.make_return_case,
                                  sorted(self.ecc_curves)))
 
+    def make_dh_group_cases(self):
+        return '\n    '.join(map(self.make_return_case,
+                                 sorted(self.dh_groups)))
+
     def make_key_type_cases(self):
         return '\n    '.join(map(self.make_append_case,
                                  sorted(self.key_types)))
@@ -234,15 +298,29 @@
                                                'builder_length': len(builder),
                                                'tester': tester}
 
-    def make_key_type_code(self):
+    def make_key_type_from_group_code(self, builder, tester):
+        return key_type_from_group_template % {'builder': builder,
+                                               'builder_length': len(builder),
+                                               'tester': tester}
+
+    def make_ecc_key_type_code(self):
         d = self.key_types_from_curve
         make = self.make_key_type_from_curve_code
         return ''.join([make(k, d[k]) for k in sorted(d.keys())])
 
+    def make_dh_key_type_code(self):
+        d = self.key_types_from_group
+        make = self.make_key_type_from_group_code
+        return ''.join([make(k, d[k]) for k in sorted(d.keys())])
+
     def make_hash_algorithm_cases(self):
         return '\n    '.join(map(self.make_return_case,
                                  sorted(self.hash_algorithms)))
 
+    def make_ka_algorithm_cases(self):
+        return '\n    '.join(map(self.make_return_case,
+                                 sorted(self.ka_algorithms)))
+
     def make_algorithm_cases(self):
         return '\n    '.join(map(self.make_append_case,
                                  sorted(self.algorithms)))
@@ -265,18 +343,22 @@
         data = {}
         data['status_cases'] = self.make_status_cases()
         data['ecc_curve_cases'] = self.make_ecc_curve_cases()
+        data['dh_group_cases'] = self.make_dh_group_cases()
         data['key_type_cases'] = self.make_key_type_cases()
-        data['key_type_code'] = self.make_key_type_code()
+        data['key_type_code'] = (self.make_ecc_key_type_code() +
+                                 self.make_dh_key_type_code())
         data['hash_algorithm_cases'] = self.make_hash_algorithm_cases()
+        data['ka_algorithm_cases'] = self.make_ka_algorithm_cases()
         data['algorithm_cases'] = self.make_algorithm_cases()
         data['algorithm_code'] = self.make_algorithm_code()
         data['key_usage_code'] = self.make_key_usage_code()
         output_file.write(output_template % data)
 
-def generate_psa_constants(header_file_name, output_file_name):
+def generate_psa_constants(header_file_names, output_file_name):
     collector = MacroCollector()
-    with open(header_file_name) as header_file:
-        collector.read_file(header_file)
+    for header_file_name in header_file_names:
+        with open(header_file_name) as header_file:
+            collector.read_file(header_file)
     temp_file_name = output_file_name + '.tmp'
     with open(temp_file_name, 'w') as output_file:
         collector.write_file(output_file)
@@ -285,5 +367,6 @@
 if __name__ == '__main__':
     if not os.path.isdir('programs') and os.path.isdir('../programs'):
         os.chdir('..')
-    generate_psa_constants('include/psa/crypto_values.h',
+    generate_psa_constants(['include/psa/crypto_values.h',
+                            'include/psa/crypto_extra.h'],
                            'programs/psa/psa_constant_names_generated.c')
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
new file mode 100755
index 0000000..d94fdad
--- /dev/null
+++ b/scripts/generate_query_config.pl
@@ -0,0 +1,75 @@
+#! /usr/bin/env perl
+
+# Generate query_config.c
+#
+# The file query_config.c contains a C function that can be used to check if
+# a configuration macro is defined and to retrieve its expansion in string
+# form (if any). This facilitates querying the compile time configuration of
+# the library, for example, for testing.
+#
+# The query_config.c is generated from the current configuration at
+# include/mbedtls/config.h. The idea is that the config.h contains ALL the
+# compile time configurations available in Mbed TLS (commented or uncommented).
+# This script extracts the configuration macros from the config.h and this
+# information is used to automatically generate the body of the query_config()
+# function by using the template in scripts/data_files/query_config.fmt.
+#
+# Usage: ./scripts/generate_query_config.pl without arguments
+
+use strict;
+
+my $config_file = "./include/mbedtls/config.h";
+
+my $query_config_format_file = "./scripts/data_files/query_config.fmt";
+my $query_config_file = "./programs/test/query_config.c";
+
+# Excluded macros from the generated query_config.c. For example, macros that
+# have commas or function-like macros cannot be transformed into strings easily
+# using the preprocessor, so they should be excluded or the preprocessor will
+# throw errors.
+my @excluded = qw(
+MBEDTLS_SSL_CIPHERSUITES
+MBEDTLS_PARAM_FAILED
+);
+my $excluded_re = join '|', @excluded;
+
+open(CONFIG_FILE, "$config_file") or die "Opening config file '$config_file': $!";
+
+# This variable will contain the string to replace in the CHECK_CONFIG of the
+# format file
+my $config_check = "";
+
+while (my $line = <CONFIG_FILE>) {
+    if ($line =~ /^(\/\/)?\s*#\s*define\s+(MBEDTLS_\w+).*/) {
+        my $name = $2;
+
+        # Skip over the macro that prevents multiple inclusion
+        next if "MBEDTLS_CONFIG_H" eq $name;
+
+        # Skip over the macro if it is in the ecluded list
+        next if $name =~ /$excluded_re/;
+
+        $config_check .= "#if defined($name)\n";
+        $config_check .= "    if( strcmp( \"$name\", config ) == 0 )\n";
+        $config_check .= "    {\n";
+        $config_check .= "        MACRO_EXPANSION_TO_STR( $name );\n";
+        $config_check .= "        return( 0 );\n";
+        $config_check .= "    }\n";
+        $config_check .= "#endif /* $name */\n";
+        $config_check .= "\n";
+    }
+}
+
+# Read the full format file into a string
+local $/;
+open(FORMAT_FILE, "$query_config_format_file") or die "Opening query config format file '$query_config_format_file': $!";
+my $query_config_format = <FORMAT_FILE>;
+close(FORMAT_FILE);
+
+# Replace the body of the query_config() function with the code we just wrote
+$query_config_format =~ s/CHECK_CONFIG/$config_check/g;
+
+# Rewrite the query_config.c file
+open(QUERY_CONFIG_FILE, ">$query_config_file") or die "Opening destination file '$query_config_file': $!";
+print QUERY_CONFIG_FILE $query_config_format;
+close(QUERY_CONFIG_FILE);
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index d8825ee..42f3024 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -95,8 +95,14 @@
     $path =~ s!/!\\!g;
     (my $appname = $path) =~ s/.*\\//;
 
+    my $srcs = "\n    <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r";
+    if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
+        $appname eq "query_compile_time_config" ) {
+        $srcs .= "\n    <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>\r";
+    }
+
     my $content = $template;
-    $content =~ s/<PATHNAME>/$path/g;
+    $content =~ s/<SOURCES>/$srcs/g;
     $content =~ s/<APPNAME>/$appname/g;
     $content =~ s/<GUID>/$guid/g;
 
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index c809d46..132963c 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -15,7 +15,6 @@
 #   - type and version of the operating system
 #   - version of armcc, clang, gcc-arm and gcc compilers
 #   - version of libc, clang, asan and valgrind if installed
-#   - version of gnuTLS and OpenSSL
 
 print_version()
 {
@@ -74,42 +73,6 @@
 print_version "valgrind" "--version" "valgrind not found!"
 echo
 
-: ${OPENSSL:=openssl}
-print_version "$OPENSSL" "version" "openssl not found!"
-echo
-
-if [ -n "${OPENSSL_LEGACY+set}" ]; then
-    print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!"
-    echo
-fi
-
-if [ -n "${OPENSSL_NEXT+set}" ]; then
-    print_version "$OPENSSL_NEXT" "version" "openssl next version not found!"
-    echo
-fi
-
-: ${GNUTLS_CLI:=gnutls-cli}
-print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1"
-echo
-
-: ${GNUTLS_SERV:=gnutls-serv}
-print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1"
-echo
-
-if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
-    print_version "$GNUTLS_LEGACY_CLI" "--version" \
-        "gnuTLS client legacy version not found!"  \
-        "head -n 1"
-    echo
-fi
-
-if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
-    print_version "$GNUTLS_LEGACY_SERV" "--version" \
-        "gnuTLS server legacy version not found!"   \
-        "head -n 1"
-    echo
-fi
-
 if `hash dpkg > /dev/null 2>&1`; then
     echo "* asan:"
     dpkg -s libasan2 2> /dev/null | grep -i version
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 21cdfab..4cd8f97 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -20,6 +20,13 @@
 # on non-POSIX platforms.
 add_definitions("-D_POSIX_C_SOURCE=200809L")
 
+# Test suites caught by SKIP_TEST_SUITES are built but not executed.
+# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
+# but not "test_suite_foobar".
+string(REGEX REPLACE "[ ,;]" "|" SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES}")
+string(REPLACE "." "\\." SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES_REGEX}")
+set(SKIP_TEST_SUITES_REGEX "^(${SKIP_TEST_SUITES_REGEX})(\$|\\.)")
+
 function(add_test_suite suite_name)
     if(ARGV1)
         set(data_name ${ARGV1})
@@ -33,10 +40,26 @@
         DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
     )
 
+    set(exe_name test_suite_${data_name})
+    # Add a prefix to differentiate these tests from those of the parent
+    # module, when this project is built as a submodule.
+    if(USE_CRYPTO_SUBMODULE)
+        set(exe_name crypto.${exe_name})
+    endif()
+
     include_directories(${CMAKE_CURRENT_SOURCE_DIR})
-    add_executable(test_suite_${data_name} test_suite_${data_name}.c)
-    target_link_libraries(test_suite_${data_name} ${libs})
-    add_test(${data_name}-suite test_suite_${data_name} --verbose)
+    add_executable(${exe_name} test_suite_${data_name}.c)
+    target_link_libraries(${exe_name} ${libs})
+    target_include_directories(${exe_name}
+        PUBLIC ${CMAKE_SOURCE_DIR}/include/
+        PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/
+        PRIVATE ${CMAKE_SOURCE_DIR}/crypto/library/)
+
+    if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
+        message(STATUS "The test suite ${data_name} will not be executed.")
+    else()
+        add_test(${data_name}-suite ${exe_name} --verbose)
+    endif()
 endfunction(add_test_suite)
 
 if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
@@ -52,6 +75,7 @@
 add_test_suite(aes aes.ecb)
 add_test_suite(aes aes.cbc)
 add_test_suite(aes aes.cfb)
+add_test_suite(aes aes.ofb)
 add_test_suite(aes aes.rest)
 add_test_suite(aes aes.xts)
 add_test_suite(arc4)
@@ -72,11 +96,11 @@
 add_test_suite(cipher cipher.chachapoly)
 add_test_suite(cipher cipher.des)
 add_test_suite(cipher cipher.gcm)
+add_test_suite(cipher cipher.misc)
 add_test_suite(cipher cipher.null)
 add_test_suite(cipher cipher.padding)
 add_test_suite(cmac)
 add_test_suite(ctr_drbg)
-add_test_suite(debug)
 add_test_suite(des)
 add_test_suite(dhm)
 add_test_suite(ecdh)
@@ -92,6 +116,7 @@
 add_test_suite(gcm gcm.aes192_de)
 add_test_suite(gcm gcm.aes256_de)
 add_test_suite(gcm gcm.camellia)
+add_test_suite(gcm gcm.misc)
 add_test_suite(hkdf)
 add_test_suite(hmac_drbg hmac_drbg.misc)
 add_test_suite(hmac_drbg hmac_drbg.no_reseed)
@@ -102,6 +127,7 @@
 add_test_suite(memory_buffer_alloc)
 add_test_suite(mpi)
 add_test_suite(nist_kw)
+add_test_suite(oid)
 add_test_suite(pem)
 add_test_suite(pkcs1_v15)
 add_test_suite(pkcs1_v21)
@@ -117,21 +143,19 @@
 add_test_suite(psa_crypto_metadata)
 add_test_suite(psa_crypto_persistent_key)
 add_test_suite(psa_crypto_slot_management)
-add_test_suite(psa_crypto_storage_file)
+add_test_suite(psa_its)
 add_test_suite(shax)
-add_test_suite(ssl)
 add_test_suite(timing)
 add_test_suite(rsa)
-add_test_suite(version)
 add_test_suite(xtea)
-add_test_suite(x509parse)
-add_test_suite(x509write)
+if (NOT USE_CRYPTO_SUBMODULE)
+    add_test_suite(version)
+endif()
 
 # Make scripts and data files needed for testing available in an
 # out-of-source build.
 if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
-    link_to_source(compat.sh)
     link_to_source(data_files)
     link_to_source(scripts)
-    link_to_source(ssl-opt.sh)
+    link_to_source(suites)
 endif()
diff --git a/tests/Descriptions.txt b/tests/Descriptions.txt
index 8b13bb3..3e9b255 100644
--- a/tests/Descriptions.txt
+++ b/tests/Descriptions.txt
@@ -2,21 +2,9 @@
     The various 'test_suite_XXX' programs from the 'tests' directory, executed
     using 'make check' (Unix make) or 'make test' (Cmake), include test cases
     (reference test vectors, sanity checks, malformed input for parsing
-    functions, etc.) for all modules except the SSL modules.
+    functions, etc.) for all modules.
 
 selftests
     The 'programs/test/selftest' program runs the 'XXX_self_test()' functions
     of each individual module. Most of them are included in the respective
     test suite, but some slower ones are only included here.
-
-compat
-    The 'tests/compat.sh' script checks interoperability with OpenSSL and
-    GnuTLS (and ourselves!) for every common ciphersuite, in every TLS
-    version, both ways (client/server), using client authentication or not.
-    For each ciphersuite/version/side/authmode it performs a full handshake
-    and a small data exchange.
-
-ssl_opt
-    The 'tests/ssl-opt.sh' script checks various options and/or operations not
-    covered by compat.sh: session resumption (using session cache or tickets),
-    renegotiation, SNI, other extensions, etc.
diff --git a/tests/Makefile b/tests/Makefile
index f5cafe5..8db7920 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -6,7 +6,8 @@
 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
 LDFLAGS ?=
 
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -I../library -D_FILE_OFFSET_BITS=64
+CRYPTO_INCLUDES ?= -I../include
+LOCAL_CFLAGS = $(WARNING_CFLAGS) $(CRYPTO_INCLUDES) -I../library -D_FILE_OFFSET_BITS=64
 LOCAL_LDFLAGS = -L../library			\
 		-lmbedtls$(SHARED_SUFFIX)	\
 		-lmbedx509$(SHARED_SUFFIX)	\
@@ -58,6 +59,15 @@
 # constructed by stripping path 'suites/' and extension .data.
 APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data)))
 
+# When this project is used as a submodule, exclude the following list of
+# tests, which will be run from the parent module instead.
+ifdef USE_CRYPTO_SUBMODULE
+APPS := $(filter-out \
+               test_suite_version \
+               ,$(APPS))
+endif
+
+
 # Construct executable name by adding OS specific suffix $(EXEXT).
 BINARIES := $(addsuffix $(EXEXT),$(APPS))
 
@@ -115,8 +125,9 @@
 endif
 endif
 
+# Test suites caught by SKIP_TEST_SUITES are built but not executed.
 check: $(BINARIES)
-	perl scripts/run-test-suites.pl
+	perl scripts/run-test-suites.pl --skip=$(SKIP_TEST_SUITES)
 
 test: check
 
diff --git a/tests/compat.sh b/tests/compat.sh
deleted file mode 100755
index bf65e5e..0000000
--- a/tests/compat.sh
+++ /dev/null
@@ -1,1413 +0,0 @@
-#!/bin/sh
-
-# compat.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Test interoperbility with OpenSSL, GnuTLS as well as itself.
-#
-# Check each common ciphersuite, with each version, both ways (client/server),
-# with and without client authentication.
-
-set -u
-
-# initialise counters
-TESTS=0
-FAILED=0
-SKIPPED=0
-SRVMEM=0
-
-# default commands, can be overriden by the environment
-: ${M_SRV:=../programs/ssl/ssl_server2}
-: ${M_CLI:=../programs/ssl/ssl_client2}
-: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
-: ${GNUTLS_CLI:=gnutls-cli}
-: ${GNUTLS_SERV:=gnutls-serv}
-
-# do we have a recent enough GnuTLS?
-if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
-    G_VER="$( $GNUTLS_CLI --version | head -n1 )"
-    if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version
-        PEER_GNUTLS=" GnuTLS"
-    else
-        eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' )
-        if [ $MAJOR -lt 3 -o \
-            \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \
-            \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ]
-        then
-            PEER_GNUTLS=""
-        else
-            PEER_GNUTLS=" GnuTLS"
-            if [ $MINOR -lt 4 ]; then
-                GNUTLS_MINOR_LT_FOUR='x'
-            fi
-        fi
-    fi
-else
-    PEER_GNUTLS=""
-fi
-
-# default values for options
-MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2"
-VERIFIES="NO YES"
-TYPES="ECDSA RSA PSK"
-FILTER=""
-# exclude:
-# - NULL: excluded from our default config
-# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions
-#   avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
-# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
-# - ChachaPoly: requires OpenSSL >= 1.1.0
-EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
-VERBOSE=""
-MEMCHECK=0
-PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
-
-# hidden option: skip DTLS with OpenSSL
-# (travis CI has a version that doesn't work for us)
-: ${OSSL_NO_DTLS:=0}
-
-print_usage() {
-    echo "Usage: $0"
-    printf "  -h|--help\tPrint this help.\n"
-    printf "  -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n"
-    printf "  -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n"
-    printf "  -m|--modes\tWhich modes to perform (Default: '$MODES')\n"
-    printf "  -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n"
-    printf "  -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n"
-    printf "  -p|--peers\tWhich peers to use (Default: '$PEERS')\n"
-    printf "            \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
-    printf "  -M|--memcheck\tCheck memory leaks and errors.\n"
-    printf "  -v|--verbose\tSet verbose output.\n"
-}
-
-get_options() {
-    while [ $# -gt 0 ]; do
-        case "$1" in
-            -f|--filter)
-                shift; FILTER=$1
-                ;;
-            -e|--exclude)
-                shift; EXCLUDE=$1
-                ;;
-            -m|--modes)
-                shift; MODES=$1
-                ;;
-            -t|--types)
-                shift; TYPES=$1
-                ;;
-            -V|--verify)
-                shift; VERIFIES=$1
-                ;;
-            -p|--peers)
-                shift; PEERS=$1
-                ;;
-            -v|--verbose)
-                VERBOSE=1
-                ;;
-            -M|--memcheck)
-                MEMCHECK=1
-                ;;
-            -h|--help)
-                print_usage
-                exit 0
-                ;;
-            *)
-                echo "Unknown argument: '$1'"
-                print_usage
-                exit 1
-                ;;
-        esac
-        shift
-    done
-
-    # sanitize some options (modes checked later)
-    VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )"
-    TYPES="$( echo $TYPES | tr [a-z] [A-Z] )"
-}
-
-log() {
-  if [ "X" != "X$VERBOSE" ]; then
-    echo ""
-    echo "$@"
-  fi
-}
-
-# is_dtls <mode>
-is_dtls()
-{
-    test "$1" = "dtls1" -o "$1" = "dtls1_2"
-}
-
-# minor_ver <mode>
-minor_ver()
-{
-    case "$1" in
-        ssl3)
-            echo 0
-            ;;
-        tls1)
-            echo 1
-            ;;
-        tls1_1|dtls1)
-            echo 2
-            ;;
-        tls1_2|dtls1_2)
-            echo 3
-            ;;
-        *)
-            echo "error: invalid mode: $MODE" >&2
-            # exiting is no good here, typically called in a subshell
-            echo -1
-    esac
-}
-
-filter()
-{
-  LIST="$1"
-  NEW_LIST=""
-
-  if is_dtls "$MODE"; then
-      EXCLMODE="$EXCLUDE"'\|RC4\|ARCFOUR'
-  else
-      EXCLMODE="$EXCLUDE"
-  fi
-
-  for i in $LIST;
-  do
-    NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )"
-  done
-
-  # normalize whitespace
-  echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//'
-}
-
-# OpenSSL 1.0.1h with -Verify wants a ClientCertificate message even for
-# PSK ciphersuites with DTLS, which is incorrect, so disable them for now
-check_openssl_server_bug()
-{
-    if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \
-        echo "$1" | grep "^TLS-PSK" >/dev/null;
-    then
-        SKIP_NEXT="YES"
-    fi
-}
-
-filter_ciphersuites()
-{
-    if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
-    then
-        # Ciphersuite for mbed TLS
-        M_CIPHERS=$( filter "$M_CIPHERS" )
-
-        # Ciphersuite for OpenSSL
-        O_CIPHERS=$( filter "$O_CIPHERS" )
-
-        # Ciphersuite for GnuTLS
-        G_CIPHERS=$( filter "$G_CIPHERS" )
-    fi
-
-    # OpenSSL 1.0.1h doesn't support DTLS 1.2
-    if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
-        O_CIPHERS=""
-        case "$PEER" in
-            [Oo]pen*)
-                M_CIPHERS=""
-                ;;
-        esac
-    fi
-
-    # For GnuTLS client -> mbed TLS server,
-    # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
-    if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
-        G_CIPHERS=""
-    fi
-}
-
-reset_ciphersuites()
-{
-    M_CIPHERS=""
-    O_CIPHERS=""
-    G_CIPHERS=""
-}
-
-# Ciphersuites that can be used with all peers.
-# Since we currently have three possible peers, each ciphersuite should appear
-# three times: in each peer's list (with the name that this peer uses).
-add_common_ciphersuites()
-{
-    case $TYPE in
-
-        "ECDSA")
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-ECDHE-ECDSA-WITH-NULL-SHA           \
-                    TLS-ECDHE-ECDSA-WITH-RC4-128-SHA        \
-                    TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA   \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA    \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA    \
-                    "
-                G_CIPHERS="$G_CIPHERS                       \
-                    +ECDHE-ECDSA:+NULL:+SHA1                \
-                    +ECDHE-ECDSA:+ARCFOUR-128:+SHA1         \
-                    +ECDHE-ECDSA:+3DES-CBC:+SHA1            \
-                    +ECDHE-ECDSA:+AES-128-CBC:+SHA1         \
-                    +ECDHE-ECDSA:+AES-256-CBC:+SHA1         \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-ECDSA-NULL-SHA            \
-                    ECDHE-ECDSA-RC4-SHA             \
-                    ECDHE-ECDSA-DES-CBC3-SHA        \
-                    ECDHE-ECDSA-AES128-SHA          \
-                    ECDHE-ECDSA-AES256-SHA          \
-                    "
-            fi
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256         \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384         \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256         \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384         \
-                    "
-                G_CIPHERS="$G_CIPHERS                               \
-                    +ECDHE-ECDSA:+AES-128-CBC:+SHA256               \
-                    +ECDHE-ECDSA:+AES-256-CBC:+SHA384               \
-                    +ECDHE-ECDSA:+AES-128-GCM:+AEAD                 \
-                    +ECDHE-ECDSA:+AES-256-GCM:+AEAD                 \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-ECDSA-AES128-SHA256       \
-                    ECDHE-ECDSA-AES256-SHA384       \
-                    ECDHE-ECDSA-AES128-GCM-SHA256   \
-                    ECDHE-ECDSA-AES256-GCM-SHA384   \
-                    "
-            fi
-            ;;
-
-        "RSA")
-            M_CIPHERS="$M_CIPHERS                       \
-                TLS-DHE-RSA-WITH-AES-128-CBC-SHA        \
-                TLS-DHE-RSA-WITH-AES-256-CBC-SHA        \
-                TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA   \
-                TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA   \
-                TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA       \
-                TLS-RSA-WITH-AES-256-CBC-SHA            \
-                TLS-RSA-WITH-CAMELLIA-256-CBC-SHA       \
-                TLS-RSA-WITH-AES-128-CBC-SHA            \
-                TLS-RSA-WITH-CAMELLIA-128-CBC-SHA       \
-                TLS-RSA-WITH-3DES-EDE-CBC-SHA           \
-                TLS-RSA-WITH-RC4-128-SHA                \
-                TLS-RSA-WITH-RC4-128-MD5                \
-                TLS-RSA-WITH-NULL-MD5                   \
-                TLS-RSA-WITH-NULL-SHA                   \
-                "
-            G_CIPHERS="$G_CIPHERS                       \
-                +DHE-RSA:+AES-128-CBC:+SHA1             \
-                +DHE-RSA:+AES-256-CBC:+SHA1             \
-                +DHE-RSA:+CAMELLIA-128-CBC:+SHA1        \
-                +DHE-RSA:+CAMELLIA-256-CBC:+SHA1        \
-                +DHE-RSA:+3DES-CBC:+SHA1                \
-                +RSA:+AES-256-CBC:+SHA1                 \
-                +RSA:+CAMELLIA-256-CBC:+SHA1            \
-                +RSA:+AES-128-CBC:+SHA1                 \
-                +RSA:+CAMELLIA-128-CBC:+SHA1            \
-                +RSA:+3DES-CBC:+SHA1                    \
-                +RSA:+ARCFOUR-128:+SHA1                 \
-                +RSA:+ARCFOUR-128:+MD5                  \
-                +RSA:+NULL:+MD5                         \
-                +RSA:+NULL:+SHA1                        \
-                "
-            O_CIPHERS="$O_CIPHERS               \
-                DHE-RSA-AES128-SHA              \
-                DHE-RSA-AES256-SHA              \
-                DHE-RSA-CAMELLIA128-SHA         \
-                DHE-RSA-CAMELLIA256-SHA         \
-                EDH-RSA-DES-CBC3-SHA            \
-                AES256-SHA                      \
-                CAMELLIA256-SHA                 \
-                AES128-SHA                      \
-                CAMELLIA128-SHA                 \
-                DES-CBC3-SHA                    \
-                RC4-SHA                         \
-                RC4-MD5                         \
-                NULL-MD5                        \
-                NULL-SHA                        \
-                "
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA      \
-                    TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA      \
-                    TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA     \
-                    TLS-ECDHE-RSA-WITH-RC4-128-SHA          \
-                    TLS-ECDHE-RSA-WITH-NULL-SHA             \
-                    "
-                G_CIPHERS="$G_CIPHERS                       \
-                    +ECDHE-RSA:+AES-128-CBC:+SHA1           \
-                    +ECDHE-RSA:+AES-256-CBC:+SHA1           \
-                    +ECDHE-RSA:+3DES-CBC:+SHA1              \
-                    +ECDHE-RSA:+ARCFOUR-128:+SHA1           \
-                    +ECDHE-RSA:+NULL:+SHA1                  \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-RSA-AES256-SHA            \
-                    ECDHE-RSA-AES128-SHA            \
-                    ECDHE-RSA-DES-CBC3-SHA          \
-                    ECDHE-RSA-RC4-SHA               \
-                    ECDHE-RSA-NULL-SHA              \
-                    "
-            fi
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-RSA-WITH-AES-128-CBC-SHA256         \
-                    TLS-DHE-RSA-WITH-AES-128-CBC-SHA256     \
-                    TLS-RSA-WITH-AES-256-CBC-SHA256         \
-                    TLS-DHE-RSA-WITH-AES-256-CBC-SHA256     \
-                    TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256   \
-                    TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384   \
-                    TLS-RSA-WITH-AES-128-GCM-SHA256         \
-                    TLS-RSA-WITH-AES-256-GCM-SHA384         \
-                    TLS-DHE-RSA-WITH-AES-128-GCM-SHA256     \
-                    TLS-DHE-RSA-WITH-AES-256-GCM-SHA384     \
-                    TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256   \
-                    TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384   \
-                    "
-                G_CIPHERS="$G_CIPHERS                       \
-                    +RSA:+AES-128-CBC:+SHA256               \
-                    +DHE-RSA:+AES-128-CBC:+SHA256           \
-                    +RSA:+AES-256-CBC:+SHA256               \
-                    +DHE-RSA:+AES-256-CBC:+SHA256           \
-                    +ECDHE-RSA:+AES-128-CBC:+SHA256         \
-                    +ECDHE-RSA:+AES-256-CBC:+SHA384         \
-                    +RSA:+AES-128-GCM:+AEAD                 \
-                    +RSA:+AES-256-GCM:+AEAD                 \
-                    +DHE-RSA:+AES-128-GCM:+AEAD             \
-                    +DHE-RSA:+AES-256-GCM:+AEAD             \
-                    +ECDHE-RSA:+AES-128-GCM:+AEAD           \
-                    +ECDHE-RSA:+AES-256-GCM:+AEAD           \
-                    "
-                O_CIPHERS="$O_CIPHERS           \
-                    NULL-SHA256                 \
-                    AES128-SHA256               \
-                    DHE-RSA-AES128-SHA256       \
-                    AES256-SHA256               \
-                    DHE-RSA-AES256-SHA256       \
-                    ECDHE-RSA-AES128-SHA256     \
-                    ECDHE-RSA-AES256-SHA384     \
-                    AES128-GCM-SHA256           \
-                    DHE-RSA-AES128-GCM-SHA256   \
-                    AES256-GCM-SHA384           \
-                    DHE-RSA-AES256-GCM-SHA384   \
-                    ECDHE-RSA-AES128-GCM-SHA256 \
-                    ECDHE-RSA-AES256-GCM-SHA384 \
-                    "
-            fi
-            ;;
-
-        "PSK")
-            M_CIPHERS="$M_CIPHERS                       \
-                TLS-PSK-WITH-RC4-128-SHA                \
-                TLS-PSK-WITH-3DES-EDE-CBC-SHA           \
-                TLS-PSK-WITH-AES-128-CBC-SHA            \
-                TLS-PSK-WITH-AES-256-CBC-SHA            \
-                "
-            G_CIPHERS="$G_CIPHERS                       \
-                +PSK:+ARCFOUR-128:+SHA1                 \
-                +PSK:+3DES-CBC:+SHA1                    \
-                +PSK:+AES-128-CBC:+SHA1                 \
-                +PSK:+AES-256-CBC:+SHA1                 \
-                "
-            O_CIPHERS="$O_CIPHERS               \
-                PSK-RC4-SHA                     \
-                PSK-3DES-EDE-CBC-SHA            \
-                PSK-AES128-CBC-SHA              \
-                PSK-AES256-CBC-SHA              \
-                "
-            ;;
-    esac
-}
-
-# Ciphersuites usable only with Mbed TLS and OpenSSL
-# Each ciphersuite should appear two times, once with its OpenSSL name, once
-# with its Mbed TLS name.
-#
-# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
-# so RSA-PSK ciphersuites need to go in other sections, see
-# https://github.com/ARMmbed/mbedtls/issues/1419
-#
-# ChachaPoly suites are here rather than in "common", as they were added in
-# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
-add_openssl_ciphersuites()
-{
-    case $TYPE in
-
-        "ECDSA")
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                M_CIPHERS="$M_CIPHERS                       \
-                    TLS-ECDH-ECDSA-WITH-NULL-SHA            \
-                    TLS-ECDH-ECDSA-WITH-RC4-128-SHA         \
-                    TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA    \
-                    TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA     \
-                    TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA     \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDH-ECDSA-NULL-SHA             \
-                    ECDH-ECDSA-RC4-SHA              \
-                    ECDH-ECDSA-DES-CBC3-SHA         \
-                    ECDH-ECDSA-AES128-SHA           \
-                    ECDH-ECDSA-AES256-SHA           \
-                    "
-            fi
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256          \
-                    TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384          \
-                    TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256          \
-                    TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384          \
-                    TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384        \
-                    TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256        \
-                    TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256   \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDH-ECDSA-AES128-SHA256        \
-                    ECDH-ECDSA-AES256-SHA384        \
-                    ECDH-ECDSA-AES128-GCM-SHA256    \
-                    ECDH-ECDSA-AES256-GCM-SHA384    \
-                    ECDHE-ECDSA-ARIA256-GCM-SHA384  \
-                    ECDHE-ECDSA-ARIA128-GCM-SHA256  \
-                    ECDHE-ECDSA-CHACHA20-POLY1305   \
-                    "
-            fi
-            ;;
-
-        "RSA")
-            M_CIPHERS="$M_CIPHERS                       \
-                TLS-RSA-WITH-DES-CBC-SHA                \
-                TLS-DHE-RSA-WITH-DES-CBC-SHA            \
-                "
-            O_CIPHERS="$O_CIPHERS               \
-                DES-CBC-SHA                     \
-                EDH-RSA-DES-CBC-SHA             \
-                "
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384          \
-                    TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384            \
-                    TLS-RSA-WITH-ARIA-256-GCM-SHA384                \
-                    TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256          \
-                    TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256            \
-                    TLS-RSA-WITH-ARIA-128-GCM-SHA256                \
-                    TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256       \
-                    TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256     \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    ECDHE-ARIA256-GCM-SHA384        \
-                    DHE-RSA-ARIA256-GCM-SHA384      \
-                    ARIA256-GCM-SHA384              \
-                    ECDHE-ARIA128-GCM-SHA256        \
-                    DHE-RSA-ARIA128-GCM-SHA256      \
-                    ARIA128-GCM-SHA256              \
-                    DHE-RSA-CHACHA20-POLY1305       \
-                    ECDHE-RSA-CHACHA20-POLY1305     \
-                    "
-            fi
-            ;;
-
-        "PSK")
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384            \
-                    TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256            \
-                    TLS-PSK-WITH-ARIA-256-GCM-SHA384                \
-                    TLS-PSK-WITH-ARIA-128-GCM-SHA256                \
-                    TLS-PSK-WITH-CHACHA20-POLY1305-SHA256           \
-                    TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256     \
-                    TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256       \
-                    "
-                O_CIPHERS="$O_CIPHERS               \
-                    DHE-PSK-ARIA256-GCM-SHA384      \
-                    DHE-PSK-ARIA128-GCM-SHA256      \
-                    PSK-ARIA256-GCM-SHA384          \
-                    PSK-ARIA128-GCM-SHA256          \
-                    DHE-PSK-CHACHA20-POLY1305       \
-                    ECDHE-PSK-CHACHA20-POLY1305     \
-                    PSK-CHACHA20-POLY1305           \
-                    "
-            fi
-            ;;
-    esac
-}
-
-# Ciphersuites usable only with Mbed TLS and GnuTLS
-# Each ciphersuite should appear two times, once with its GnuTLS name, once
-# with its Mbed TLS name.
-add_gnutls_ciphersuites()
-{
-    case $TYPE in
-
-        "ECDSA")
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256    \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384    \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256    \
-                    TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384    \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM                \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM                \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8              \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8              \
-                   "
-                G_CIPHERS="$G_CIPHERS                               \
-                    +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256          \
-                    +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384          \
-                    +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD            \
-                    +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD            \
-                    +ECDHE-ECDSA:+AES-128-CCM:+AEAD                 \
-                    +ECDHE-ECDSA:+AES-256-CCM:+AEAD                 \
-                    +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD               \
-                    +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD               \
-                   "
-            fi
-            ;;
-
-        "RSA")
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-RSA-WITH-NULL-SHA256                    \
-                    "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +RSA:+NULL:+SHA256                          \
-                    "
-            fi
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256  \
-                    TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384  \
-                    TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256        \
-                    TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256        \
-                    TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256    \
-                    TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256    \
-                    TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256  \
-                    TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384  \
-                    TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256    \
-                    TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384    \
-                    TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256        \
-                    TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384        \
-                    TLS-RSA-WITH-AES-128-CCM                    \
-                    TLS-RSA-WITH-AES-256-CCM                    \
-                    TLS-DHE-RSA-WITH-AES-128-CCM                \
-                    TLS-DHE-RSA-WITH-AES-256-CCM                \
-                    TLS-RSA-WITH-AES-128-CCM-8                  \
-                    TLS-RSA-WITH-AES-256-CCM-8                  \
-                    TLS-DHE-RSA-WITH-AES-128-CCM-8              \
-                    TLS-DHE-RSA-WITH-AES-256-CCM-8              \
-                    "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256        \
-                    +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384        \
-                    +RSA:+CAMELLIA-128-CBC:+SHA256              \
-                    +RSA:+CAMELLIA-256-CBC:+SHA256              \
-                    +DHE-RSA:+CAMELLIA-128-CBC:+SHA256          \
-                    +DHE-RSA:+CAMELLIA-256-CBC:+SHA256          \
-                    +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD          \
-                    +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD          \
-                    +DHE-RSA:+CAMELLIA-128-GCM:+AEAD            \
-                    +DHE-RSA:+CAMELLIA-256-GCM:+AEAD            \
-                    +RSA:+CAMELLIA-128-GCM:+AEAD                \
-                    +RSA:+CAMELLIA-256-GCM:+AEAD                \
-                    +RSA:+AES-128-CCM:+AEAD                     \
-                    +RSA:+AES-256-CCM:+AEAD                     \
-                    +RSA:+AES-128-CCM-8:+AEAD                   \
-                    +RSA:+AES-256-CCM-8:+AEAD                   \
-                    +DHE-RSA:+AES-128-CCM:+AEAD                 \
-                    +DHE-RSA:+AES-256-CCM:+AEAD                 \
-                    +DHE-RSA:+AES-128-CCM-8:+AEAD               \
-                    +DHE-RSA:+AES-256-CCM-8:+AEAD               \
-                    "
-            fi
-            ;;
-
-        "PSK")
-            M_CIPHERS="$M_CIPHERS                               \
-                TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA               \
-                TLS-DHE-PSK-WITH-AES-128-CBC-SHA                \
-                TLS-DHE-PSK-WITH-AES-256-CBC-SHA                \
-                TLS-DHE-PSK-WITH-RC4-128-SHA                    \
-                "
-            G_CIPHERS="$G_CIPHERS                               \
-                +DHE-PSK:+3DES-CBC:+SHA1                        \
-                +DHE-PSK:+AES-128-CBC:+SHA1                     \
-                +DHE-PSK:+AES-256-CBC:+SHA1                     \
-                +DHE-PSK:+ARCFOUR-128:+SHA1                     \
-                "
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA          \
-                    TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA          \
-                    TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA         \
-                    TLS-ECDHE-PSK-WITH-RC4-128-SHA              \
-                    TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA           \
-                    TLS-RSA-PSK-WITH-AES-256-CBC-SHA            \
-                    TLS-RSA-PSK-WITH-AES-128-CBC-SHA            \
-                    TLS-RSA-PSK-WITH-RC4-128-SHA                \
-                    "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +ECDHE-PSK:+3DES-CBC:+SHA1                  \
-                    +ECDHE-PSK:+AES-128-CBC:+SHA1               \
-                    +ECDHE-PSK:+AES-256-CBC:+SHA1               \
-                    +ECDHE-PSK:+ARCFOUR-128:+SHA1               \
-                    +RSA-PSK:+3DES-CBC:+SHA1                    \
-                    +RSA-PSK:+AES-256-CBC:+SHA1                 \
-                    +RSA-PSK:+AES-128-CBC:+SHA1                 \
-                    +RSA-PSK:+ARCFOUR-128:+SHA1                 \
-                    "
-            fi
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                           \
-                    TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384       \
-                    TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384  \
-                    TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256       \
-                    TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256  \
-                    TLS-ECDHE-PSK-WITH-NULL-SHA384              \
-                    TLS-ECDHE-PSK-WITH-NULL-SHA256              \
-                    TLS-PSK-WITH-AES-128-CBC-SHA256             \
-                    TLS-PSK-WITH-AES-256-CBC-SHA384             \
-                    TLS-DHE-PSK-WITH-AES-128-CBC-SHA256         \
-                    TLS-DHE-PSK-WITH-AES-256-CBC-SHA384         \
-                    TLS-PSK-WITH-NULL-SHA256                    \
-                    TLS-PSK-WITH-NULL-SHA384                    \
-                    TLS-DHE-PSK-WITH-NULL-SHA256                \
-                    TLS-DHE-PSK-WITH-NULL-SHA384                \
-                    TLS-RSA-PSK-WITH-AES-256-CBC-SHA384         \
-                    TLS-RSA-PSK-WITH-AES-128-CBC-SHA256         \
-                    TLS-RSA-PSK-WITH-NULL-SHA256                \
-                    TLS-RSA-PSK-WITH-NULL-SHA384                \
-                    TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256    \
-                    TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384    \
-                    TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256        \
-                    TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384        \
-                    TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384    \
-                    TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256    \
-                    TLS-PSK-WITH-AES-128-GCM-SHA256             \
-                    TLS-PSK-WITH-AES-256-GCM-SHA384             \
-                    TLS-DHE-PSK-WITH-AES-128-GCM-SHA256         \
-                    TLS-DHE-PSK-WITH-AES-256-GCM-SHA384         \
-                    TLS-PSK-WITH-AES-128-CCM                    \
-                    TLS-PSK-WITH-AES-256-CCM                    \
-                    TLS-DHE-PSK-WITH-AES-128-CCM                \
-                    TLS-DHE-PSK-WITH-AES-256-CCM                \
-                    TLS-PSK-WITH-AES-128-CCM-8                  \
-                    TLS-PSK-WITH-AES-256-CCM-8                  \
-                    TLS-DHE-PSK-WITH-AES-128-CCM-8              \
-                    TLS-DHE-PSK-WITH-AES-256-CCM-8              \
-                    TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256    \
-                    TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384    \
-                    TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256        \
-                    TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384        \
-                    TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256    \
-                    TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384    \
-                    TLS-RSA-PSK-WITH-AES-256-GCM-SHA384         \
-                    TLS-RSA-PSK-WITH-AES-128-GCM-SHA256         \
-                    "
-                G_CIPHERS="$G_CIPHERS                           \
-                    +ECDHE-PSK:+AES-256-CBC:+SHA384             \
-                    +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384        \
-                    +ECDHE-PSK:+AES-128-CBC:+SHA256             \
-                    +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256        \
-                    +PSK:+AES-128-CBC:+SHA256                   \
-                    +PSK:+AES-256-CBC:+SHA384                   \
-                    +DHE-PSK:+AES-128-CBC:+SHA256               \
-                    +DHE-PSK:+AES-256-CBC:+SHA384               \
-                    +RSA-PSK:+AES-256-CBC:+SHA384               \
-                    +RSA-PSK:+AES-128-CBC:+SHA256               \
-                    +DHE-PSK:+CAMELLIA-128-CBC:+SHA256          \
-                    +DHE-PSK:+CAMELLIA-256-CBC:+SHA384          \
-                    +PSK:+CAMELLIA-128-CBC:+SHA256              \
-                    +PSK:+CAMELLIA-256-CBC:+SHA384              \
-                    +RSA-PSK:+CAMELLIA-256-CBC:+SHA384          \
-                    +RSA-PSK:+CAMELLIA-128-CBC:+SHA256          \
-                    +PSK:+AES-128-GCM:+AEAD                     \
-                    +PSK:+AES-256-GCM:+AEAD                     \
-                    +DHE-PSK:+AES-128-GCM:+AEAD                 \
-                    +DHE-PSK:+AES-256-GCM:+AEAD                 \
-                    +PSK:+AES-128-CCM:+AEAD                     \
-                    +PSK:+AES-256-CCM:+AEAD                     \
-                    +DHE-PSK:+AES-128-CCM:+AEAD                 \
-                    +DHE-PSK:+AES-256-CCM:+AEAD                 \
-                    +PSK:+AES-128-CCM-8:+AEAD                   \
-                    +PSK:+AES-256-CCM-8:+AEAD                   \
-                    +DHE-PSK:+AES-128-CCM-8:+AEAD               \
-                    +DHE-PSK:+AES-256-CCM-8:+AEAD               \
-                    +RSA-PSK:+CAMELLIA-128-GCM:+AEAD            \
-                    +RSA-PSK:+CAMELLIA-256-GCM:+AEAD            \
-                    +PSK:+CAMELLIA-128-GCM:+AEAD                \
-                    +PSK:+CAMELLIA-256-GCM:+AEAD                \
-                    +DHE-PSK:+CAMELLIA-128-GCM:+AEAD            \
-                    +DHE-PSK:+CAMELLIA-256-GCM:+AEAD            \
-                    +RSA-PSK:+AES-256-GCM:+AEAD                 \
-                    +RSA-PSK:+AES-128-GCM:+AEAD                 \
-                    +ECDHE-PSK:+NULL:+SHA384                    \
-                    +ECDHE-PSK:+NULL:+SHA256                    \
-                    +PSK:+NULL:+SHA256                          \
-                    +PSK:+NULL:+SHA384                          \
-                    +DHE-PSK:+NULL:+SHA256                      \
-                    +DHE-PSK:+NULL:+SHA384                      \
-                    +RSA-PSK:+NULL:+SHA256                      \
-                    +RSA-PSK:+NULL:+SHA384                      \
-                    "
-            fi
-            ;;
-    esac
-}
-
-# Ciphersuites usable only with Mbed TLS (not currently supported by another
-# peer usable in this script). This provide only very rudimentaty testing, as
-# this is not interop testing, but it's better than nothing.
-add_mbedtls_ciphersuites()
-{
-    case $TYPE in
-
-        "ECDSA")
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256     \
-                    TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384     \
-                    "
-            fi
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256     \
-                    TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384     \
-                    TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384        \
-                    TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256        \
-                    TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384         \
-                    TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256         \
-                    TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384         \
-                    TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256         \
-                    "
-            fi
-            ;;
-
-        "RSA")
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384          \
-                    TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384            \
-                    TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256          \
-                    TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256            \
-                    TLS-RSA-WITH-ARIA-256-CBC-SHA384                \
-                    TLS-RSA-WITH-ARIA-128-CBC-SHA256                \
-                    "
-            fi
-            ;;
-
-        "PSK")
-            # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
-            M_CIPHERS="$M_CIPHERS                        \
-                TLS-PSK-WITH-NULL-SHA                    \
-                TLS-DHE-PSK-WITH-NULL-SHA                \
-                "
-            if [ `minor_ver "$MODE"` -gt 0 ]
-            then
-                M_CIPHERS="$M_CIPHERS                    \
-                    TLS-ECDHE-PSK-WITH-NULL-SHA          \
-                    TLS-RSA-PSK-WITH-NULL-SHA            \
-                    "
-            fi
-            if [ `minor_ver "$MODE"` -ge 3 ]
-            then
-                M_CIPHERS="$M_CIPHERS                               \
-                    TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384            \
-                    TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256            \
-                    TLS-PSK-WITH-ARIA-256-CBC-SHA384                \
-                    TLS-PSK-WITH-ARIA-128-CBC-SHA256                \
-                    TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384            \
-                    TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256            \
-                    TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384          \
-                    TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256          \
-                    TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384            \
-                    TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256            \
-                    TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256       \
-                    "
-            fi
-            ;;
-    esac
-}
-
-setup_arguments()
-{
-    G_MODE=""
-    case "$MODE" in
-        "ssl3")
-            G_PRIO_MODE="+VERS-SSL3.0"
-            ;;
-        "tls1")
-            G_PRIO_MODE="+VERS-TLS1.0"
-            ;;
-        "tls1_1")
-            G_PRIO_MODE="+VERS-TLS1.1"
-            ;;
-        "tls1_2")
-            G_PRIO_MODE="+VERS-TLS1.2"
-            ;;
-        "dtls1")
-            G_PRIO_MODE="+VERS-DTLS1.0"
-            G_MODE="-u"
-            ;;
-        "dtls1_2")
-            G_PRIO_MODE="+VERS-DTLS1.2"
-            G_MODE="-u"
-            ;;
-        *)
-            echo "error: invalid mode: $MODE" >&2
-            exit 1;
-    esac
-
-    # GnuTLS < 3.4 will choke if we try to allow CCM-8
-    if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then
-        G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:"
-    else
-        G_PRIO_CCM=""
-    fi
-
-    M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
-    O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
-    G_SERVER_ARGS="-p $PORT --http $G_MODE"
-    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
-
-    # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
-    if is_dtls "$MODE"; then
-        O_SERVER_ARGS="$O_SERVER_ARGS"
-    else
-        O_SERVER_ARGS="$O_SERVER_ARGS -www"
-    fi
-
-    M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
-    O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
-    G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
-    G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
-
-    if [ "X$VERIFY" = "XYES" ];
-    then
-        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
-        O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
-        G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
-
-        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
-        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
-        G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
-    else
-        # don't request a client cert at all
-        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
-        G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
-
-        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none"
-        O_CLIENT_ARGS="$O_CLIENT_ARGS"
-        G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
-    fi
-
-    case $TYPE in
-        "ECDSA")
-            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
-            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-
-            if [ "X$VERIFY" = "XYES" ]; then
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
-                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
-                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
-            else
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
-            fi
-            ;;
-
-        "RSA")
-            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
-            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
-
-            if [ "X$VERIFY" = "XYES" ]; then
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
-                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
-                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
-            else
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
-            fi
-
-            # Allow SHA-1. It's disabled by default for security reasons but
-            # our tests still use certificates signed with it.
-            M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
-            M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
-            ;;
-
-        "PSK")
-            # give RSA-PSK-capable server a RSA cert
-            # (should be a separate type, but harder to close with openssl)
-            M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
-            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
-
-            M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
-            O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
-            G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
-
-            # Allow SHA-1. It's disabled by default for security reasons but
-            # our tests still use certificates signed with it.
-            M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
-            M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
-            ;;
-    esac
-}
-
-# is_mbedtls <cmd_line>
-is_mbedtls() {
-    echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
-}
-
-# has_mem_err <log_file_name>
-has_mem_err() {
-    if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
-         grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
-    then
-        return 1 # false: does not have errors
-    else
-        return 0 # true: has errors
-    fi
-}
-
-# Wait for process $2 to be listening on port $1
-if type lsof >/dev/null 2>/dev/null; then
-    wait_server_start() {
-        START_TIME=$(date +%s)
-        if is_dtls "$MODE"; then
-            proto=UDP
-        else
-            proto=TCP
-        fi
-        while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
-              if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
-                  echo "SERVERSTART TIMEOUT"
-                  echo "SERVERSTART TIMEOUT" >> $SRV_OUT
-                  break
-              fi
-              # Linux and *BSD support decimal arguments to sleep. On other
-              # OSes this may be a tight loop.
-              sleep 0.1 2>/dev/null || true
-        done
-    }
-else
-    echo "Warning: lsof not available, wait_server_start = sleep"
-    wait_server_start() {
-        sleep 2
-    }
-fi
-
-
-# start_server <name>
-# also saves name and command
-start_server() {
-    case $1 in
-        [Oo]pen*)
-            SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS"
-            ;;
-        [Gg]nu*)
-            SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
-            ;;
-        mbed*)
-            SERVER_CMD="$M_SRV $M_SERVER_ARGS"
-            if [ "$MEMCHECK" -gt 0 ]; then
-                SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
-            fi
-            ;;
-        *)
-            echo "error: invalid server name: $1" >&2
-            exit 1
-            ;;
-    esac
-    SERVER_NAME=$1
-
-    log "$SERVER_CMD"
-    echo "$SERVER_CMD" > $SRV_OUT
-    # for servers without -www or equivalent
-    while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
-    PROCESS_ID=$!
-
-    wait_server_start "$PORT" "$PROCESS_ID"
-}
-
-# terminate the running server
-stop_server() {
-    kill $PROCESS_ID 2>/dev/null
-    wait $PROCESS_ID 2>/dev/null
-
-    if [ "$MEMCHECK" -gt 0 ]; then
-        if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then
-            echo "  ! Server had memory errors"
-            SRVMEM=$(( $SRVMEM + 1 ))
-            return
-        fi
-    fi
-
-    rm -f $SRV_OUT
-}
-
-# kill the running server (used when killed by signal)
-cleanup() {
-    rm -f $SRV_OUT $CLI_OUT
-    kill $PROCESS_ID >/dev/null 2>&1
-    kill $WATCHDOG_PID >/dev/null 2>&1
-    exit 1
-}
-
-# wait for client to terminate and set EXIT
-# must be called right after starting the client
-wait_client_done() {
-    CLI_PID=$!
-
-    ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) &
-    WATCHDOG_PID=$!
-
-    wait $CLI_PID
-    EXIT=$?
-
-    kill $WATCHDOG_PID
-    wait $WATCHDOG_PID
-
-    echo "EXIT: $EXIT" >> $CLI_OUT
-}
-
-# run_client <name> <cipher>
-run_client() {
-    # announce what we're going to do
-    TESTS=$(( $TESTS + 1 ))
-    VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
-    TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
-    TITLE="$TITLE $MODE,$VERIF $2"
-    printf "$TITLE "
-    LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
-    for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
-
-    # should we skip?
-    if [ "X$SKIP_NEXT" = "XYES" ]; then
-        SKIP_NEXT="NO"
-        echo "SKIP"
-        SKIPPED=$(( $SKIPPED + 1 ))
-        return
-    fi
-
-    # run the command and interpret result
-    case $1 in
-        [Oo]pen*)
-            CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2"
-            log "$CLIENT_CMD"
-            echo "$CLIENT_CMD" > $CLI_OUT
-            printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
-            wait_client_done
-
-            if [ $EXIT -eq 0 ]; then
-                RESULT=0
-            else
-                # If the cipher isn't supported...
-                if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
-                    RESULT=1
-                else
-                    RESULT=2
-                fi
-            fi
-            ;;
-
-        [Gg]nu*)
-            # need to force IPv4 with UDP, but keep localhost for auth
-            if is_dtls "$MODE"; then
-                G_HOST="127.0.0.1"
-            else
-                G_HOST="localhost"
-            fi
-            CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST"
-            log "$CLIENT_CMD"
-            echo "$CLIENT_CMD" > $CLI_OUT
-            printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
-            wait_client_done
-
-            if [ $EXIT -eq 0 ]; then
-                RESULT=0
-            else
-                RESULT=2
-                # interpret early failure, with a handshake_failure alert
-                # before the server hello, as "no ciphersuite in common"
-                if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then
-                    if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then :
-                    else
-                        RESULT=1
-                    fi
-                fi >/dev/null
-            fi
-            ;;
-
-        mbed*)
-            CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2"
-            if [ "$MEMCHECK" -gt 0 ]; then
-                CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
-            fi
-            log "$CLIENT_CMD"
-            echo "$CLIENT_CMD" > $CLI_OUT
-            $CLIENT_CMD >> $CLI_OUT 2>&1 &
-            wait_client_done
-
-            case $EXIT in
-                # Success
-                "0")    RESULT=0    ;;
-
-                # Ciphersuite not supported
-                "2")    RESULT=1    ;;
-
-                # Error
-                *)      RESULT=2    ;;
-            esac
-
-            if [ "$MEMCHECK" -gt 0 ]; then
-                if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then
-                    RESULT=2
-                fi
-            fi
-
-            ;;
-
-        *)
-            echo "error: invalid client name: $1" >&2
-            exit 1
-            ;;
-    esac
-
-    echo "EXIT: $EXIT" >> $CLI_OUT
-
-    # report and count result
-    case $RESULT in
-        "0")
-            echo PASS
-            ;;
-        "1")
-            echo SKIP
-            SKIPPED=$(( $SKIPPED + 1 ))
-            ;;
-        "2")
-            echo FAIL
-            cp $SRV_OUT c-srv-${TESTS}.log
-            cp $CLI_OUT c-cli-${TESTS}.log
-            echo "  ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
-
-            if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
-                echo "  ! server output:"
-                cat c-srv-${TESTS}.log
-                echo "  ! ==================================================="
-                echo "  ! client output:"
-                cat c-cli-${TESTS}.log
-            fi
-
-            FAILED=$(( $FAILED + 1 ))
-            ;;
-    esac
-
-    rm -f $CLI_OUT
-}
-
-#
-# MAIN
-#
-
-if cd $( dirname $0 ); then :; else
-    echo "cd $( dirname $0 ) failed" >&2
-    exit 1
-fi
-
-get_options "$@"
-
-# sanity checks, avoid an avalanche of errors
-if [ ! -x "$M_SRV" ]; then
-    echo "Command '$M_SRV' is not an executable file" >&2
-    exit 1
-fi
-if [ ! -x "$M_CLI" ]; then
-    echo "Command '$M_CLI' is not an executable file" >&2
-    exit 1
-fi
-
-if echo "$PEERS" | grep -i openssl > /dev/null; then
-    if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else
-        echo "Command '$OPENSSL_CMD' not found" >&2
-        exit 1
-    fi
-fi
-
-if echo "$PEERS" | grep -i gnutls > /dev/null; then
-    for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do
-        if which "$CMD" >/dev/null 2>&1; then :; else
-            echo "Command '$CMD' not found" >&2
-            exit 1
-        fi
-    done
-fi
-
-for PEER in $PEERS; do
-    case "$PEER" in
-        mbed*|[Oo]pen*|[Gg]nu*)
-            ;;
-        *)
-            echo "Unknown peers: $PEER" >&2
-            exit 1
-    esac
-done
-
-# Pick a "unique" port in the range 10000-19999.
-PORT="0000$$"
-PORT="1$(echo $PORT | tail -c 5)"
-
-# Also pick a unique name for intermediate files
-SRV_OUT="srv_out.$$"
-CLI_OUT="cli_out.$$"
-
-# client timeout delay: be more patient with valgrind
-if [ "$MEMCHECK" -gt 0 ]; then
-    DOG_DELAY=30
-else
-    DOG_DELAY=10
-fi
-
-SKIP_NEXT="NO"
-
-trap cleanup INT TERM HUP
-
-for VERIFY in $VERIFIES; do
-    for MODE in $MODES; do
-        for TYPE in $TYPES; do
-            for PEER in $PEERS; do
-
-            setup_arguments
-
-            case "$PEER" in
-
-                [Oo]pen*)
-
-                    if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
-                        continue;
-                    fi
-
-                    reset_ciphersuites
-                    add_common_ciphersuites
-                    add_openssl_ciphersuites
-                    filter_ciphersuites
-
-                    if [ "X" != "X$M_CIPHERS" ]; then
-                        start_server "OpenSSL"
-                        for i in $M_CIPHERS; do
-                            check_openssl_server_bug $i
-                            run_client mbedTLS $i
-                        done
-                        stop_server
-                    fi
-
-                    if [ "X" != "X$O_CIPHERS" ]; then
-                        start_server "mbedTLS"
-                        for i in $O_CIPHERS; do
-                            run_client OpenSSL $i
-                        done
-                        stop_server
-                    fi
-
-                    ;;
-
-                [Gg]nu*)
-
-                    reset_ciphersuites
-                    add_common_ciphersuites
-                    add_gnutls_ciphersuites
-                    filter_ciphersuites
-
-                    if [ "X" != "X$M_CIPHERS" ]; then
-                        start_server "GnuTLS"
-                        for i in $M_CIPHERS; do
-                            run_client mbedTLS $i
-                        done
-                        stop_server
-                    fi
-
-                    if [ "X" != "X$G_CIPHERS" ]; then
-                        start_server "mbedTLS"
-                        for i in $G_CIPHERS; do
-                            run_client GnuTLS $i
-                        done
-                        stop_server
-                    fi
-
-                    ;;
-
-                mbed*)
-
-                    reset_ciphersuites
-                    add_common_ciphersuites
-                    add_openssl_ciphersuites
-                    add_gnutls_ciphersuites
-                    add_mbedtls_ciphersuites
-                    filter_ciphersuites
-
-                    if [ "X" != "X$M_CIPHERS" ]; then
-                        start_server "mbedTLS"
-                        for i in $M_CIPHERS; do
-                            run_client mbedTLS $i
-                        done
-                        stop_server
-                    fi
-
-                    ;;
-
-                *)
-                    echo "Unknown peer: $PEER" >&2
-                    exit 1
-                    ;;
-
-                esac
-
-            done
-        done
-    done
-done
-
-echo "------------------------------------------------------------------------"
-
-if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ];
-then
-    printf "FAILED"
-else
-    printf "PASSED"
-fi
-
-if [ "$MEMCHECK" -gt 0 ]; then
-    MEMREPORT=", $SRVMEM server memory errors"
-else
-    MEMREPORT=""
-fi
-
-PASSED=$(( $TESTS - $FAILED ))
-echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
-
-FAILED=$(( $FAILED + $SRVMEM ))
-exit $FAILED
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 2ed32e6..aa9fc36 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -45,7 +45,9 @@
 
 test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
 	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
-all_final += test-ca.crt
+test-ca.der: test-ca.crt
+	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += test-ca.crt test-ca.der
 
 test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
 	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
@@ -783,6 +785,14 @@
 	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
 all_final += server1.req.ku-ct
 
+server1.req.key_usage_empty: server1.key
+	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
+all_final += server1.req.key_usage_empty
+
+server1.req.cert_type_empty: server1.key
+	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
+all_final += server1.req.cert_type_empty
+
 # server2*
 
 server2.req.sha256: server2.key
@@ -873,7 +883,9 @@
 
 server2.crt: server2.req.sha256
 	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
-all_final += server2.crt
+server2.der: server2.crt
+	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server2.crt server2.der
 
 server2-sha256.crt: server2.req.sha256
 	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/server1-ms.req.sha256
new file mode 100644
index 0000000..b0d9414
--- /dev/null
+++ b/tests/data_files/server1-ms.req.sha256
@@ -0,0 +1,16 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
+GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
+A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb
++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr
+eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19
+3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm
+TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF
+ox+ATHKxQ/XpRQP+2OTb9sw1kM59
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.cert_type.crt b/tests/data_files/server1.cert_type.crt
index cf384cb..fb59ab8 100644
--- a/tests/data_files/server1.cert_type.crt
+++ b/tests/data_files/server1.cert_type.crt
@@ -11,10 +11,10 @@
 bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
 o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
 BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC
-AEAwDQYJKoZIhvcNAQEFBQADggEBAEQOk5Ejgu/GsxvMo+RknXcta5Qr6MiNo1EM
-G5Xrf++aaf4Mi38p5ZxWDxQDyBmutSnuJgzO+Dxe5w/RNojFa4ri4g5Zk8zwfIcQ
-8jR6a9DJtxarxDj/UqEzaiBa5MpxsbQqbmou7X7YW9LHDzmCgzbaabyWCuGYxvmh
-lDbcISST73G+vJEeExcBHyom/GV9TNcFAGa66YV/FtABg2tiy9znmUeMnZeYkC9S
-05m6UstAU6pMdwiTpjZjovsTlAcmC76XmE/GpREhRvtGCKTb2pUi3agqsrapABmF
-EGZT9cpwkrl3cxh+jxAMEuhJLdEScDWHVsiNS5y9yxitWC4NqR4=
+BkAwDQYJKoZIhvcNAQEFBQADggEBAK1WXZYd6k7/zE2NcszT6rxNaSixPZrDYzRt
+Iz5rpH33IHkCdR956/ExCcDMqGNVtKtBdr8kw3+jzyPQhwyHVPNv4C/cgt0C89Pf
+qZLQGuEPVp1X4tzEY2Kno9c1tllLVzJdvz1mRhSb9z5CWQKNMT+8MMl3k+0NZ4LT
+NEx4gTZxYEsAGEuO/Yij9ctxp4RdSP585FXgiMC00ieMe/aJxlOIgpIhuWdu0KPP
+G5guYd4hQ9ZrGVOGdjv2cZbh4DuQOsCwU9in/e1RKFV6eMmyOdvLJ4jkTauwkGJG
+lCclZZQwzGawOiMl2OYPUia5bkaEsdE/0QW/lf36lco8CNjpUfY=
 -----END CERTIFICATE-----
diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt
index 7545e0b..0082b14 100644
--- a/tests/data_files/server1.cert_type_noauthid.crt
+++ b/tests/data_files/server1.cert_type_noauthid.crt
@@ -10,11 +10,11 @@
 lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
 bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
 oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
-BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBAJc3yZUS9X3/lb63
-Nlt8rtXC45wbWZUoOK8N55IzEJC7FrttAStq24kq9QV0qiox8m1WLA+6xVaeZaXu
-h2z3WlUlyCNaKqHEpuSYu/XQ0td6j3jCMj3VDSZGHnKgliQ9fkkt+waPVCAZldwj
-rHsZibl2Dqzb3KttKqD1VyEVOUJ+saXRDJLFdK1M9nwdWMfOg/XE0WbqfVzw9COs
-08dJ6KL7SOvXtiOVQLNv7XN/2j+wF6+IoLDdLCDByj5VtK2q2vyVk5tpDJI1S696
-dP8Zi7VbBTS9OlVC+Gw3CntDKZA8e215MNG6iBuEM2mgi4i0umo7mN8FoA1zusnE
-8mCO55Q=
+BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADggEBAGl6bYCGKvDCvfSU
+PTyaiFPNGXV98AnIG0Hu4EJjs1owBU/Yf8UdFbWJtOymR80SbzmeQ6rEIoY1oXDA
+o9Y8yRgW8t25Wmq/0DCu/5P0/L6asstLTxLG4qajClVwqDLEqZNixmq8QorAOtK1
+JngFA+A5jzc70Ikl9+Hbx/2SEMrCpo0QLSco7KDK7XpNOHbkRz2AqSm0se4jDMP1
+Cwd2UtcpctIZEbECZo6S9WrVMqIhRF1Y5FeauBA2ORvGIHohaYJ9VzYWYXIp7N8d
+QXGv+M7ffpZiERcRr8lxtboPnTXKlv1mLCEX7g+KuiJQUm4OGfTCd5VHzWM7O5Id
+b+IvZD0=
 -----END CERTIFICATE-----
diff --git a/tests/data_files/server1.der b/tests/data_files/server1.der
new file mode 100644
index 0000000..fcf45cd
--- /dev/null
+++ b/tests/data_files/server1.der
Binary files differ
diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt
index 3a678ff..b5a2532 100644
--- a/tests/data_files/server1.key_usage.crt
+++ b/tests/data_files/server1.key_usage.crt
@@ -10,11 +10,11 @@
 lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
 bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
 o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw
-DQYJKoZIhvcNAQEFBQADggEBAE4sz3ghfpolZ0rH6Q3CWIYQ1Q+aGBwQiCCBsApP
-8qZd880Kt+BiEdSsaU16S8CIMdOcHGQGB7dXK9wdTWkIqaW9I7fRPgDNDIhJoYDD
-67h1P+cEQeXT9900H173nYlM1vL9zLcnmmqEO7j8jXSpsR5mcCMPkR52RqxweLJw
-LGPeSlA+DF0WbezJc28FUgXAl8Kxm3Od40exMeicHtfgCnIykH1NEW3gXpc91nFT
-RoNRdEAIGHMX5Dd5QDlt2vlaKNXFtcx2xUXXIi71YNQybH3p6KXayPMFQzrBwoXJ
-YHevmjUaw7UH31fULa1dtd/dWmp8cCaKB4vBr0DBJPiMJMw=
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw
+DQYJKoZIhvcNAQEFBQADggEBAE6xegEHvwuQ8I4YCLX7oXmDJiDb7m2nMin+um0v
+TMqHAE3B9GvdWGUgMIEMf76ee7OMDzxfzM2vyNGemB0rn1djEv+knJBSdMQKD9X8
+tkT8cPqMHlRMYYbFFkkZEOeqeihZXQdUORao9ZSXrokYwv+Fr+PAmiUJEmkZHbA1
+Gqp6tPfGxJ2ah50Og9oAPwyND6kvE2o++Dth2evjljPCPM2Gw5kjQGw3V9CAUyUo
+KtLrtZdOeRHRCWCf3UQ/tYkG70tY/+grftrHqKB2E4qkmDiCPS9sEpa7jOGT6e4k
+jGVeZFNZZ10mD2Svr3xl/60++c7yLxrquujo8NOTCVcshfs=
 -----END CERTIFICATE-----
diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt
index 4a72ac1..c82a979 100644
--- a/tests/data_files/server1.key_usage_noauthid.crt
+++ b/tests/data_files/server1.key_usage_noauthid.crt
@@ -10,11 +10,11 @@
 lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
 bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
 ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
-BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBALqfFzzWOViKBXoFhtcc
-Ulzg1ShK20z3zeD6TL5Ss2+kMIGhvvvUMtcATIFa9LxZ//a0as1CACphxmrsqaju
-LDvnXjWLB+e7pJPQ+4XixKmA3QoQI6sduH03/4eRp/Er/+zXD7+uapz+GimiExJt
-mjW1Oz5n2Q7L9vQabqz0n9+8rM/chsfgipQSKmV0rXe/K1N4yuggh62r8kn9UaUR
-TKm6HaMIFBrZNwMy8TAc3gSq5rqbN8/ONiCBpW/LvwTnd7fFSl7yeetAbj08gpu2
-dkfYp/DK9Hs1KQFCi0u1pr9JIqFxNy6tUTO90ydq6QXj4E5yZhmitLPk5wPCozN+
-rIc=
+BgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAKuveVlnjgJIkiH6HqZk
++oGpLPxpcoMEMskzyFxTfjP4L2Mj798qydBbobyVJdH5p/sIpcHsI0xajM/dcZKS
+7b28KVwxOk+87DtwCikFT+jzWPe8fzowqsNAaKtvtDQnLYh8u2tDT1vhABwgTVAy
+aHCzs+nm3o36NPSN9K+wmI+r1KFnhjtyOQ++7M8wRRT5jrC+1tYicjsnVMu07yB5
+04C99Fa3MToilg66Jos95U3gBF5GbSfDXYtd3/etNMkUiG8FEZJlkhKbTO+4E03a
+X6+z2VojrAroYyO/F5ZlaC3/CsMQ8Zcate64nH/Lu/U78XAo8iKz5DLLOPBqodER
+z4A=
 -----END CERTIFICATE-----
diff --git a/tests/data_files/server1.req.cert_type b/tests/data_files/server1.req.cert_type
index b9b9f06..39ff3fd 100644
--- a/tests/data_files/server1.req.cert_type
+++ b/tests/data_files/server1.req.cert_type
@@ -7,11 +7,11 @@
 W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
 FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
 DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV
-MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQCMX3H6BiGP
-VRvLu8UHIhsj9WgrGDRogOMVHOrQm+0fnGyxZa2UwftSZf2qLBZ+DmJStHabXibw
-QuWA9BMVFDih5yGMhdzQC8iQQCjfYOS0sfhy7p76q89rVO0E9KAtvFH2ApbaDAck
-m1WdQvYey2rYnT1ucHGdn017Iu1CaY8qnmh7Fhuov++69eGGG4MjRVT/7Ywufjo5
-Fn+JsMhj4IonP/jwKIUBskK15MkTQhKpyl5rQK/8v+7bWlsuqhiNPSYg6rgIrjmN
-QxxzqP5NLPdlS4ksN6zcuwdq21l+li8zakjbeUvyqZb7E6vTHJaNBOp7Y7jv25gG
-5/PjwquYbKFr
+MBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBBQUAA4IBAQBErZcEaEEO
+hLbRVuB3+N5by0mogdJsatJFSgW2/VztLvQBYu0O+VmTbZwCAWejA8U+cr6uPlyf
+b4lDqj3W+XykeK9bSzoSr1yNO2VAcE74Y0ZrSz2yXMfT5R9IyKqQZspaKD8MOmYH
+BqUH9o/phnGcaEG5xeSfhM1O/YNZuGnlLDQBGwT5puHOaLfjECvs8eZLopIWEBlD
+QkRlhYqZBwhGZ8D/TxqG4teFtnBX5FG7UoSSVuneBrkREQM7ElhtD9jCWjfMnqm1
+59G84OycClwaKU7/Dm6zeMGDyFoMksBud7lyDHMhxvwSbzb1JR5v8iBsmVY2dhHt
+Ot3Fx2be0gIr
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.cert_type_empty b/tests/data_files/server1.req.cert_type_empty
new file mode 100644
index 0000000..70fd111
--- /dev/null
+++ b/tests/data_files/server1.req.cert_type_empty
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpDCCAYwCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAjMCEGCSqGSIb3DQEJDjEU
+MBIwEAYJYIZIAYb4QgEBBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBACU0LLDBIMgG
+B7gyNANHv42RovhQdzmUulqJPHNHx3v9G17F00bEykJb/r3awW6l5fhY/6oPydsY
+hnWEM6VVCUkJ6Zqm2/wE49uaNTbFd9JU4OywRBfjHHSTOGnYFg+BYSfwaIkSCkx2
+kVhyklFm7My5wkyDPpFSU2tTfgsgaQMyTm93a2kxM7qJ/X3gFDG8o7R0vyojFVSI
+mwsF9QsC6N9cygdFx23zCB0KsJ9KfmBqaTsdbKh8BsocYm5FJCw4WS/CBrCWBj+z
+N7yEJj4SR5F+P7sFc5I0HANov5wQe8E3+WxxQt8jcqIje6DlaaGja44cXOzvFQyx
+Hg/6H5EtBQc=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.key_usage b/tests/data_files/server1.req.key_usage
index 4c20eed..30e4812 100644
--- a/tests/data_files/server1.req.key_usage
+++ b/tests/data_files/server1.req.key_usage
@@ -7,11 +7,11 @@
 W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
 FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
 DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP
-MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQAIDkjGHokLINOSKAij
-DuBWyW72udNBwSmRAFYDyNoybWX+KJLFckyReF1S0YRHXWOljwxERF6htUEqIJDI
-vIzlXyV0YqHNmWEFpyRxyIllQ7X4NWnVm3zHYORx2utdy3EyNsNb4Rb/JNh6Qpqr
-27DB+frWaBYk27RPTdZz/ItZIicX8iHrAHL0aC6raQYvZfM1ybYehAh7Qx3asHKI
-XDcrbV50Kzrd0SgC4P6Z6/5C5uUL9AfcKnB2oj5VP2TM0BA6q+XRQFkJ3TO1UTLB
-lCKb9B1cIpVsT0YsOg/qptUh90zgd0x7FDa084ccwUJG73VXtHC6eioE4fbfrm5L
-9BNK
+MA0wCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4IBAQBsJ3v1Ar2X28GJsRSJ
+WRQwFQwIbR/D0cHrwTf0ZfZttClytuc18JZlwkH3EG/rNkWaFp6MKIZoRMOBuSPc
+MNvvKIo4nPaeouDPruymx0gNenlyRL3D4OZpBO/BmQIQjbUKWFbzEnEqvwvMDUnG
+8w7UjPSFcxj2HzENr62HLPKKnVpL3nDXWK1a2A77KF9aMxyoWQ6FXb2xPD9cJjdo
+c1jwskQbgosQzKKwwp5yxq0zRD3EAGw4A78mgHMfgFprq9e9azaB0JeyFG2Vn0t0
+L+vfiDEVQ3eJXSCen1kEVyHRju8g53UcSgd+JicWFboFj2/mJBuyW6yM++RGA9B5
+Zd62
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.key_usage_empty b/tests/data_files/server1.req.key_usage_empty
new file mode 100644
index 0000000..47e56bf
--- /dev/null
+++ b/tests/data_files/server1.req.key_usage_empty
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnjCCAYYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAdMBsGCSqGSIb3DQEJDjEO
+MAwwCgYDVR0PBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBAAqQ/EU/3oMt7YW4vWgm
+0Q7F4v7DrFEoVMWfBzNWhMNIijzoaWKY8jwseZMzu8aCNQlJnM7c9FJF+OCgS7L5
+0ctwzjfCOi5I5cKgqv8WpuMZWHXNtB7YtjUWIZVri/RazCncZEwJGCKQjmQYrGJm
+Qmu2+D+DWY+nEW47ZfDH9jOJtatnREjSNsKzc44L9zUaEy3bi+m455XGH+ABmeb7
+Iqmguh10xUyY6rEOFEuqvFyFr5g1eb53Rr5CQxGfw1j+2bbSh+rVb6Ehf9LAijyu
+Ygqa91hGab/CjykS6HMrD91ouWtt2Rt3zCKo4Xxe8dlAszKB4W83M9OgDVVpiCfC
+t3A=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.ku-ct b/tests/data_files/server1.req.ku-ct
index 98666d2..ebd01f5 100644
--- a/tests/data_files/server1.req.ku-ct
+++ b/tests/data_files/server1.req.ku-ct
@@ -7,11 +7,11 @@
 W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
 FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
 DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi
-MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF
-AAOCAQEAhDH3BQWViy67+9sdlrTvv0cIJ1IbogaM221MUasNIbfLi+KKfw50mzTa
-V/BCXPT+EzmOptBl+F2iZVQyr2c0nWbBZBHnykS3f0fgifm6yWVEYwJqxUC5+uxK
-bZztsHocTuqODpqYILycYkFXCcY8ZFHmz9XZorpUVTpZULW33EmLee5/BYI7whkA
-bVoSNB5tAb8kGZQffDnGkHiRfu8dbbEnkPYqm/cerN+4yCh1v1CGFh2lMn4d5p0L
-o9GvMsPM8pxdffZWZI9T0JnlHwtAJDA5G/MFYJdHzLzcHpvDA99MdNO4DMAiUyWb
-PCDL5e7mJ0lnBp8RppLBR7GEkznIQQ==
+MCAwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUF
+AAOCAQEAWUMyIXHi4BbIxOeCD/Vtu9LGV8ENMV7dwYVEQcwrt1AHahtYgUtkoGcP
+lOPqg1lbg22bu8dLPoY4HAzxCOAGs27otWL5LlE9M5QPH1RedEycmOuYrMl6K988
+hfDBJ+OkgCShcM91+udrc0gpDEI7N01A+fmukQ6EiaQjIf7HME/EKQqhEuEQMXHC
+GBvdNuEF5BfV3aAYuT+xfdXDU2ZWwXXWAHGmVh3ntnhtEG6SnXSnBATU2wa4tpBd
+KLbEbcsiy2uj0OLJlvG6LqsNggtkD58GCGpLpaVxdW80yw+f/krwLpeyocE1KGcT
+7eX+9yhLe9NIZojvevw+53dNE7BUfw==
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server2.der b/tests/data_files/server2.der
new file mode 100644
index 0000000..ec03190
--- /dev/null
+++ b/tests/data_files/server2.der
Binary files differ
diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1
index 39fc346..3281c94 100644
--- a/tests/data_files/server5.req.ku.sha1
+++ b/tests/data_files/server5.req.ku.sha1
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIIBFzCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
+MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
 BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
 QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
 Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD
-AgHAMAsGByqGSM49BAEFAANJADBGAiEA5MGFTJkpOtCV7bAx+N+t4gP3JDM9RH3W
-mIXzSpcBwvACIQDf7f9ytclwouV1DQTFSUKxExIm48H60hk3lh19i3bGOw==
+AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg
+2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca.der b/tests/data_files/test-ca.der
new file mode 100644
index 0000000..039fb9e
--- /dev/null
+++ b/tests/data_files/test-ca.der
Binary files differ
diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh
index 7407f44..86edf5a 100755
--- a/tests/git-scripts/pre-push.sh
+++ b/tests/git-scripts/pre-push.sh
@@ -46,3 +46,4 @@
 run_test ./tests/scripts/check-names.sh
 run_test ./tests/scripts/check-generated-files.sh
 run_test ./tests/scripts/check-files.py
+run_test ./tests/scripts/doxygen.sh
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 11d10a3..184e0e3 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -38,10 +38,6 @@
 #   * G++
 #   * arm-gcc and mingw-gcc
 #   * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-#   * OpenSSL and GnuTLS command line tools, recent enough for the
-#     interoperability tests. If they don't support SSLv3 then a legacy
-#     version of these tools must be present as well (search for LEGACY
-#     below).
 # See the invocation of check_tools below for details.
 #
 # This script must be invoked from the toplevel directory of a git
@@ -116,18 +112,10 @@
     CONFIG_H='include/mbedtls/config.h'
     CONFIG_BAK="$CONFIG_H.bak"
 
-    MEMORY=0
     FORCE=0
     KEEP_GOING=0
 
-    # Default commands, can be overriden by the environment
-    : ${OPENSSL:="openssl"}
-    : ${OPENSSL_LEGACY:="$OPENSSL"}
-    : ${OPENSSL_NEXT:="$OPENSSL"}
-    : ${GNUTLS_CLI:="gnutls-cli"}
-    : ${GNUTLS_SERV:="gnutls-serv"}
-    : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
-    : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
+    # Default commands, can be overridden by the environment
     : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
     : ${ARMC5_BIN_DIR:=/usr/bin}
     : ${ARMC6_BIN_DIR:=/usr/bin}
@@ -137,6 +125,9 @@
         export MAKEFLAGS="-j"
     fi
 
+    # Include more verbose output for failing tests run by CMake
+    export CTEST_OUTPUT_ON_FAILURE=1
+
     # Gather the list of available components. These are the functions
     # defined in this script whose name starts with "component_".
     # Parse the script with sed, because in sh there is no way to list
@@ -204,13 +195,6 @@
 Tool path options:
      --armc5-bin-dir=<ARMC5_bin_dir_path>       ARM Compiler 5 bin directory.
      --armc6-bin-dir=<ARMC6_bin_dir_path>       ARM Compiler 6 bin directory.
-     --gnutls-cli=<GnuTLS_cli_path>             GnuTLS client executable to use for most tests.
-     --gnutls-serv=<GnuTLS_serv_path>           GnuTLS server executable to use for most tests.
-     --gnutls-legacy-cli=<GnuTLS_cli_path>      GnuTLS client executable to use for legacy tests.
-     --gnutls-legacy-serv=<GnuTLS_serv_path>    GnuTLS server executable to use for legacy tests.
-     --openssl=<OpenSSL_path>                   OpenSSL executable to use for most tests.
-     --openssl-legacy=<OpenSSL_path>            OpenSSL executable to use for legacy tests e.g. SSLv3.
-     --openssl-next=<OpenSSL_path>              OpenSSL executable to use for recent things like ARIA
 EOF
 }
 
@@ -224,7 +208,7 @@
     command make clean
 
     # Remove CMake artefacts
-    find . -name .git -prune \
+    find . -name .git -prune -o \
            -iname CMakeFiles -exec rm -rf {} \+ -o \
            \( -iname cmake_install.cmake -o \
               -iname CTestTestfile.cmake -o \
@@ -295,7 +279,7 @@
 }
 
 check_headers_in_cpp () {
-    ls include/mbedtls >headers.txt
+    ls include/mbedtls | grep "\.h$" >headers.txt
     <programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' |
     sort |
     diff headers.txt -
@@ -307,6 +291,9 @@
     all_except=0
     no_armcc=
 
+    # Note that legacy options are ignored instead of being omitted from this
+    # list of options, so invocations that worked with previous version of
+    # all.sh will still run and work properly.
     while [ $# -gt 0 ]; do
         case "$1" in
             --armcc) no_armcc=;;
@@ -314,26 +301,26 @@
             --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
             --except) all_except=1;;
             --force|-f) FORCE=1;;
-            --gnutls-cli) shift; GNUTLS_CLI="$1";;
-            --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
-            --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
-            --gnutls-serv) shift; GNUTLS_SERV="$1";;
+            --gnutls-cli) shift;;
+            --gnutls-legacy-cli) shift;;
+            --gnutls-legacy-serv) shift;;
+            --gnutls-serv) shift;;
             --help|-h) usage; exit;;
             --keep-going|-k) KEEP_GOING=1;;
             --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
             --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
-            --memory|-m) MEMORY=1;;
+            --memory|-m) ;;
             --no-armcc) no_armcc=1;;
             --no-force) FORCE=0;;
             --no-keep-going) KEEP_GOING=0;;
-            --no-memory) MEMORY=0;;
-            --openssl) shift; OPENSSL="$1";;
-            --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
-            --openssl-next) shift; OPENSSL_NEXT="$1";;
+            --no-memory) ;;
+            --openssl) shift;;
+            --openssl-legacy) shift;;
+            --openssl-next) shift;;
             --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
-            --random-seed) unset SEED;;
-            --release-test|-r) SEED=1;;
-            --seed|-s) shift; SEED="$1";;
+            --random-seed) ;;
+            --release-test|-r) ;;
+            --seed|-s) shift;;
             -*)
                 echo >&2 "Unknown option: $1"
                 echo >&2 "Run $0 --help for usage."
@@ -390,6 +377,12 @@
     fi
 }
 
+pre_check_seedfile () {
+    if [ ! -f "./tests/seedfile" ]; then
+        dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
+    fi
+}
+
 pre_setup_keep_going () {
     failure_summary=
     failure_count=0
@@ -460,16 +453,7 @@
 
 pre_print_configuration () {
     msg "info: $0 configuration"
-    echo "MEMORY: $MEMORY"
     echo "FORCE: $FORCE"
-    echo "SEED: ${SEED-"UNSET"}"
-    echo "OPENSSL: $OPENSSL"
-    echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
-    echo "OPENSSL_NEXT: $OPENSSL_NEXT"
-    echo "GNUTLS_CLI: $GNUTLS_CLI"
-    echo "GNUTLS_SERV: $GNUTLS_SERV"
-    echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
-    echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
     echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
     echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
 }
@@ -480,30 +464,6 @@
     set env
 
     case " $RUN_COMPONENTS " in
-        # Require OpenSSL and GnuTLS if running any tests (as opposed to
-        # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
-        # is a good enough approximation in practice.
-        *" test_"*)
-            # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
-            # and ssl-opt.sh, we just export the variables they require.
-            export OPENSSL_CMD="$OPENSSL"
-            export GNUTLS_CLI="$GNUTLS_CLI"
-            export GNUTLS_SERV="$GNUTLS_SERV"
-            # Avoid passing --seed flag in every call to ssl-opt.sh
-            if [ -n "${SEED-}" ]; then
-                export SEED
-            fi
-            set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
-            set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
-            set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
-            set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
-            check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
-                        "$GNUTLS_CLI" "$GNUTLS_SERV" \
-                        "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
-            ;;
-    esac
-
-    case " $RUN_COMPONENTS " in
         *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
     esac
 
@@ -596,12 +556,6 @@
 
     msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
     make test
-
-    msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
-    if_build_succeeded tests/ssl-opt.sh
-
-    msg "test: compat.sh (ASan build)" # ~ 6 min
-    if_build_succeeded tests/compat.sh
 }
 
 component_test_ref_configs () {
@@ -610,36 +564,6 @@
     record_status tests/scripts/test-ref-configs.pl
 }
 
-component_test_sslv3 () {
-    msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
-    scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
-    make test
-
-    msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
-    if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
-    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
-
-    msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
-    if_build_succeeded tests/ssl-opt.sh
-}
-
-component_test_no_renegotiation () {
-    msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
-    scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
-    make test
-
-    msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
-    if_build_succeeded tests/ssl-opt.sh
-}
-
 component_test_rsa_no_crt () {
     msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
     scripts/config.pl set MBEDTLS_RSA_NO_CRT
@@ -648,54 +572,16 @@
 
     msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
     make test
-
-    msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
-    if_build_succeeded tests/ssl-opt.sh -f RSA
-
-    msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
-    if_build_succeeded tests/compat.sh -t RSA
 }
 
-component_test_small_ssl_out_content_len () {
-    msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
-    scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
-    scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
+component_test_new_ecdh_context () {
+    msg "build: new ECDH context (ASan build)" # ~ 6 min
+    scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
-}
-
-component_test_small_ssl_in_content_len () {
-    msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
-    scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
-    scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
-}
-
-component_test_small_ssl_dtls_max_buffering () {
-    msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
-    scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
-    if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
-}
-
-component_test_small_mbedtls_ssl_dtls_max_buffering () {
-    msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
-    scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
-    if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
+    msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
+    make test
 }
 
 component_test_full_cmake_clang () {
@@ -708,14 +594,8 @@
     msg "test: main suites (full config)" # ~ 5s
     make test
 
-    msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
-    if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
-
-    msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
-    if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
-
-    msg "test: compat.sh ARIA + ChachaPoly"
-    if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+    msg "test: psa_constant_names (full config)" # ~ 1s
+    record_status tests/scripts/test_psa_constant_names.py
 }
 
 component_build_deprecated () {
@@ -752,11 +632,6 @@
     record_status tests/scripts/depends-pkalgs.pl
 }
 
-component_build_key_exchanges () {
-    msg "test/build: key-exchanges (gcc)" # ~ 1 min
-    record_status tests/scripts/key-exchanges.pl
-}
-
 component_build_default_make_gcc_and_cxx () {
     msg "build: Unix make, -Os (gcc)" # ~ 30s
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
@@ -768,6 +643,45 @@
     make TEST_CPP=1
 }
 
+component_test_use_psa_crypto_full_cmake_asan() {
+    # MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
+    msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
+    scripts/config.pl full
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE  # restartable ECC not supported through PSA
+    scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
+    scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
+    make test
+}
+
+component_test_check_params_without_platform () {
+    msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
+    scripts/config.pl full # includes CHECK_PARAMS
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+    scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+    scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
+    scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+    scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+    scripts/config.pl unset MBEDTLS_PLATFORM_C
+    make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
+component_test_check_params_silent () {
+    msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
+    scripts/config.pl full # includes CHECK_PARAMS
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
+    make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
 component_test_no_platform () {
     # Full configuration build, without platform support, file IO and net sockets.
     # This should catch missing mbedtls_printf definitions, and by disabling file
@@ -785,8 +699,9 @@
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
     # to re-enable platform integration features otherwise disabled in C99 builds
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@@ -802,53 +717,6 @@
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
 }
 
-component_build_no_ssl_srv () {
-    msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
-    scripts/config.pl full
-    scripts/config.pl unset MBEDTLS_SSL_SRV_C
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
-}
-
-component_build_no_ssl_cli () {
-    msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
-    scripts/config.pl full
-    scripts/config.pl unset MBEDTLS_SSL_CLI_C
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
-}
-
-component_build_no_sockets () {
-    # Note, C99 compliance can also be tested with the sockets support disabled,
-    # as that requires a POSIX platform (which isn't the same as C99).
-    msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
-    scripts/config.pl full
-    scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
-    scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
-}
-
-component_test_no_max_fragment_length () {
-    # Run max fragment length tests with MFL disabled
-    msg "build: default config except MFL extension (ASan build)" # ~ 30s
-    scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: ssl-opt.sh, MFL-related tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
-}
-
-component_test_no_max_fragment_length_small_ssl_out_content_len () {
-    msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
-    scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-    scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
-    scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
-    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: MFL tests (disabled MFL extension case) & large packet tests"
-    if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
-}
-
 component_test_null_entropy () {
     msg "build: default config with  MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
     scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
@@ -953,6 +821,16 @@
     esac
 }
 
+component_test_min_mpi_window_size () {
+    msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
+    scripts/config.pl set MBEDTLS_MPI_WINDOW_SIZE 1
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
+    make test
+}
+
 component_test_have_int32 () {
     msg "build: gcc, force 32-bit bignum limbs"
     scripts/config.pl unset MBEDTLS_HAVE_ASM
@@ -1003,7 +881,8 @@
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
@@ -1022,7 +901,8 @@
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
@@ -1044,7 +924,8 @@
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
@@ -1066,7 +947,8 @@
     scripts/config.pl unset MBEDTLS_NET_C
     scripts/config.pl unset MBEDTLS_TIMING_C
     scripts/config.pl unset MBEDTLS_FS_IO
-    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
     scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.pl unset MBEDTLS_HAVE_TIME
@@ -1100,15 +982,6 @@
     armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
 }
 
-component_test_allow_sha1 () {
-    msg "build: allow SHA1 in certificates by default"
-    scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-    make CFLAGS='-Werror -Wall -Wextra'
-    msg "test: allow SHA1 in certificates by default"
-    make test
-    if_build_succeeded tests/ssl-opt.sh -f SHA-1
-}
-
 component_build_mingw () {
     msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
     make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
@@ -1131,16 +1004,6 @@
 
     msg "test: main suites (MSan)" # ~ 10s
     make test
-
-    msg "test: ssl-opt.sh (MSan)" # ~ 1 min
-    if_build_succeeded tests/ssl-opt.sh
-
-    # Optional part(s)
-
-    if [ "$MEMORY" -gt 0 ]; then
-        msg "test: compat.sh (MSan)" # ~ 6 min 20s
-        if_build_succeeded tests/compat.sh
-    fi
 }
 
 component_test_valgrind () {
@@ -1150,20 +1013,6 @@
 
     msg "test: main suites valgrind (Release)"
     make memcheck
-
-    # Optional part(s)
-    # Currently broken, programs don't seem to receive signals
-    # under valgrind on OS X
-
-    if [ "$MEMORY" -gt 0 ]; then
-        msg "test: ssl-opt.sh --memcheck (Release)"
-        if_build_succeeded tests/ssl-opt.sh --memcheck
-    fi
-
-    if [ "$MEMORY" -gt 1 ]; then
-        msg "test: compat.sh --memcheck (Release)"
-        if_build_succeeded tests/compat.sh --memcheck
-    fi
 }
 
 component_test_cmake_out_of_source () {
@@ -1176,17 +1025,7 @@
 
     msg "test: cmake 'out-of-source' build"
     make test
-    # Test an SSL option that requires an auxiliary script in test/scripts/.
-    # Also ensure that there are no error messages such as
-    # "No such file or directory", which would indicate that some required
-    # file is missing (ssl-opt.sh tolerates the absence of some files so
-    # may exit with status 0 but emit errors).
-    if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
-    if [ -s ssl-opt.err ]; then
-        cat ssl-opt.err >&2
-        record_status [ ! -s ssl-opt.err ]
-        rm ssl-opt.err
-    fi
+
     cd "$MBEDTLS_ROOT_DIR"
     rm -rf "$OUT_OF_SOURCE_DIR"
     unset MBEDTLS_ROOT_DIR
@@ -1265,6 +1104,8 @@
 pre_parse_command_line "$@"
 
 pre_check_git
+pre_check_seedfile
+
 build_status=0
 if [ $KEEP_GOING -eq 1 ]; then
     pre_setup_keep_going
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index b405871..a653001 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -14,8 +14,6 @@
 # The tests include:
 #   * Unit tests                - executed using tests/scripts/run-test-suite.pl
 #   * Self-tests                - executed using the test suites above
-#   * System tests              - executed using tests/ssl-opt.sh
-#   * Interoperability tests    - executed using tests/compat.sh
 #
 # The tests focus on functionality and do not consider performance.
 #
@@ -36,30 +34,11 @@
     exit 1
 fi
 
-: ${OPENSSL:="openssl"}
-: ${OPENSSL_LEGACY:="$OPENSSL"}
-: ${GNUTLS_CLI:="gnutls-cli"}
-: ${GNUTLS_SERV:="gnutls-serv"}
-: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
-: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
-
-# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
-# we just export the variables they require
-export OPENSSL_CMD="$OPENSSL"
-export GNUTLS_CLI="$GNUTLS_CLI"
-export GNUTLS_SERV="$GNUTLS_SERV"
-
 CONFIG_H='include/mbedtls/config.h'
 CONFIG_BAK="$CONFIG_H.bak"
 
 # Step 0 - print build environment info
-OPENSSL="$OPENSSL"                           \
-    OPENSSL_LEGACY="$OPENSSL_LEGACY"         \
-    GNUTLS_CLI="$GNUTLS_CLI"                 \
-    GNUTLS_SERV="$GNUTLS_SERV"               \
-    GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"   \
-    GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \
-    scripts/output_env.sh
+scripts/output_env.sh
 echo
 
 # Step 1 - Make and instrumented build for code coverage
@@ -76,23 +55,7 @@
 cd tests
 
 # Step 2a - Unit Tests
-perl scripts/run-test-suites.pl -v |tee unit-test-$TEST_OUTPUT
-echo
-
-# Step 2b - System Tests
-sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
-echo
-
-# Step 2c - Compatibility tests
-sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \
-    tee compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY"                               \
-    sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY"                                       \
-    GNUTLS_CLI="$GNUTLS_LEGACY_CLI"                                 \
-    GNUTLS_SERV="$GNUTLS_LEGACY_SERV"                               \
-    sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
-    tee -a compat-test-$TEST_OUTPUT
+perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
 echo
 
 # Step 3 - Process the coverage report
@@ -130,49 +93,6 @@
 TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
 TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS))
 
-# Step 4b - TLS Options tests
-echo "TLS Options tests - tests/ssl-opt.sh"
-
-PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
-SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p')
-TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p')
-FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS))
-
-echo "Passed             : $PASSED_TESTS"
-echo "Failed             : $FAILED_TESTS"
-echo "Skipped            : $SKIPPED_TESTS"
-echo "Total exec'd tests : $TOTAL_TESTS"
-echo "Total avail tests  : $(($TOTAL_TESTS + $SKIPPED_TESTS))"
-echo
-
-TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
-TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
-TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
-TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS))
-TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS))
-
-
-# Step 4c - System Compatibility tests
-echo "System/Compatibility tests - tests/compat.sh"
-
-PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS))
-
-echo "Passed             : $PASSED_TESTS"
-echo "Failed             : $FAILED_TESTS"
-echo "Skipped            : $SKIPPED_TESTS"
-echo "Total exec'd tests : $EXED_TESTS"
-echo "Total avail tests  : $(($EXED_TESTS + $SKIPPED_TESTS))"
-echo
-
-TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
-TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
-TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
-TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS))
-TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS))
-
 
 # Step 4d - Grand totals
 echo "-------------------------------------------------------------------------"
@@ -206,8 +126,6 @@
 
 
 rm unit-test-$TEST_OUTPUT
-rm sys-test-$TEST_OUTPUT
-rm compat-test-$TEST_OUTPUT
 rm cov-$TEST_OUTPUT
 
 cd ..
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index ed67872..005a077 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -43,11 +43,14 @@
             for i, line in enumerate(iter(f.readline, b"")):
                 self.check_file_line(filepath, line, i + 1)
 
+    def record_issue(self, filepath, line_number):
+        if filepath not in self.files_with_issues.keys():
+            self.files_with_issues[filepath] = []
+        self.files_with_issues[filepath].append(line_number)
+
     def check_file_line(self, filepath, line, line_number):
         if self.issue_with_line(line):
-            if filepath not in self.files_with_issues.keys():
-                self.files_with_issues[filepath] = []
-            self.files_with_issues[filepath].append(line_number)
+            self.record_issue(filepath, line_number)
 
     def output_file_issues(self, logger):
         if self.files_with_issues.values():
@@ -132,13 +135,36 @@
         return b"\t" in line
 
 
+class MergeArtifactIssueTracker(IssueTracker):
+
+    def __init__(self):
+        super().__init__()
+        self.heading = "Merge artifact:"
+
+    def issue_with_line(self, filepath, line):
+        # Detect leftover git conflict markers.
+        if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '):
+            return True
+        if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3
+            return True
+        if line.rstrip(b'\r\n') == b'=======' and \
+           not filepath.endswith('.md'):
+            return True
+        return False
+
+    def check_file_line(self, filepath, line, line_number):
+        if self.issue_with_line(filepath, line):
+            self.record_issue(filepath, line_number)
+
 class TodoIssueTracker(IssueTracker):
 
     def __init__(self):
         super().__init__()
         self.heading = "TODO present:"
         self.files_exemptions = [
-            __file__, "benchmark.c", "pull_request_template.md"
+            os.path.basename(__file__),
+            "benchmark.c",
+            "pull_request_template.md",
         ]
 
     def issue_with_line(self, line):
@@ -167,6 +193,7 @@
             LineEndingIssueTracker(),
             TrailingWhitespaceIssueTracker(),
             TabIssueTracker(),
+            MergeArtifactIssueTracker(),
             TodoIssueTracker(),
         ]
 
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 4976bac..f41e465 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -65,5 +65,6 @@
 }
 
 check scripts/generate_errors.pl library/error.c
+check scripts/generate_query_config.pl programs/test/query_config.c
 check scripts/generate_features.pl library/version_features.c
 check scripts/generate_visualc_files.pl visualc/VS2010
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index ce6f88c..1258024 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -184,7 +184,13 @@
 END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
 
 DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)'
-C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*$'
+C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*'
+CONDITION_OPERATOR_REGEX = r'[!=]=|[<>]=?'
+# forbid 0ddd which might be accidentally octal or accidentally decimal
+CONDITION_VALUE_REGEX = r'[-+]?(0x[0-9a-f]+|0|[1-9][0-9]*)'
+CONDITION_REGEX = r'({})(?:\s*({})\s*({}))?$'.format(C_IDENTIFIER_REGEX,
+                                                     CONDITION_OPERATOR_REGEX,
+                                                     CONDITION_VALUE_REGEX)
 TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
 INT_CHECK_REGEX = r'int\s+.*'
 CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
@@ -383,7 +389,7 @@
     :return: input dependency stripped of leading & trailing white spaces.
     """
     dependency = dependency.strip()
-    if not re.match(C_IDENTIFIER_REGEX, dependency, re.I):
+    if not re.match(CONDITION_REGEX, dependency, re.I):
         raise GeneratorInputError('Invalid dependency %s' % dependency)
     return dependency
 
@@ -733,16 +739,27 @@
     _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
     if not dep:
         raise GeneratorInputError("Dependency should not be an empty string.")
+
+    dependency = re.match(CONDITION_REGEX, dep, re.I)
+    if not dependency:
+        raise GeneratorInputError('Invalid dependency %s' % dep)
+
+    _defined = '' if dependency.group(2) else 'defined'
+    _cond = dependency.group(2) if dependency.group(2) else ''
+    _value = dependency.group(3) if dependency.group(3) else ''
+
     dep_check = '''
         case {id}:
             {{
-#if {_not}defined({macro})
+#if {_not}{_defined}({macro}{_cond}{_value})
                 ret = DEPENDENCY_SUPPORTED;
 #else
                 ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
             }}
-            break;'''.format(_not=_not, macro=dep, id=dep_id)
+            break;'''.format(_not=_not, _defined=_defined,
+                             macro=dependency.group(1), id=dep_id,
+                             _cond=_cond, _value=_value)
     return dep_check
 
 
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
deleted file mode 100755
index 3bf7ae3..0000000
--- a/tests/scripts/key-exchanges.pl
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/env perl
-
-# key-exchanges.pl
-#
-# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# To test the code dependencies on individual key exchanges in the SSL module.
-# is a verification step to ensure we don't ship SSL code that do not work
-# for some build options.
-#
-# The process is:
-#       for each possible key exchange
-#           build the library with all but that key exchange disabled
-#
-# Usage: tests/scripts/key-exchanges.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/config.h';
-my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
-    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
-    # use an exit code between 1 and 124 for git bisect (die returns 255)
-    warn $_[0];
-    exit 1;
-}
-
-for my $kex (@kexes) {
-    system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
-    system( "make clean" ) and die;
-
-    print "\n******************************************\n";
-    print "* Testing with key exchange: $kex\n";
-    print "******************************************\n";
-
-    # full config with all key exchanges disabled except one
-    system( "scripts/config.pl full" ) and abort "Failed config full\n";
-    for my $k (@kexes) {
-        next if $k eq $kex;
-        system( "scripts/config.pl unset $k" )
-            and abort "Failed to disable $k\n";
-    }
-
-    system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 8e8a89b..c702765 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -75,11 +75,10 @@
         :param split_char: Split character
         :return: List of splits
         """
+        split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
         if len(split_char) > 1:
             raise ValueError('Expected split character. Found string!')
-        out = re.sub(r'(\\.)|' + split_char,
-                     lambda m: m.group(1) or '\n', inp_str,
-                     len(inp_str)).split('\n')
+        out = map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str))
         out = [x for x in out if x]
         return out
 
@@ -112,8 +111,8 @@
             args = parts[1:]
             args_count = len(args)
             if args_count % 2 != 0:
-                raise TestDataParserError("Number of test arguments should "
-                                          "be even: %s" % line)
+                err_str_fmt = "Number of test arguments({}) should be even: {}"
+                raise TestDataParserError(err_str_fmt.format(args_count, line))
             grouped_args = [(args[i * 2], args[(i * 2) + 1])
                             for i in range(len(args)/2)]
             self.tests.append((name, function_name, dependencies,
@@ -163,6 +162,7 @@
         self.tests = []
         self.test_index = -1
         self.dep_index = 0
+        self.suite_passed = True
         self.error_str = dict()
         self.error_str[self.DEPENDENCY_SUPPORTED] = \
             'DEPENDENCY_SUPPORTED'
@@ -185,7 +185,7 @@
         binary_path = self.get_config_item('image_path')
         script_dir = os.path.split(os.path.abspath(__file__))[0]
         suite_name = os.path.splitext(os.path.basename(binary_path))[0]
-        data_file = ".".join((suite_name, 'data'))
+        data_file = ".".join((suite_name, 'datax'))
         data_file = os.path.join(script_dir, '..', 'mbedtls',
                                  suite_name, data_file)
         if os.path.exists(data_file):
@@ -293,7 +293,7 @@
             name, function_id, dependencies, args = self.tests[self.test_index]
             self.run_test(name, function_id, dependencies, args)
         else:
-            self.notify_complete(True)
+            self.notify_complete(self.suite_passed)
 
     def run_test(self, name, function_id, dependencies, args):
         """
@@ -353,6 +353,8 @@
         self.log('{{__testcase_start;%s}}' % name)
         self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
                                                      int_val != 0))
+        if int_val != 0:
+            self.suite_passed = False
         self.run_next_test()
 
     @event_callback("F")
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index 431e592..0c40581 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -16,8 +16,7 @@
 
 # exclude functions that are ok:
 # - mpi_write_hlp: bounded by size of mbedtls_mpi, a compile-time constant
-# - x509_crt_verify_child: bounded by MBEDTLS_X509_MAX_INTERMEDIATE_CA
-my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
+my $known_ok = qr/mpi_write_hlp/;
 
 my $cur_name;
 my $inside;
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 6fe6abf..1c9dc1d 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -4,19 +4,24 @@
 #
 # This file is part of mbed TLS (https://tls.mbed.org)
 #
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Executes all the available test suites, and provides a basic summary of the
-# results.
-#
-# Usage: run-test-suites.pl [-v]
-#
-# Options :
-#   -v|--verbose    - Provide a pass/fail/skip breakdown per test suite and
-#                     in total
-#
+# Copyright (c) 2015-2018, ARM Limited, All Rights Reserved
+
+=head1 SYNOPSIS
+
+Execute all the test suites and print a summary of the results.
+
+ run-test-suites.pl [[-v|--verbose] [VERBOSITY]] [--skip=SUITE[...]]
+
+Options:
+
+  -v|--verbose        Print detailed failure information.
+  -v 2|--verbose=2    Print detailed failure information and summary messages.
+  -v 3|--verbose=3    Print detailed information about every test case.
+  --skip=SUITE[,SUITE...]
+                      Skip the specified SUITE(s). This option can be used
+                      multiple times.
+
+=cut
 
 use warnings;
 use strict;
@@ -24,14 +29,15 @@
 use utf8;
 use open qw(:std utf8);
 
-use constant FALSE => 0;
-use constant TRUE => 1;
+use Getopt::Long qw(:config auto_help gnu_compat);
+use Pod::Usage;
 
-my $verbose;
-my $switch = shift;
-if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) {
-    $verbose = TRUE;
-}
+my $verbose = 0;
+my @skip_patterns = ();
+GetOptions(
+           'skip=s' => \@skip_patterns,
+           'verbose|v:1' => \$verbose,
+          ) or die;
 
 # All test suites = executable files, excluding source files, debug
 # and profiling information, etc. We can't just grep {! /\./} because
@@ -40,6 +46,17 @@
 @suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
 die "$0: no test suite found\n" unless @suites;
 
+# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
+# but not "test_suite_foobar".
+my $skip_re =
+    ( '\Atest_suite_(' .
+      join('|', map {
+          s/[ ,;]/|/g; # allow any of " ,;|" as separators
+          s/\./\./g; # "." in the input means ".", not "any character"
+          $_
+      } @skip_patterns) .
+      ')(\z|\.)' );
+
 # in case test suites are linked dynamically
 $ENV{'LD_LIBRARY_PATH'} = '../library';
 $ENV{'DYLD_LIBRARY_PATH'} = '../library';
@@ -49,11 +66,28 @@
 my ($failed_suites, $total_tests_run, $failed, $suite_cases_passed,
     $suite_cases_failed, $suite_cases_skipped, $total_cases_passed,
     $total_cases_failed, $total_cases_skipped );
+my $suites_skipped = 0;
+
+sub pad_print_center {
+    my( $width, $padchar, $string ) = @_;
+    my $padlen = ( $width - length( $string ) - 2 ) / 2;
+    print $padchar x( $padlen ), " $string ", $padchar x( $padlen ), "\n";
+}
 
 for my $suite (@suites)
 {
     print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " ";
-    my $result = `$prefix$suite`;
+    if( $suite =~ /$skip_re/o ) {
+        print "SKIP\n";
+        ++$suites_skipped;
+        next;
+    }
+
+    my $command = "$prefix$suite";
+    if( $verbose ) {
+        $command .= ' -v';
+    }
+    my $result = `$command`;
 
     $suite_cases_passed = () = $result =~ /.. PASS/g;
     $suite_cases_failed = () = $result =~ /.. FAILED/g;
@@ -61,15 +95,25 @@
 
     if( $result =~ /PASSED/ ) {
         print "PASS\n";
+        if( $verbose > 2 ) {
+            pad_print_center( 72, '-', "Begin $suite" );
+            print $result;
+            pad_print_center( 72, '-', "End $suite" );
+        }
     } else {
         $failed_suites++;
         print "FAIL\n";
+        if( $verbose ) {
+            pad_print_center( 72, '-', "Begin $suite" );
+            print $result;
+            pad_print_center( 72, '-', "End $suite" );
+        }
     }
 
     my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/;
     $total_tests_run += $tests - $skipped;
 
-    if ( $verbose ) {
+    if( $verbose > 1 ) {
         print "(test cases passed:", $suite_cases_passed,
                 " failed:", $suite_cases_failed,
                 " skipped:", $suite_cases_skipped,
@@ -85,9 +129,12 @@
 
 print "-" x 72, "\n";
 print $failed_suites ? "FAILED" : "PASSED";
-printf " (%d suites, %d tests run)\n", scalar @suites, $total_tests_run;
+printf( " (%d suites, %d tests run%s)\n",
+        scalar(@suites) - $suites_skipped,
+        $total_tests_run,
+        $suites_skipped ? ", $suites_skipped suites skipped" : "" );
 
-if ( $verbose ) {
+if( $verbose > 1 ) {
     print "  test cases passed :", $total_cases_passed, "\n";
     print "             failed :", $total_cases_failed, "\n";
     print "            skipped :", $total_cases_skipped, "\n";
@@ -95,8 +142,11 @@
             "\n";
     print " of available tests :",
             ( $total_cases_passed + $total_cases_failed + $total_cases_skipped ),
-            "\n"
+            "\n";
+    if( $suites_skipped != 0 ) {
+        print "Note: $suites_skipped suites were skipped.\n";
     }
+}
 
 exit( $failed_suites ? 1 : 0 );
 
diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl
deleted file mode 100755
index 11cbf1b..0000000
--- a/tests/scripts/tcp_client.pl
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/bin/env perl
-
-# A simple TCP client that sends some data and expects a response.
-# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
-#   DATA: hex-encoded data to send to the server
-#   RESPONSE: regexp that must match the server's response
-
-use warnings;
-use strict;
-use IO::Socket::INET;
-
-# Pack hex digits into a binary string, ignoring whitespace.
-sub parse_hex {
-    my ($hex) = @_;
-    $hex =~ s/\s+//g;
-    return pack('H*', $hex);
-}
-
-## Open a TCP connection to the specified host and port.
-sub open_connection {
-    my ($host, $port) = @_;
-    my $socket = IO::Socket::INET->new(PeerAddr => $host,
-                                       PeerPort => $port,
-                                       Proto => 'tcp',
-                                       Timeout => 1);
-    die "Cannot connect to $host:$port: $!" unless $socket;
-    return $socket;
-}
-
-## Close the TCP connection.
-sub close_connection {
-    my ($connection) = @_;
-    $connection->shutdown(2);
-    # Ignore shutdown failures (at least for now)
-    return 1;
-}
-
-## Write the given data, expressed as hexadecimal
-sub write_data {
-    my ($connection, $hexdata) = @_;
-    my $data = parse_hex($hexdata);
-    my $total_sent = 0;
-    while ($total_sent < length($data)) {
-        my $sent = $connection->send($data, 0);
-        if (!defined $sent) {
-            die "Unable to send data: $!";
-        }
-        $total_sent += $sent;
-    }
-    return 1;
-}
-
-## Read a response and check it against an expected prefix
-sub read_response {
-    my ($connection, $expected_hex) = @_;
-    my $expected_data = parse_hex($expected_hex);
-    my $start_offset = 0;
-    while ($start_offset < length($expected_data)) {
-        my $actual_data;
-        my $ok = $connection->recv($actual_data, length($expected_data));
-        if (!defined $ok) {
-            die "Unable to receive data: $!";
-        }
-        if (($actual_data ^ substr($expected_data, $start_offset)) =~ /[^\000]/) {
-            printf STDERR ("Received \\x%02x instead of \\x%02x at offset %d\n",
-                           ord(substr($actual_data, $-[0], 1)),
-                           ord(substr($expected_data, $start_offset + $-[0], 1)),
-                           $start_offset + $-[0]);
-            return 0;
-        }
-        $start_offset += length($actual_data);
-    }
-    return 1;
-}
-
-if (@ARGV != 4) {
-    print STDERR "Usage: $0 HOSTNAME PORT DATA1 RESPONSE1\n";
-    exit(3);
-}
-my ($host, $port, $data1, $response1) = @ARGV;
-my $connection = open_connection($host, $port);
-write_data($connection, $data1);
-if (!read_response($connection, $response1)) {
-    exit(1);
-}
-close_connection($connection);
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index d12c4c2..56f2036 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -9,7 +9,7 @@
 # Purpose
 #
 # For each reference configuration file in the configs directory, build the
-# configuration, run the test suites and compat.sh
+# configuration and run the test suites.
 #
 # Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
 
@@ -18,20 +18,14 @@
 
 my %configs = (
     'config-default.h' => {
-        'opt' => '-f Default',
-        'compat' => '-m tls1_2 -V NO',
     },
     'config-mini-tls1_1.h' => {
-        'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
     },
     'config-suite-b.h' => {
-        'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
     },
     'config-ccm-psk-tls1_2.h' => {
-        'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
     },
     'config-thread.h' => {
-        'opt' => '-f ECJPAKE.*nolog',
     },
 );
 
@@ -75,30 +69,6 @@
 
     system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
     system( "make test" ) and abort "Failed test suite: $conf\n";
-
-    my $compat = $data->{'compat'};
-    if( $compat )
-    {
-        print "\nrunning compat.sh $compat\n";
-        system( "tests/compat.sh $compat" )
-            and abort "Failed compat.sh: $conf\n";
-    }
-    else
-    {
-        print "\nskipping compat.sh\n";
-    }
-
-    my $opt = $data->{'opt'};
-    if( $opt )
-    {
-        print "\nrunning ssl-opt.sh $opt\n";
-        system( "tests/ssl-opt.sh $opt" )
-            and abort "Failed ssl-opt.sh: $conf\n";
-    }
-    else
-    {
-        print "\nskipping ssl-opt.sh\n";
-    }
 }
 
 system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
new file mode 100755
index 0000000..cbe68b1
--- /dev/null
+++ b/tests/scripts/test_psa_constant_names.py
@@ -0,0 +1,340 @@
+#!/usr/bin/env python3
+'''Test the program psa_constant_names.
+Gather constant names from header files and test cases. Compile a C program
+to print out their numerical values, feed these numerical values to
+psa_constant_names, and check that the output is the original name.
+Return 0 if all test cases pass, 1 if the output was not always as expected,
+or 1 (with a Python backtrace) if there was an operational error.'''
+
+import argparse
+import itertools
+import os
+import platform
+import re
+import subprocess
+import sys
+import tempfile
+
+class ReadFileLineException(Exception):
+    def __init__(self, filename, line_number):
+        message = 'in {} at {}'.format(filename, line_number)
+        super(ReadFileLineException, self).__init__(message)
+        self.filename = filename
+        self.line_number = line_number
+
+class read_file_lines:
+    '''Context manager to read a text file line by line.
+with read_file_lines(filename) as lines:
+    for line in lines:
+        process(line)
+is equivalent to
+with open(filename, 'r') as input_file:
+    for line in input_file:
+        process(line)
+except that if process(line) raises an exception, then the read_file_lines
+snippet annotates the exception with the file name and line number.'''
+    def __init__(self, filename):
+        self.filename = filename
+        self.line_number = 'entry'
+    def __enter__(self):
+        self.generator = enumerate(open(self.filename, 'r'))
+        return self
+    def __iter__(self):
+        for line_number, content in self.generator:
+            self.line_number = line_number
+            yield content
+        self.line_number = 'exit'
+    def __exit__(self, type, value, traceback):
+        if type is not None:
+            raise ReadFileLineException(self.filename, self.line_number) \
+                from value
+
+class Inputs:
+    '''Accumulate information about macros to test.
+This includes macro names as well as information about their arguments
+when applicable.'''
+    def __init__(self):
+        # Sets of names per type
+        self.statuses = set(['PSA_SUCCESS'])
+        self.algorithms = set(['0xffffffff'])
+        self.ecc_curves = set(['0xffff'])
+        self.dh_groups = set(['0xffff'])
+        self.key_types = set(['0xffffffff'])
+        self.key_usage_flags = set(['0x80000000'])
+        # Hard-coded value for unknown algorithms
+        self.hash_algorithms = set(['0x010000fe'])
+        self.mac_algorithms = set(['0x02ff00ff'])
+        self.ka_algorithms = set(['0x30fc0000'])
+        self.kdf_algorithms = set(['0x200000ff'])
+        # For AEAD algorithms, the only variability is over the tag length,
+        # and this only applies to known algorithms, so don't test an
+        # unknown algorithm.
+        self.aead_algorithms = set()
+        # Identifier prefixes
+        self.table_by_prefix = {
+            'ERROR': self.statuses,
+            'ALG': self.algorithms,
+            'CURVE': self.ecc_curves,
+            'GROUP': self.dh_groups,
+            'KEY_TYPE': self.key_types,
+            'KEY_USAGE': self.key_usage_flags,
+        }
+        # macro name -> list of argument names
+        self.argspecs = {}
+        # argument name -> list of values
+        self.arguments_for = {
+            'mac_length': ['1', '63'],
+            'tag_length': ['1', '63'],
+        }
+
+    def gather_arguments(self):
+        '''Populate the list of values for macro arguments.
+Call this after parsing all the inputs.'''
+        self.arguments_for['hash_alg'] = sorted(self.hash_algorithms)
+        self.arguments_for['mac_alg'] = sorted(self.mac_algorithms)
+        self.arguments_for['ka_alg'] = sorted(self.ka_algorithms)
+        self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
+        self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
+        self.arguments_for['curve'] = sorted(self.ecc_curves)
+        self.arguments_for['group'] = sorted(self.dh_groups)
+
+    def format_arguments(self, name, arguments):
+        '''Format a macro call with arguments..'''
+        return name + '(' + ', '.join(arguments) + ')'
+
+    def distribute_arguments(self, name):
+        '''Generate macro calls with each tested argument set.
+If name is a macro without arguments, just yield "name".
+If name is a macro with arguments, yield a series of "name(arg1,...,argN)"
+where each argument takes each possible value at least once.'''
+        try:
+            if name not in self.argspecs:
+                yield name
+                return
+            argspec = self.argspecs[name]
+            if argspec == []:
+                yield name + '()'
+                return
+            argument_lists = [self.arguments_for[arg] for arg in argspec]
+            arguments = [values[0] for values in argument_lists]
+            yield self.format_arguments(name, arguments)
+            for i in range(len(arguments)):
+                for value in argument_lists[i][1:]:
+                    arguments[i] = value
+                    yield self.format_arguments(name, arguments)
+                arguments[i] = argument_lists[0][0]
+        except BaseException as e:
+            raise Exception('distribute_arguments({})'.format(name)) from e
+
+    # Regex for interesting header lines.
+    # Groups: 1=macro name, 2=type, 3=argument list (optional).
+    header_line_re = \
+        re.compile(r'#define +' +
+                   r'(PSA_((?:KEY_)?[A-Z]+)_\w+)' +
+                   r'(?:\(([^\n()]*)\))?')
+    # Regex of macro names to exclude.
+    excluded_name_re = re.compile('_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
+    # Additional excluded macros.
+    # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
+    # currently doesn't support them. Deprecated errors are also excluded.
+    excluded_names = set(['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
+                          'PSA_ALG_FULL_LENGTH_MAC',
+                          'PSA_ALG_ECDH',
+                          'PSA_ALG_FFDH',
+                          'PSA_ERROR_UNKNOWN_ERROR',
+                          'PSA_ERROR_OCCUPIED_SLOT',
+                          'PSA_ERROR_EMPTY_SLOT',
+                          'PSA_ERROR_INSUFFICIENT_CAPACITY',
+                          ])
+    argument_split_re = re.compile(r' *, *')
+    def parse_header_line(self, line):
+        '''Parse a C header line, looking for "#define PSA_xxx".'''
+        m = re.match(self.header_line_re, line)
+        if not m:
+            return
+        name = m.group(1)
+        if re.search(self.excluded_name_re, name) or \
+           name in self.excluded_names:
+            return
+        dest = self.table_by_prefix.get(m.group(2))
+        if dest is None:
+            return
+        dest.add(name)
+        if m.group(3):
+            self.argspecs[name] = re.split(self.argument_split_re, m.group(3))
+
+    def parse_header(self, filename):
+        '''Parse a C header file, looking for "#define PSA_xxx".'''
+        with read_file_lines(filename) as lines:
+            for line in lines:
+                self.parse_header_line(line)
+
+    def add_test_case_line(self, function, argument):
+        '''Parse a test case data line, looking for algorithm metadata tests.'''
+        if function.endswith('_algorithm'):
+            # As above, ECDH and FFDH algorithms are excluded for now.
+            # Support for them will be added in the future.
+            if 'ECDH' in argument or 'FFDH' in argument:
+                return
+            self.algorithms.add(argument)
+            if function == 'hash_algorithm':
+                self.hash_algorithms.add(argument)
+            elif function in ['mac_algorithm', 'hmac_algorithm']:
+                self.mac_algorithms.add(argument)
+            elif function == 'aead_algorithm':
+                self.aead_algorithms.add(argument)
+        elif function == 'key_type':
+            self.key_types.add(argument)
+        elif function == 'ecc_key_types':
+            self.ecc_curves.add(argument)
+        elif function == 'dh_key_types':
+            self.dh_groups.add(argument)
+
+    # Regex matching a *.data line containing a test function call and
+    # its arguments. The actual definition is partly positional, but this
+    # regex is good enough in practice.
+    test_case_line_re = re.compile('(?!depends_on:)(\w+):([^\n :][^:\n]*)')
+    def parse_test_cases(self, filename):
+        '''Parse a test case file (*.data), looking for algorithm metadata tests.'''
+        with read_file_lines(filename) as lines:
+            for line in lines:
+                m = re.match(self.test_case_line_re, line)
+                if m:
+                    self.add_test_case_line(m.group(1), m.group(2))
+
+def gather_inputs(headers, test_suites):
+    '''Read the list of inputs to test psa_constant_names with.'''
+    inputs = Inputs()
+    for header in headers:
+        inputs.parse_header(header)
+    for test_cases in test_suites:
+        inputs.parse_test_cases(test_cases)
+    inputs.gather_arguments()
+    return inputs
+
+def remove_file_if_exists(filename):
+    '''Remove the specified file, ignoring errors.'''
+    if not filename:
+        return
+    try:
+        os.remove(filename)
+    except:
+        pass
+
+def run_c(options, type, names):
+    '''Generate and run a program to print out numerical values for names.'''
+    if type == 'status':
+        cast_to = 'long'
+        printf_format = '%ld'
+    else:
+        cast_to = 'unsigned long'
+        printf_format = '0x%08lx'
+    c_name = None
+    exe_name = None
+    try:
+        c_fd, c_name = tempfile.mkstemp(prefix='tmp-{}-'.format(type),
+                                        suffix='.c',
+                                        dir='programs/psa')
+        exe_suffix = '.exe' if platform.system() == 'Windows' else ''
+        exe_name = c_name[:-2] + exe_suffix
+        remove_file_if_exists(exe_name)
+        c_file = os.fdopen(c_fd, 'w', encoding='ascii')
+        c_file.write('/* Generated by test_psa_constant_names.py for {} values */'
+                     .format(type))
+        c_file.write('''
+#include <stdio.h>
+#include <psa/crypto.h>
+int main(void)
+{
+''')
+        for name in names:
+            c_file.write('    printf("{}\\n", ({}) {});\n'
+                         .format(printf_format, cast_to, name))
+        c_file.write('''    return 0;
+}
+''')
+        c_file.close()
+        cc = os.getenv('CC', 'cc')
+        subprocess.check_call([cc] +
+                              ['-I' + dir for dir in options.include] +
+                              ['-o', exe_name, c_name])
+        if options.keep_c:
+            sys.stderr.write('List of {} tests kept at {}\n'
+                             .format(type, c_name))
+        else:
+            os.remove(c_name)
+        output = subprocess.check_output([exe_name])
+        return output.decode('ascii').strip().split('\n')
+    finally:
+        remove_file_if_exists(exe_name)
+
+normalize_strip_re = re.compile(r'\s+')
+def normalize(expr):
+    '''Normalize the C expression so as not to care about trivial differences.
+Currently "trivial differences" means whitespace.'''
+    expr = re.sub(normalize_strip_re, '', expr, len(expr))
+    return expr.strip().split('\n')
+
+def do_test(options, inputs, type, names):
+    '''Test psa_constant_names for the specified type.
+Run program on names.
+Use inputs to figure out what arguments to pass to macros that take arguments.'''
+    names = sorted(itertools.chain(*map(inputs.distribute_arguments, names)))
+    values = run_c(options, type, names)
+    output = subprocess.check_output([options.program, type] + values)
+    outputs = output.decode('ascii').strip().split('\n')
+    errors = [(type, name, value, output)
+              for (name, value, output) in zip(names, values, outputs)
+              if normalize(name) != normalize(output)]
+    return len(names), errors
+
+def report_errors(errors):
+    '''Describe each case where the output is not as expected.'''
+    for type, name, value, output in errors:
+        print('For {} "{}", got "{}" (value: {})'
+              .format(type, name, output, value))
+
+def run_tests(options, inputs):
+    '''Run psa_constant_names on all the gathered inputs.
+Return a tuple (count, errors) where count is the total number of inputs
+that were tested and errors is the list of cases where the output was
+not as expected.'''
+    count = 0
+    errors = []
+    for type, names in [('status', inputs.statuses),
+                        ('algorithm', inputs.algorithms),
+                        ('ecc_curve', inputs.ecc_curves),
+                        ('dh_group', inputs.dh_groups),
+                        ('key_type', inputs.key_types),
+                        ('key_usage', inputs.key_usage_flags)]:
+        c, e = do_test(options, inputs, type, names)
+        count += c
+        errors += e
+    return count, errors
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description=globals()['__doc__'])
+    parser.add_argument('--include', '-I',
+                        action='append', default=['include'],
+                        help='Directory for header files')
+    parser.add_argument('--program',
+                        default='programs/psa/psa_constant_names',
+                        help='Program to test')
+    parser.add_argument('--keep-c',
+                        action='store_true', dest='keep_c', default=False,
+                        help='Keep the intermediate C file')
+    parser.add_argument('--no-keep-c',
+                        action='store_false', dest='keep_c',
+                        help='Don\'t keep the intermediate C file (default)')
+    options = parser.parse_args()
+    headers = [os.path.join(options.include[0], 'psa', h)
+               for h in ['crypto.h', 'crypto_extra.h', 'crypto_values.h']]
+    test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
+    inputs = gather_inputs(headers, test_suites)
+    count, errors = run_tests(options, inputs)
+    report_errors(errors)
+    if errors == []:
+        print('{} test cases PASS'.format(count))
+    else:
+        print('{} test cases, {} FAIL'.format(count, len(errors)))
+        exit(1)
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index 2f995d2..c929c88 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb
@@ -17,7 +17,7 @@
 # seem to be a mechanism to reliably check whether the zeroize calls are being
 # eliminated by compiler optimizations from within the compiled program. The
 # problem is that a compiler would typically remove what it considers to be
-# "unecessary" assignments as part of redundant code elimination. To identify
+# "unnecessary" assignments as part of redundant code elimination. To identify
 # such code, the compilar will create some form dependency graph between
 # reads and writes to variables (among other situations). It will then use this
 # data structure to remove redundant code that does not have an impact on the
diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh
deleted file mode 100755
index 9866ca7..0000000
--- a/tests/scripts/travis-log-failure.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# travis-log-failure.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# List the server and client logs on failed ssl-opt.sh and compat.sh tests.
-# This script is used to make the logs show up in the Travis test results.
-#
-# Some of the logs can be very long: this means usually a couple of megabytes
-# but it can be much more. For example, the client log of test 273 in ssl-opt.sh
-# is more than 630 Megabytes long.
-
-if [ -d include/mbedtls ]; then :; else
-    echo "$0: must be run from root" >&2
-    exit 1
-fi
-
-FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log"
-MAX_LOG_SIZE=1048576
-
-for PATTERN in $FILES; do
-    for LOG in $( ls tests/$PATTERN 2>/dev/null ); do
-        echo
-        echo "****** BEGIN file: $LOG ******"
-        echo
-        tail -c $MAX_LOG_SIZE $LOG
-        echo "****** END file: $LOG ******"
-        echo
-        rm $LOG
-    done
-done
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
deleted file mode 100755
index 26830fe..0000000
--- a/tests/ssl-opt.sh
+++ /dev/null
@@ -1,7639 +0,0 @@
-#!/bin/sh
-
-# ssl-opt.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Executes tests to prove various TLS/SSL options and extensions.
-#
-# The goal is not to cover every ciphersuite/version, but instead to cover
-# specific options (max fragment length, truncated hmac, etc) or procedures
-# (session resumption from cache or ticket, renego, etc).
-#
-# The tests assume a build with default options, with exceptions expressed
-# with a dependency.  The tests focus on functionality and do not consider
-# performance.
-#
-
-set -u
-
-if cd $( dirname $0 ); then :; else
-    echo "cd $( dirname $0 ) failed" >&2
-    exit 1
-fi
-
-# default values, can be overriden by the environment
-: ${P_SRV:=../programs/ssl/ssl_server2}
-: ${P_CLI:=../programs/ssl/ssl_client2}
-: ${P_PXY:=../programs/test/udp_proxy}
-: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
-: ${GNUTLS_CLI:=gnutls-cli}
-: ${GNUTLS_SERV:=gnutls-serv}
-: ${PERL:=perl}
-
-O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
-O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
-G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
-TCP_CLIENT="$PERL scripts/tcp_client.pl"
-
-# alternative versions of OpenSSL and GnuTLS (no default path)
-
-if [ -n "${OPENSSL_LEGACY:-}" ]; then
-    O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
-    O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
-else
-    O_LEGACY_SRV=false
-    O_LEGACY_CLI=false
-fi
-
-if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
-    G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-else
-    G_NEXT_SRV=false
-fi
-
-if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
-    G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
-else
-    G_NEXT_CLI=false
-fi
-
-TESTS=0
-FAILS=0
-SKIPS=0
-
-CONFIG_H='../include/mbedtls/config.h'
-
-MEMCHECK=0
-FILTER='.*'
-EXCLUDE='^$'
-
-SHOW_TEST_NUMBER=0
-RUN_TEST_NUMBER=''
-
-PRESERVE_LOGS=0
-
-# Pick a "unique" server port in the range 10000-19999, and a proxy
-# port which is this plus 10000. Each port number may be independently
-# overridden by a command line option.
-SRV_PORT=$(($$ % 10000 + 10000))
-PXY_PORT=$((SRV_PORT + 10000))
-
-print_usage() {
-    echo "Usage: $0 [options]"
-    printf "  -h|--help\tPrint this help.\n"
-    printf "  -m|--memcheck\tCheck memory leaks and errors.\n"
-    printf "  -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n"
-    printf "  -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n"
-    printf "  -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
-    printf "  -s|--show-numbers\tShow test numbers in front of test names\n"
-    printf "  -p|--preserve-logs\tPreserve logs of successful tests as well\n"
-    printf "     --port\tTCP/UDP port (default: randomish 1xxxx)\n"
-    printf "     --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n"
-    printf "     --seed\tInteger seed value to use for this test run\n"
-}
-
-get_options() {
-    while [ $# -gt 0 ]; do
-        case "$1" in
-            -f|--filter)
-                shift; FILTER=$1
-                ;;
-            -e|--exclude)
-                shift; EXCLUDE=$1
-                ;;
-            -m|--memcheck)
-                MEMCHECK=1
-                ;;
-            -n|--number)
-                shift; RUN_TEST_NUMBER=$1
-                ;;
-            -s|--show-numbers)
-                SHOW_TEST_NUMBER=1
-                ;;
-            -p|--preserve-logs)
-                PRESERVE_LOGS=1
-                ;;
-            --port)
-                shift; SRV_PORT=$1
-                ;;
-            --proxy-port)
-                shift; PXY_PORT=$1
-                ;;
-            --seed)
-                shift; SEED="$1"
-                ;;
-            -h|--help)
-                print_usage
-                exit 0
-                ;;
-            *)
-                echo "Unknown argument: '$1'"
-                print_usage
-                exit 1
-                ;;
-        esac
-        shift
-    done
-}
-
-# Skip next test; use this macro to skip tests which are legitimate
-# in theory and expected to be re-introduced at some point, but
-# aren't expected to succeed at the moment due to problems outside
-# our control (such as bugs in other TLS implementations).
-skip_next_test() {
-    SKIP_NEXT="YES"
-}
-
-# skip next test if the flag is not enabled in config.h
-requires_config_enabled() {
-    if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip next test if the flag is enabled in config.h
-requires_config_disabled() {
-    if grep "^#define $1" $CONFIG_H > /dev/null; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-get_config_value_or_default() {
-    NAME="$1"
-    DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
-               sed 's/^.* \([0-9]*\)$/\1/' )
-    ../scripts/config.pl get $NAME || echo "$DEF_VAL"
-}
-
-requires_config_value_at_least() {
-    VAL=$( get_config_value_or_default "$1" )
-    if [ "$VAL" -lt "$2" ]; then
-       SKIP_NEXT="YES"
-    fi
-}
-
-requires_config_value_at_most() {
-    VAL=$( get_config_value_or_default "$1" )
-    if [ "$VAL" -gt "$2" ]; then
-       SKIP_NEXT="YES"
-    fi
-}
-
-requires_ciphersuite_enabled() {
-    if [ -z "$($P_CLI --help | grep $1)" ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip next test if OpenSSL doesn't support FALLBACK_SCSV
-requires_openssl_with_fallback_scsv() {
-    if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
-        if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null
-        then
-            OPENSSL_HAS_FBSCSV="YES"
-        else
-            OPENSSL_HAS_FBSCSV="NO"
-        fi
-    fi
-    if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip next test if GnuTLS isn't available
-requires_gnutls() {
-    if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
-        if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then
-            GNUTLS_AVAILABLE="YES"
-        else
-            GNUTLS_AVAILABLE="NO"
-        fi
-    fi
-    if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip next test if GnuTLS-next isn't available
-requires_gnutls_next() {
-    if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
-        if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
-            GNUTLS_NEXT_AVAILABLE="YES"
-        else
-            GNUTLS_NEXT_AVAILABLE="NO"
-        fi
-    fi
-    if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip next test if OpenSSL-legacy isn't available
-requires_openssl_legacy() {
-    if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
-        if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
-            OPENSSL_LEGACY_AVAILABLE="YES"
-        else
-            OPENSSL_LEGACY_AVAILABLE="NO"
-        fi
-    fi
-    if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip next test if IPv6 isn't available on this host
-requires_ipv6() {
-    if [ -z "${HAS_IPV6:-}" ]; then
-        $P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
-        SRV_PID=$!
-        sleep 1
-        kill $SRV_PID >/dev/null 2>&1
-        if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
-            HAS_IPV6="NO"
-        else
-            HAS_IPV6="YES"
-        fi
-        rm -r $SRV_OUT
-    fi
-
-    if [ "$HAS_IPV6" = "NO" ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip next test if it's i686 or uname is not available
-requires_not_i686() {
-    if [ -z "${IS_I686:-}" ]; then
-        IS_I686="YES"
-        if which "uname" >/dev/null 2>&1; then
-            if [ -z "$(uname -a | grep i686)" ]; then
-                IS_I686="NO"
-            fi
-        fi
-    fi
-    if [ "$IS_I686" = "YES" ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# Calculate the input & output maximum content lengths set in the config
-MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
-MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
-MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
-
-if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
-    MAX_CONTENT_LEN="$MAX_IN_LEN"
-fi
-if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
-    MAX_CONTENT_LEN="$MAX_OUT_LEN"
-fi
-
-# skip the next test if the SSL output buffer is less than 16KB
-requires_full_size_output_buffer() {
-    if [ "$MAX_OUT_LEN" -ne 16384 ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip the next test if valgrind is in use
-not_with_valgrind() {
-    if [ "$MEMCHECK" -gt 0 ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# skip the next test if valgrind is NOT in use
-only_with_valgrind() {
-    if [ "$MEMCHECK" -eq 0 ]; then
-        SKIP_NEXT="YES"
-    fi
-}
-
-# multiply the client timeout delay by the given factor for the next test
-client_needs_more_time() {
-    CLI_DELAY_FACTOR=$1
-}
-
-# wait for the given seconds after the client finished in the next test
-server_needs_more_time() {
-    SRV_DELAY_SECONDS=$1
-}
-
-# print_name <name>
-print_name() {
-    TESTS=$(( $TESTS + 1 ))
-    LINE=""
-
-    if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
-        LINE="$TESTS "
-    fi
-
-    LINE="$LINE$1"
-    printf "$LINE "
-    LEN=$(( 72 - `echo "$LINE" | wc -c` ))
-    for i in `seq 1 $LEN`; do printf '.'; done
-    printf ' '
-
-}
-
-# fail <message>
-fail() {
-    echo "FAIL"
-    echo "  ! $1"
-
-    mv $SRV_OUT o-srv-${TESTS}.log
-    mv $CLI_OUT o-cli-${TESTS}.log
-    if [ -n "$PXY_CMD" ]; then
-        mv $PXY_OUT o-pxy-${TESTS}.log
-    fi
-    echo "  ! outputs saved to o-XXX-${TESTS}.log"
-
-    if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
-        echo "  ! server output:"
-        cat o-srv-${TESTS}.log
-        echo "  ! ========================================================"
-        echo "  ! client output:"
-        cat o-cli-${TESTS}.log
-        if [ -n "$PXY_CMD" ]; then
-            echo "  ! ========================================================"
-            echo "  ! proxy output:"
-            cat o-pxy-${TESTS}.log
-        fi
-        echo ""
-    fi
-
-    FAILS=$(( $FAILS + 1 ))
-}
-
-# is_polar <cmd_line>
-is_polar() {
-    echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
-}
-
-# openssl s_server doesn't have -www with DTLS
-check_osrv_dtls() {
-    if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
-        NEEDS_INPUT=1
-        SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
-    else
-        NEEDS_INPUT=0
-    fi
-}
-
-# provide input to commands that need it
-provide_input() {
-    if [ $NEEDS_INPUT -eq 0 ]; then
-        return
-    fi
-
-    while true; do
-        echo "HTTP/1.0 200 OK"
-        sleep 1
-    done
-}
-
-# has_mem_err <log_file_name>
-has_mem_err() {
-    if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
-         grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
-    then
-        return 1 # false: does not have errors
-    else
-        return 0 # true: has errors
-    fi
-}
-
-# Wait for process $2 to be listening on port $1
-if type lsof >/dev/null 2>/dev/null; then
-    wait_server_start() {
-        START_TIME=$(date +%s)
-        if [ "$DTLS" -eq 1 ]; then
-            proto=UDP
-        else
-            proto=TCP
-        fi
-        # Make a tight loop, server normally takes less than 1s to start.
-        while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
-              if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
-                  echo "SERVERSTART TIMEOUT"
-                  echo "SERVERSTART TIMEOUT" >> $SRV_OUT
-                  break
-              fi
-              # Linux and *BSD support decimal arguments to sleep. On other
-              # OSes this may be a tight loop.
-              sleep 0.1 2>/dev/null || true
-        done
-    }
-else
-    echo "Warning: lsof not available, wait_server_start = sleep"
-    wait_server_start() {
-        sleep "$START_DELAY"
-    }
-fi
-
-# Given the client or server debug output, parse the unix timestamp that is
-# included in the first 4 bytes of the random bytes and check that it's within
-# acceptable bounds
-check_server_hello_time() {
-    # Extract the time from the debug (lvl 3) output of the client
-    SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")"
-    # Get the Unix timestamp for now
-    CUR_TIME=$(date +'%s')
-    THRESHOLD_IN_SECS=300
-
-    # Check if the ServerHello time was printed
-    if [ -z "$SERVER_HELLO_TIME" ]; then
-        return 1
-    fi
-
-    # Check the time in ServerHello is within acceptable bounds
-    if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then
-        # The time in ServerHello is at least 5 minutes before now
-        return 1
-    elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then
-        # The time in ServerHello is at least 5 minutes later than now
-        return 1
-    else
-        return 0
-    fi
-}
-
-# wait for client to terminate and set CLI_EXIT
-# must be called right after starting the client
-wait_client_done() {
-    CLI_PID=$!
-
-    CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR ))
-    CLI_DELAY_FACTOR=1
-
-    ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
-    DOG_PID=$!
-
-    wait $CLI_PID
-    CLI_EXIT=$?
-
-    kill $DOG_PID >/dev/null 2>&1
-    wait $DOG_PID
-
-    echo "EXIT: $CLI_EXIT" >> $CLI_OUT
-
-    sleep $SRV_DELAY_SECONDS
-    SRV_DELAY_SECONDS=0
-}
-
-# check if the given command uses dtls and sets global variable DTLS
-detect_dtls() {
-    if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
-        DTLS=1
-    else
-        DTLS=0
-    fi
-}
-
-# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
-# Options:  -s pattern  pattern that must be present in server output
-#           -c pattern  pattern that must be present in client output
-#           -u pattern  lines after pattern must be unique in client output
-#           -f call shell function on client output
-#           -S pattern  pattern that must be absent in server output
-#           -C pattern  pattern that must be absent in client output
-#           -U pattern  lines after pattern must be unique in server output
-#           -F call shell function on server output
-run_test() {
-    NAME="$1"
-    shift 1
-
-    if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
-    else
-        SKIP_NEXT="NO"
-        return
-    fi
-
-    print_name "$NAME"
-
-    # Do we only run numbered tests?
-    if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
-    elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
-    else
-        SKIP_NEXT="YES"
-    fi
-
-    # does this test use a proxy?
-    if [ "X$1" = "X-p" ]; then
-        PXY_CMD="$2"
-        shift 2
-    else
-        PXY_CMD=""
-    fi
-
-    # get commands and client output
-    SRV_CMD="$1"
-    CLI_CMD="$2"
-    CLI_EXPECT="$3"
-    shift 3
-
-    # Check if server forces ciphersuite
-    FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
-    if [ ! -z "$FORCE_CIPHERSUITE" ]; then
-       requires_ciphersuite_enabled $FORCE_CIPHERSUITE
-    fi
-
-    # Check if client forces ciphersuite
-    FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
-    if [ ! -z "$FORCE_CIPHERSUITE" ]; then
-       requires_ciphersuite_enabled $FORCE_CIPHERSUITE
-    fi
-
-    # should we skip?
-    if [ "X$SKIP_NEXT" = "XYES" ]; then
-        SKIP_NEXT="NO"
-        echo "SKIP"
-        SKIPS=$(( $SKIPS + 1 ))
-        return
-    fi
-
-    # fix client port
-    if [ -n "$PXY_CMD" ]; then
-        CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
-    else
-        CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
-    fi
-
-    # update DTLS variable
-    detect_dtls "$SRV_CMD"
-
-    # prepend valgrind to our commands if active
-    if [ "$MEMCHECK" -gt 0 ]; then
-        if is_polar "$SRV_CMD"; then
-            SRV_CMD="valgrind --leak-check=full $SRV_CMD"
-        fi
-        if is_polar "$CLI_CMD"; then
-            CLI_CMD="valgrind --leak-check=full $CLI_CMD"
-        fi
-    fi
-
-    TIMES_LEFT=2
-    while [ $TIMES_LEFT -gt 0 ]; do
-        TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
-
-        # run the commands
-        if [ -n "$PXY_CMD" ]; then
-            echo "$PXY_CMD" > $PXY_OUT
-            $PXY_CMD >> $PXY_OUT 2>&1 &
-            PXY_PID=$!
-            # assume proxy starts faster than server
-        fi
-
-        check_osrv_dtls
-        echo "$SRV_CMD" > $SRV_OUT
-        provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
-        SRV_PID=$!
-        wait_server_start "$SRV_PORT" "$SRV_PID"
-
-        echo "$CLI_CMD" > $CLI_OUT
-        eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
-        wait_client_done
-
-        sleep 0.05
-
-        # terminate the server (and the proxy)
-        kill $SRV_PID
-        wait $SRV_PID
-
-        if [ -n "$PXY_CMD" ]; then
-            kill $PXY_PID >/dev/null 2>&1
-            wait $PXY_PID
-        fi
-
-        # retry only on timeouts
-        if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
-            printf "RETRY "
-        else
-            TIMES_LEFT=0
-        fi
-    done
-
-    # check if the client and server went at least to the handshake stage
-    # (useful to avoid tests with only negative assertions and non-zero
-    # expected client exit to incorrectly succeed in case of catastrophic
-    # failure)
-    if is_polar "$SRV_CMD"; then
-        if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
-        else
-            fail "server or client failed to reach handshake stage"
-            return
-        fi
-    fi
-    if is_polar "$CLI_CMD"; then
-        if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
-        else
-            fail "server or client failed to reach handshake stage"
-            return
-        fi
-    fi
-
-    # check server exit code
-    if [ $? != 0 ]; then
-        fail "server fail"
-        return
-    fi
-
-    # check client exit code
-    if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
-         \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
-    then
-        fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
-        return
-    fi
-
-    # check other assertions
-    # lines beginning with == are added by valgrind, ignore them
-    # lines with 'Serious error when reading debug info', are valgrind issues as well
-    while [ $# -gt 0 ]
-    do
-        case $1 in
-            "-s")
-                if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
-                    fail "pattern '$2' MUST be present in the Server output"
-                    return
-                fi
-                ;;
-
-            "-c")
-                if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
-                    fail "pattern '$2' MUST be present in the Client output"
-                    return
-                fi
-                ;;
-
-            "-S")
-                if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
-                    fail "pattern '$2' MUST NOT be present in the Server output"
-                    return
-                fi
-                ;;
-
-            "-C")
-                if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
-                    fail "pattern '$2' MUST NOT be present in the Client output"
-                    return
-                fi
-                ;;
-
-                # The filtering in the following two options (-u and -U) do the following
-                #   - ignore valgrind output
-                #   - filter out everything but lines right after the pattern occurances
-                #   - keep one of each non-unique line
-                #   - count how many lines remain
-                # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
-                # if there were no duplicates.
-            "-U")
-                if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
-                    fail "lines following pattern '$2' must be unique in Server output"
-                    return
-                fi
-                ;;
-
-            "-u")
-                if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
-                    fail "lines following pattern '$2' must be unique in Client output"
-                    return
-                fi
-                ;;
-            "-F")
-                if ! $2 "$SRV_OUT"; then
-                    fail "function call to '$2' failed on Server output"
-                    return
-                fi
-                ;;
-            "-f")
-                if ! $2 "$CLI_OUT"; then
-                    fail "function call to '$2' failed on Client output"
-                    return
-                fi
-                ;;
-
-            *)
-                echo "Unknown test: $1" >&2
-                exit 1
-        esac
-        shift 2
-    done
-
-    # check valgrind's results
-    if [ "$MEMCHECK" -gt 0 ]; then
-        if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
-            fail "Server has memory errors"
-            return
-        fi
-        if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
-            fail "Client has memory errors"
-            return
-        fi
-    fi
-
-    # if we're here, everything is ok
-    echo "PASS"
-    if [ "$PRESERVE_LOGS" -gt 0 ]; then
-        mv $SRV_OUT o-srv-${TESTS}.log
-        mv $CLI_OUT o-cli-${TESTS}.log
-        if [ -n "$PXY_CMD" ]; then
-            mv $PXY_OUT o-pxy-${TESTS}.log
-        fi
-    fi
-
-    rm -f $SRV_OUT $CLI_OUT $PXY_OUT
-}
-
-run_test_psa() {
-    requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-    run_test    "PSA-supported ciphersuite: $1" \
-                "$P_SRV debug_level=1 force_version=tls1_2" \
-                "$P_CLI debug_level=1 force_version=tls1_2 force_ciphersuite=$1" \
-                0 \
-                -c "Successfully setup PSA-based decryption cipher context" \
-                -c "Successfully setup PSA-based encryption cipher context" \
-                -s "Successfully setup PSA-based decryption cipher context" \
-                -s "Successfully setup PSA-based encryption cipher context" \
-                -C "Failed to setup PSA-based cipher context"\
-                -S "Failed to setup PSA-based cipher context"\
-                -s "Protocol is TLSv1.2" \
-                -S "error" \
-                -C "error"
-}
-
-cleanup() {
-    rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
-    test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
-    test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
-    test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
-    test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1
-    exit 1
-}
-
-#
-# MAIN
-#
-
-get_options "$@"
-
-# sanity checks, avoid an avalanche of errors
-P_SRV_BIN="${P_SRV%%[  ]*}"
-P_CLI_BIN="${P_CLI%%[  ]*}"
-P_PXY_BIN="${P_PXY%%[  ]*}"
-if [ ! -x "$P_SRV_BIN" ]; then
-    echo "Command '$P_SRV_BIN' is not an executable file"
-    exit 1
-fi
-if [ ! -x "$P_CLI_BIN" ]; then
-    echo "Command '$P_CLI_BIN' is not an executable file"
-    exit 1
-fi
-if [ ! -x "$P_PXY_BIN" ]; then
-    echo "Command '$P_PXY_BIN' is not an executable file"
-    exit 1
-fi
-if [ "$MEMCHECK" -gt 0 ]; then
-    if which valgrind >/dev/null 2>&1; then :; else
-        echo "Memcheck not possible. Valgrind not found"
-        exit 1
-    fi
-fi
-if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
-    echo "Command '$OPENSSL_CMD' not found"
-    exit 1
-fi
-
-# used by watchdog
-MAIN_PID="$$"
-
-# We use somewhat arbitrary delays for tests:
-# - how long do we wait for the server to start (when lsof not available)?
-# - how long do we allow for the client to finish?
-#   (not to check performance, just to avoid waiting indefinitely)
-# Things are slower with valgrind, so give extra time here.
-#
-# Note: without lsof, there is a trade-off between the running time of this
-# script and the risk of spurious errors because we didn't wait long enough.
-# The watchdog delay on the other hand doesn't affect normal running time of
-# the script, only the case where a client or server gets stuck.
-if [ "$MEMCHECK" -gt 0 ]; then
-    START_DELAY=6
-    DOG_DELAY=60
-else
-    START_DELAY=2
-    DOG_DELAY=20
-fi
-
-# some particular tests need more time:
-# - for the client, we multiply the usual watchdog limit by a factor
-# - for the server, we sleep for a number of seconds after the client exits
-# see client_need_more_time() and server_needs_more_time()
-CLI_DELAY_FACTOR=1
-SRV_DELAY_SECONDS=0
-
-# fix commands to use this port, force IPv4 while at it
-# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
-P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
-P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
-P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
-O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
-O_CLI="$O_CLI -connect localhost:+SRV_PORT"
-G_SRV="$G_SRV -p $SRV_PORT"
-G_CLI="$G_CLI -p +SRV_PORT"
-
-if [ -n "${OPENSSL_LEGACY:-}" ]; then
-    O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
-    O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
-    G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
-    G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
-fi
-
-# Allow SHA-1, because many of our test certificates use it
-P_SRV="$P_SRV allow_sha1=1"
-P_CLI="$P_CLI allow_sha1=1"
-
-# Also pick a unique name for intermediate files
-SRV_OUT="srv_out.$$"
-CLI_OUT="cli_out.$$"
-PXY_OUT="pxy_out.$$"
-SESSION="session.$$"
-
-SKIP_NEXT="NO"
-
-trap cleanup INT TERM HUP
-
-# Basic test
-
-# Checks that:
-# - things work with all ciphersuites active (used with config-full in all.sh)
-# - the expected (highest security) parameters are selected
-#   ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
-run_test    "Default" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI" \
-            0 \
-            -s "Protocol is TLSv1.2" \
-            -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
-            -s "client hello v3, signature_algorithm ext: 6" \
-            -s "ECDHE curve: secp521r1" \
-            -S "error" \
-            -C "error"
-
-run_test    "Default, DTLS" \
-            "$P_SRV dtls=1" \
-            "$P_CLI dtls=1" \
-            0 \
-            -s "Protocol is DTLSv1.2" \
-            -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
-
-# Test using an opaque private key for client authentication
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-run_test    "Opaque key for client authentication" \
-            "$P_SRV auth_mode=required" \
-            "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
-             key_file=data_files/server5.key" \
-            0 \
-            -c "key type: Opaque" \
-            -s "Verifying peer X.509 certificate... ok" \
-            -S "error" \
-            -C "error"
-
-# Test ciphersuites which we expect to be fully supported by PSA Crypto
-# and check that we don't fall back to Mbed TLS' internal crypto primitives.
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
-run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
-
-# Test current time in ServerHello
-requires_config_enabled MBEDTLS_HAVE_TIME
-run_test    "ServerHello contains gmt_unix_time" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -f "check_server_hello_time" \
-            -F "check_server_hello_time"
-
-# Test for uniqueness of IVs in AEAD ciphersuites
-run_test    "Unique IV in GCM" \
-            "$P_SRV exchanges=20 debug_level=4" \
-            "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
-            0 \
-            -u "IV used" \
-            -U "IV used"
-
-# Tests for rc4 option
-
-requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-run_test    "RC4: server disabled, client enabled" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            1 \
-            -s "SSL - The server has no ciphersuites in common"
-
-requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-run_test    "RC4: server half, client enabled" \
-            "$P_SRV arc4=1" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            1 \
-            -s "SSL - The server has no ciphersuites in common"
-
-run_test    "RC4: server enabled, client disabled" \
-            "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI" \
-            1 \
-            -s "SSL - The server has no ciphersuites in common"
-
-run_test    "RC4: both enabled" \
-            "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - The server has no ciphersuites in common"
-
-# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test    "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
-            "$G_SRV"\
-            "$P_CLI force_version=tls1_1" \
-            0
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
-run_test    "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
-            "$G_SRV"\
-            "$P_CLI force_version=tls1" \
-            0
-
-# Tests for SHA-1 support
-
-requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test    "SHA-1 forbidden by default in server certificate" \
-            "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
-            "$P_CLI debug_level=2 allow_sha1=0" \
-            1 \
-            -c "The certificate is signed with an unacceptable hash"
-
-requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test    "SHA-1 forbidden by default in server certificate" \
-            "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
-            "$P_CLI debug_level=2 allow_sha1=0" \
-            0
-
-run_test    "SHA-1 explicitly allowed in server certificate" \
-            "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
-            "$P_CLI allow_sha1=1" \
-            0
-
-run_test    "SHA-256 allowed by default in server certificate" \
-            "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
-            "$P_CLI allow_sha1=0" \
-            0
-
-requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test    "SHA-1 forbidden by default in client certificate" \
-            "$P_SRV auth_mode=required allow_sha1=0" \
-            "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
-            1 \
-            -s "The certificate is signed with an unacceptable hash"
-
-requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-run_test    "SHA-1 forbidden by default in client certificate" \
-            "$P_SRV auth_mode=required allow_sha1=0" \
-            "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
-            0
-
-run_test    "SHA-1 explicitly allowed in client certificate" \
-            "$P_SRV auth_mode=required allow_sha1=1" \
-            "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
-            0
-
-run_test    "SHA-256 allowed by default in client certificate" \
-            "$P_SRV auth_mode=required allow_sha1=0" \
-            "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
-            0
-
-# Tests for datagram packing
-run_test    "DTLS: multiple records in same datagram, client and server" \
-            "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
-            0 \
-            -c "next record in same datagram" \
-            -s "next record in same datagram"
-
-run_test    "DTLS: multiple records in same datagram, client only" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
-            0 \
-            -s "next record in same datagram" \
-            -C "next record in same datagram"
-
-run_test    "DTLS: multiple records in same datagram, server only" \
-            "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
-            0 \
-            -S "next record in same datagram" \
-            -c "next record in same datagram"
-
-run_test    "DTLS: multiple records in same datagram, neither client nor server" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
-            0 \
-            -S "next record in same datagram" \
-            -C "next record in same datagram"
-
-# Tests for Truncated HMAC extension
-
-run_test    "Truncated HMAC: client default, server default" \
-            "$P_SRV debug_level=4" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC: client disabled, server default" \
-            "$P_SRV debug_level=4" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC: client enabled, server default" \
-            "$P_SRV debug_level=4" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC: client enabled, server disabled" \
-            "$P_SRV debug_level=4 trunc_hmac=0" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC: client disabled, server enabled" \
-            "$P_SRV debug_level=4 trunc_hmac=1" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC: client enabled, server enabled" \
-            "$P_SRV debug_level=4 trunc_hmac=1" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
-            0 \
-            -S "dumping 'expected mac' (20 bytes)" \
-            -s "dumping 'expected mac' (10 bytes)"
-
-run_test    "Truncated HMAC, DTLS: client default, server default" \
-            "$P_SRV dtls=1 debug_level=4" \
-            "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC, DTLS: client disabled, server default" \
-            "$P_SRV dtls=1 debug_level=4" \
-            "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC, DTLS: client enabled, server default" \
-            "$P_SRV dtls=1 debug_level=4" \
-            "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC, DTLS: client enabled, server disabled" \
-            "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \
-            "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC, DTLS: client disabled, server enabled" \
-            "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
-            "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
-            0 \
-            -s "dumping 'expected mac' (20 bytes)" \
-            -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Truncated HMAC, DTLS: client enabled, server enabled" \
-            "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
-            "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
-            0 \
-            -S "dumping 'expected mac' (20 bytes)" \
-            -s "dumping 'expected mac' (10 bytes)"
-
-# Tests for Encrypt-then-MAC extension
-
-run_test    "Encrypt then MAC: default" \
-            "$P_SRV debug_level=3 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -c "client hello, adding encrypt_then_mac extension" \
-            -s "found encrypt then mac extension" \
-            -s "server hello, adding encrypt then mac extension" \
-            -c "found encrypt_then_mac extension" \
-            -c "using encrypt then mac" \
-            -s "using encrypt then mac"
-
-run_test    "Encrypt then MAC: client enabled, server disabled" \
-            "$P_SRV debug_level=3 etm=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=3 etm=1" \
-            0 \
-            -c "client hello, adding encrypt_then_mac extension" \
-            -s "found encrypt then mac extension" \
-            -S "server hello, adding encrypt then mac extension" \
-            -C "found encrypt_then_mac extension" \
-            -C "using encrypt then mac" \
-            -S "using encrypt then mac"
-
-run_test    "Encrypt then MAC: client enabled, aead cipher" \
-            "$P_SRV debug_level=3 etm=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
-            "$P_CLI debug_level=3 etm=1" \
-            0 \
-            -c "client hello, adding encrypt_then_mac extension" \
-            -s "found encrypt then mac extension" \
-            -S "server hello, adding encrypt then mac extension" \
-            -C "found encrypt_then_mac extension" \
-            -C "using encrypt then mac" \
-            -S "using encrypt then mac"
-
-run_test    "Encrypt then MAC: client enabled, stream cipher" \
-            "$P_SRV debug_level=3 etm=1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "client hello, adding encrypt_then_mac extension" \
-            -s "found encrypt then mac extension" \
-            -S "server hello, adding encrypt then mac extension" \
-            -C "found encrypt_then_mac extension" \
-            -C "using encrypt then mac" \
-            -S "using encrypt then mac"
-
-run_test    "Encrypt then MAC: client disabled, server enabled" \
-            "$P_SRV debug_level=3 etm=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=3 etm=0" \
-            0 \
-            -C "client hello, adding encrypt_then_mac extension" \
-            -S "found encrypt then mac extension" \
-            -S "server hello, adding encrypt then mac extension" \
-            -C "found encrypt_then_mac extension" \
-            -C "using encrypt then mac" \
-            -S "using encrypt then mac"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Encrypt then MAC: client SSLv3, server enabled" \
-            "$P_SRV debug_level=3 min_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=3 force_version=ssl3" \
-            0 \
-            -C "client hello, adding encrypt_then_mac extension" \
-            -S "found encrypt then mac extension" \
-            -S "server hello, adding encrypt then mac extension" \
-            -C "found encrypt_then_mac extension" \
-            -C "using encrypt then mac" \
-            -S "using encrypt then mac"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Encrypt then MAC: client enabled, server SSLv3" \
-            "$P_SRV debug_level=3 force_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=3 min_version=ssl3" \
-            0 \
-            -c "client hello, adding encrypt_then_mac extension" \
-            -S "found encrypt then mac extension" \
-            -S "server hello, adding encrypt then mac extension" \
-            -C "found encrypt_then_mac extension" \
-            -C "using encrypt then mac" \
-            -S "using encrypt then mac"
-
-# Tests for Extended Master Secret extension
-
-run_test    "Extended Master Secret: default" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -c "client hello, adding extended_master_secret extension" \
-            -s "found extended master secret extension" \
-            -s "server hello, adding extended master secret extension" \
-            -c "found extended_master_secret extension" \
-            -c "using extended master secret" \
-            -s "using extended master secret"
-
-run_test    "Extended Master Secret: client enabled, server disabled" \
-            "$P_SRV debug_level=3 extended_ms=0" \
-            "$P_CLI debug_level=3 extended_ms=1" \
-            0 \
-            -c "client hello, adding extended_master_secret extension" \
-            -s "found extended master secret extension" \
-            -S "server hello, adding extended master secret extension" \
-            -C "found extended_master_secret extension" \
-            -C "using extended master secret" \
-            -S "using extended master secret"
-
-run_test    "Extended Master Secret: client disabled, server enabled" \
-            "$P_SRV debug_level=3 extended_ms=1" \
-            "$P_CLI debug_level=3 extended_ms=0" \
-            0 \
-            -C "client hello, adding extended_master_secret extension" \
-            -S "found extended master secret extension" \
-            -S "server hello, adding extended master secret extension" \
-            -C "found extended_master_secret extension" \
-            -C "using extended master secret" \
-            -S "using extended master secret"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Extended Master Secret: client SSLv3, server enabled" \
-            "$P_SRV debug_level=3 min_version=ssl3" \
-            "$P_CLI debug_level=3 force_version=ssl3" \
-            0 \
-            -C "client hello, adding extended_master_secret extension" \
-            -S "found extended master secret extension" \
-            -S "server hello, adding extended master secret extension" \
-            -C "found extended_master_secret extension" \
-            -C "using extended master secret" \
-            -S "using extended master secret"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Extended Master Secret: client enabled, server SSLv3" \
-            "$P_SRV debug_level=3 force_version=ssl3" \
-            "$P_CLI debug_level=3 min_version=ssl3" \
-            0 \
-            -c "client hello, adding extended_master_secret extension" \
-            -S "found extended master secret extension" \
-            -S "server hello, adding extended master secret extension" \
-            -C "found extended_master_secret extension" \
-            -C "using extended master secret" \
-            -S "using extended master secret"
-
-# Tests for FALLBACK_SCSV
-
-run_test    "Fallback SCSV: default" \
-            "$P_SRV debug_level=2" \
-            "$P_CLI debug_level=3 force_version=tls1_1" \
-            0 \
-            -C "adding FALLBACK_SCSV" \
-            -S "received FALLBACK_SCSV" \
-            -S "inapropriate fallback" \
-            -C "is a fatal alert message (msg 86)"
-
-run_test    "Fallback SCSV: explicitly disabled" \
-            "$P_SRV debug_level=2" \
-            "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
-            0 \
-            -C "adding FALLBACK_SCSV" \
-            -S "received FALLBACK_SCSV" \
-            -S "inapropriate fallback" \
-            -C "is a fatal alert message (msg 86)"
-
-run_test    "Fallback SCSV: enabled" \
-            "$P_SRV debug_level=2" \
-            "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
-            1 \
-            -c "adding FALLBACK_SCSV" \
-            -s "received FALLBACK_SCSV" \
-            -s "inapropriate fallback" \
-            -c "is a fatal alert message (msg 86)"
-
-run_test    "Fallback SCSV: enabled, max version" \
-            "$P_SRV debug_level=2" \
-            "$P_CLI debug_level=3 fallback=1" \
-            0 \
-            -c "adding FALLBACK_SCSV" \
-            -s "received FALLBACK_SCSV" \
-            -S "inapropriate fallback" \
-            -C "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: default, openssl server" \
-            "$O_SRV" \
-            "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
-            0 \
-            -C "adding FALLBACK_SCSV" \
-            -C "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: enabled, openssl server" \
-            "$O_SRV" \
-            "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
-            1 \
-            -c "adding FALLBACK_SCSV" \
-            -c "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: disabled, openssl client" \
-            "$P_SRV debug_level=2" \
-            "$O_CLI -tls1_1" \
-            0 \
-            -S "received FALLBACK_SCSV" \
-            -S "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: enabled, openssl client" \
-            "$P_SRV debug_level=2" \
-            "$O_CLI -tls1_1 -fallback_scsv" \
-            1 \
-            -s "received FALLBACK_SCSV" \
-            -s "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: enabled, max version, openssl client" \
-            "$P_SRV debug_level=2" \
-            "$O_CLI -fallback_scsv" \
-            0 \
-            -s "received FALLBACK_SCSV" \
-            -S "inapropriate fallback"
-
-# Test sending and receiving empty application data records
-
-run_test    "Encrypt then MAC: empty application data record" \
-            "$P_SRV auth_mode=none debug_level=4 etm=1" \
-            "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -S "0000:  0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
-            -s "dumping 'input payload after decrypt' (0 bytes)" \
-            -c "0 bytes written in 1 fragments"
-
-run_test    "Default, no Encrypt then MAC: empty application data record" \
-            "$P_SRV auth_mode=none debug_level=4 etm=0" \
-            "$P_CLI auth_mode=none etm=0 request_size=0" \
-            0 \
-            -s "dumping 'input payload after decrypt' (0 bytes)" \
-            -c "0 bytes written in 1 fragments"
-
-run_test    "Encrypt then MAC, DTLS: empty application data record" \
-            "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
-            "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
-            0 \
-            -S "0000:  0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
-            -s "dumping 'input payload after decrypt' (0 bytes)" \
-            -c "0 bytes written in 1 fragments"
-
-run_test    "Default, no Encrypt then MAC, DTLS: empty application data record" \
-            "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
-            "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
-            0 \
-            -s "dumping 'input payload after decrypt' (0 bytes)" \
-            -c "0 bytes written in 1 fragments"
-
-## ClientHello generated with
-## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
-## then manually twiddling the ciphersuite list.
-## The ClientHello content is spelled out below as a hex string as
-## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
-## The expected response is an inappropriate_fallback alert.
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: beginning of list" \
-            "$P_SRV debug_level=2" \
-            "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \
-            0 \
-            -s "received FALLBACK_SCSV" \
-            -s "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: end of list" \
-            "$P_SRV debug_level=2" \
-            "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \
-            0 \
-            -s "received FALLBACK_SCSV" \
-            -s "inapropriate fallback"
-
-## Here the expected response is a valid ServerHello prefix, up to the random.
-requires_openssl_with_fallback_scsv
-run_test    "Fallback SCSV: not in list" \
-            "$P_SRV debug_level=2" \
-            "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \
-            0 \
-            -S "received FALLBACK_SCSV" \
-            -S "inapropriate fallback"
-
-# Tests for CBC 1/n-1 record splitting
-
-run_test    "CBC Record splitting: TLS 1.2, no splitting" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
-             request_size=123 force_version=tls1_2" \
-            0 \
-            -s "Read from client: 123 bytes read" \
-            -S "Read from client: 1 bytes read" \
-            -S "122 bytes read"
-
-run_test    "CBC Record splitting: TLS 1.1, no splitting" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
-             request_size=123 force_version=tls1_1" \
-            0 \
-            -s "Read from client: 123 bytes read" \
-            -S "Read from client: 1 bytes read" \
-            -S "122 bytes read"
-
-run_test    "CBC Record splitting: TLS 1.0, splitting" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
-             request_size=123 force_version=tls1" \
-            0 \
-            -S "Read from client: 123 bytes read" \
-            -s "Read from client: 1 bytes read" \
-            -s "122 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "CBC Record splitting: SSLv3, splitting" \
-            "$P_SRV min_version=ssl3" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
-             request_size=123 force_version=ssl3" \
-            0 \
-            -S "Read from client: 123 bytes read" \
-            -s "Read from client: 1 bytes read" \
-            -s "122 bytes read"
-
-run_test    "CBC Record splitting: TLS 1.0 RC4, no splitting" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
-             request_size=123 force_version=tls1" \
-            0 \
-            -s "Read from client: 123 bytes read" \
-            -S "Read from client: 1 bytes read" \
-            -S "122 bytes read"
-
-run_test    "CBC Record splitting: TLS 1.0, splitting disabled" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
-             request_size=123 force_version=tls1 recsplit=0" \
-            0 \
-            -s "Read from client: 123 bytes read" \
-            -S "Read from client: 1 bytes read" \
-            -S "122 bytes read"
-
-run_test    "CBC Record splitting: TLS 1.0, splitting, nbio" \
-            "$P_SRV nbio=2" \
-            "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
-             request_size=123 force_version=tls1" \
-            0 \
-            -S "Read from client: 123 bytes read" \
-            -s "Read from client: 1 bytes read" \
-            -s "122 bytes read"
-
-# Tests for Session Tickets
-
-run_test    "Session resume using tickets: basic" \
-            "$P_SRV debug_level=3 tickets=1" \
-            "$P_CLI debug_level=3 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -S "session successfully restored from cache" \
-            -s "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using tickets: cache disabled" \
-            "$P_SRV debug_level=3 tickets=1 cache_max=0" \
-            "$P_CLI debug_level=3 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -S "session successfully restored from cache" \
-            -s "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using tickets: timeout" \
-            "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
-            "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -S "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -S "a session has been resumed" \
-            -C "a session has been resumed"
-
-run_test    "Session resume using tickets: openssl server" \
-            "$O_SRV" \
-            "$P_CLI debug_level=3 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using tickets: openssl client" \
-            "$P_SRV debug_level=3 tickets=1" \
-            "( $O_CLI -sess_out $SESSION; \
-               $O_CLI -sess_in $SESSION; \
-               rm -f $SESSION )" \
-            0 \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -S "session successfully restored from cache" \
-            -s "session successfully restored from ticket" \
-            -s "a session has been resumed"
-
-# Tests for Session Tickets with DTLS
-
-run_test    "Session resume using tickets, DTLS: basic" \
-            "$P_SRV debug_level=3 dtls=1 tickets=1" \
-            "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -S "session successfully restored from cache" \
-            -s "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using tickets, DTLS: cache disabled" \
-            "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
-            "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -S "session successfully restored from cache" \
-            -s "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using tickets, DTLS: timeout" \
-            "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
-            "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -S "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -S "a session has been resumed" \
-            -C "a session has been resumed"
-
-run_test    "Session resume using tickets, DTLS: openssl server" \
-            "$O_SRV -dtls1" \
-            "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -c "found session_ticket extension" \
-            -c "parse new session ticket" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using tickets, DTLS: openssl client" \
-            "$P_SRV dtls=1 debug_level=3 tickets=1" \
-            "( $O_CLI -dtls1 -sess_out $SESSION; \
-               $O_CLI -dtls1 -sess_in $SESSION; \
-               rm -f $SESSION )" \
-            0 \
-            -s "found session ticket extension" \
-            -s "server hello, adding session ticket extension" \
-            -S "session successfully restored from cache" \
-            -s "session successfully restored from ticket" \
-            -s "a session has been resumed"
-
-# Tests for Session Resume based on session-ID and cache
-
-run_test    "Session resume using cache: tickets enabled on client" \
-            "$P_SRV debug_level=3 tickets=0" \
-            "$P_CLI debug_level=3 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -S "server hello, adding session ticket extension" \
-            -C "found session_ticket extension" \
-            -C "parse new session ticket" \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache: tickets enabled on server" \
-            "$P_SRV debug_level=3 tickets=1" \
-            "$P_CLI debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -C "client hello, adding session ticket extension" \
-            -S "found session ticket extension" \
-            -S "server hello, adding session ticket extension" \
-            -C "found session_ticket extension" \
-            -C "parse new session ticket" \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache: cache_max=0" \
-            "$P_SRV debug_level=3 tickets=0 cache_max=0" \
-            "$P_CLI debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -S "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -S "a session has been resumed" \
-            -C "a session has been resumed"
-
-run_test    "Session resume using cache: cache_max=1" \
-            "$P_SRV debug_level=3 tickets=0 cache_max=1" \
-            "$P_CLI debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache: timeout > delay" \
-            "$P_SRV debug_level=3 tickets=0" \
-            "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
-            0 \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache: timeout < delay" \
-            "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
-            "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
-            0 \
-            -S "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -S "a session has been resumed" \
-            -C "a session has been resumed"
-
-run_test    "Session resume using cache: no timeout" \
-            "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
-            "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
-            0 \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache: openssl client" \
-            "$P_SRV debug_level=3 tickets=0" \
-            "( $O_CLI -sess_out $SESSION; \
-               $O_CLI -sess_in $SESSION; \
-               rm -f $SESSION )" \
-            0 \
-            -s "found session ticket extension" \
-            -S "server hello, adding session ticket extension" \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed"
-
-run_test    "Session resume using cache: openssl server" \
-            "$O_SRV" \
-            "$P_CLI debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -C "found session_ticket extension" \
-            -C "parse new session ticket" \
-            -c "a session has been resumed"
-
-# Tests for Session Resume based on session-ID and cache, DTLS
-
-run_test    "Session resume using cache, DTLS: tickets enabled on client" \
-            "$P_SRV dtls=1 debug_level=3 tickets=0" \
-            "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
-            0 \
-            -c "client hello, adding session ticket extension" \
-            -s "found session ticket extension" \
-            -S "server hello, adding session ticket extension" \
-            -C "found session_ticket extension" \
-            -C "parse new session ticket" \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: tickets enabled on server" \
-            "$P_SRV dtls=1 debug_level=3 tickets=1" \
-            "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -C "client hello, adding session ticket extension" \
-            -S "found session ticket extension" \
-            -S "server hello, adding session ticket extension" \
-            -C "found session_ticket extension" \
-            -C "parse new session ticket" \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: cache_max=0" \
-            "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
-            "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -S "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -S "a session has been resumed" \
-            -C "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: cache_max=1" \
-            "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
-            "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: timeout > delay" \
-            "$P_SRV dtls=1 debug_level=3 tickets=0" \
-            "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
-            0 \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: timeout < delay" \
-            "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
-            "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
-            0 \
-            -S "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -S "a session has been resumed" \
-            -C "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: no timeout" \
-            "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
-            "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
-            0 \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed" \
-            -c "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: openssl client" \
-            "$P_SRV dtls=1 debug_level=3 tickets=0" \
-            "( $O_CLI -dtls1 -sess_out $SESSION; \
-               $O_CLI -dtls1 -sess_in $SESSION; \
-               rm -f $SESSION )" \
-            0 \
-            -s "found session ticket extension" \
-            -S "server hello, adding session ticket extension" \
-            -s "session successfully restored from cache" \
-            -S "session successfully restored from ticket" \
-            -s "a session has been resumed"
-
-run_test    "Session resume using cache, DTLS: openssl server" \
-            "$O_SRV -dtls1" \
-            "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
-            0 \
-            -C "found session_ticket extension" \
-            -C "parse new session ticket" \
-            -c "a session has been resumed"
-
-# Tests for Max Fragment Length extension
-
-if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
-    printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
-    exit 1
-fi
-
-if [ $MAX_CONTENT_LEN -ne 16384 ]; then
-    printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
-fi
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: enabled, default" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
-            -s "Maximum fragment length is $MAX_CONTENT_LEN" \
-            -C "client hello, adding max_fragment_length extension" \
-            -S "found max fragment length extension" \
-            -S "server hello, max_fragment_length extension" \
-            -C "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: enabled, default, larger message" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
-            0 \
-            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
-            -s "Maximum fragment length is $MAX_CONTENT_LEN" \
-            -C "client hello, adding max_fragment_length extension" \
-            -S "found max fragment length extension" \
-            -S "server hello, max_fragment_length extension" \
-            -C "found max_fragment_length extension" \
-            -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
-            -s "$MAX_CONTENT_LEN bytes read" \
-            -s "1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length, DTLS: enabled, default, larger message" \
-            "$P_SRV debug_level=3 dtls=1" \
-            "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
-            1 \
-            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
-            -s "Maximum fragment length is $MAX_CONTENT_LEN" \
-            -C "client hello, adding max_fragment_length extension" \
-            -S "found max fragment length extension" \
-            -S "server hello, max_fragment_length extension" \
-            -C "found max_fragment_length extension" \
-            -c "fragment larger than.*maximum "
-
-# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled
-# (session fragment length will be 16384 regardless of mbedtls
-# content length configuration.)
-
-requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: disabled, larger message" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
-            0 \
-            -C "Maximum fragment length is 16384" \
-            -S "Maximum fragment length is 16384" \
-            -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
-            -s "$MAX_CONTENT_LEN bytes read" \
-            -s "1 bytes read"
-
-requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length DTLS: disabled, larger message" \
-            "$P_SRV debug_level=3 dtls=1" \
-            "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
-            1 \
-            -C "Maximum fragment length is 16384" \
-            -S "Maximum fragment length is 16384" \
-            -c "fragment larger than.*maximum "
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: used by client" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 max_frag_len=4096" \
-            0 \
-            -c "Maximum fragment length is 4096" \
-            -s "Maximum fragment length is 4096" \
-            -c "client hello, adding max_fragment_length extension" \
-            -s "found max fragment length extension" \
-            -s "server hello, max_fragment_length extension" \
-            -c "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: used by server" \
-            "$P_SRV debug_level=3 max_frag_len=4096" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
-            -s "Maximum fragment length is 4096" \
-            -C "client hello, adding max_fragment_length extension" \
-            -S "found max fragment length extension" \
-            -S "server hello, max_fragment_length extension" \
-            -C "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_gnutls
-run_test    "Max fragment length: gnutls server" \
-            "$G_SRV" \
-            "$P_CLI debug_level=3 max_frag_len=4096" \
-            0 \
-            -c "Maximum fragment length is 4096" \
-            -c "client hello, adding max_fragment_length extension" \
-            -c "found max_fragment_length extension"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: client, message just fits" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
-            0 \
-            -c "Maximum fragment length is 2048" \
-            -s "Maximum fragment length is 2048" \
-            -c "client hello, adding max_fragment_length extension" \
-            -s "found max fragment length extension" \
-            -s "server hello, max_fragment_length extension" \
-            -c "found max_fragment_length extension" \
-            -c "2048 bytes written in 1 fragments" \
-            -s "2048 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: client, larger message" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
-            0 \
-            -c "Maximum fragment length is 2048" \
-            -s "Maximum fragment length is 2048" \
-            -c "client hello, adding max_fragment_length extension" \
-            -s "found max fragment length extension" \
-            -s "server hello, max_fragment_length extension" \
-            -c "found max_fragment_length extension" \
-            -c "2345 bytes written in 2 fragments" \
-            -s "2048 bytes read" \
-            -s "297 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "Max fragment length: DTLS client, larger message" \
-            "$P_SRV debug_level=3 dtls=1" \
-            "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
-            1 \
-            -c "Maximum fragment length is 2048" \
-            -s "Maximum fragment length is 2048" \
-            -c "client hello, adding max_fragment_length extension" \
-            -s "found max fragment length extension" \
-            -s "server hello, max_fragment_length extension" \
-            -c "found max_fragment_length extension" \
-            -c "fragment larger than.*maximum"
-
-# Tests for renegotiation
-
-# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
-run_test    "Renegotiation: none, for reference" \
-            "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2" \
-            0 \
-            -C "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -C "=> renegotiate" \
-            -S "=> renegotiate" \
-            -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: client-initiated" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: server-initiated" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request"
-
-# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
-# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
-# algorithm stronger than SHA-1 is enabled in config.h
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: Signature Algorithms parsing, client-initiated" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -S "write hello request" \
-            -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
-
-# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
-# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
-# algorithm stronger than SHA-1 is enabled in config.h
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: Signature Algorithms parsing, server-initiated" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request" \
-            -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: double" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: client-initiated, server-rejected" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
-            1 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -S "=> renegotiate" \
-            -S "write hello request" \
-            -c "SSL - Unexpected message at ServerHello in renegotiation" \
-            -c "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: server-initiated, client-rejected, default" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
-            0 \
-            -C "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -C "=> renegotiate" \
-            -S "=> renegotiate" \
-            -s "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: server-initiated, client-rejected, not enforced" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
-             renego_delay=-1 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
-            0 \
-            -C "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -C "=> renegotiate" \
-            -S "=> renegotiate" \
-            -s "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-# delay 2 for 1 alert record + 1 application data record
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: server-initiated, client-rejected, delay 2" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
-             renego_delay=2 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
-            0 \
-            -C "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -C "=> renegotiate" \
-            -S "=> renegotiate" \
-            -s "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: server-initiated, client-rejected, delay 0" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
-             renego_delay=0 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
-            0 \
-            -C "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -C "=> renegotiate" \
-            -S "=> renegotiate" \
-            -s "write hello request" \
-            -s "SSL - An unexpected message was received from our peer"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: server-initiated, client-accepted, delay 0" \
-            "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
-             renego_delay=0 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: periodic, just below period" \
-            "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
-            0 \
-            -C "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -S "record counter limit reached: renegotiate" \
-            -C "=> renegotiate" \
-            -S "=> renegotiate" \
-            -S "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-# one extra exchange to be able to complete renego
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: periodic, just above period" \
-            "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -s "record counter limit reached: renegotiate" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: periodic, two times period" \
-            "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -s "record counter limit reached: renegotiate" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: periodic, above period, disabled" \
-            "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
-            "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
-            0 \
-            -C "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -S "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -S "record counter limit reached: renegotiate" \
-            -C "=> renegotiate" \
-            -S "=> renegotiate" \
-            -S "write hello request" \
-            -S "SSL - An unexpected message was received from our peer" \
-            -S "failed"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: nbio, client-initiated" \
-            "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
-            "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: nbio, server-initiated" \
-            "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
-            "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: openssl server, client-initiated" \
-            "$O_SRV -www" \
-            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -C "ssl_hanshake() returned" \
-            -C "error" \
-            -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: gnutls server strict, client-initiated" \
-            "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
-            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -C "ssl_hanshake() returned" \
-            -C "error" \
-            -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: gnutls server unsafe, client-initiated default" \
-            "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
-            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
-            1 \
-            -c "client hello, adding renegotiation extension" \
-            -C "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -c "mbedtls_ssl_handshake() returned" \
-            -c "error" \
-            -C "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
-            "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
-            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
-             allow_legacy=0" \
-            1 \
-            -c "client hello, adding renegotiation extension" \
-            -C "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -c "mbedtls_ssl_handshake() returned" \
-            -c "error" \
-            -C "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: gnutls server unsafe, client-inititated legacy" \
-            "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
-            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
-             allow_legacy=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -C "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -C "ssl_hanshake() returned" \
-            -C "error" \
-            -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: DTLS, client-initiated" \
-            "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
-            "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -S "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: DTLS, server-initiated" \
-            "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
-            "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
-             read_timeout=1000 max_resend=2" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request"
-
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: DTLS, renego_period overflow" \
-            "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
-            "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-            -s "found renegotiation extension" \
-            -s "server hello, secure renegotiation extension" \
-            -s "record counter limit reached: renegotiate" \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "write hello request"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Renegotiation: DTLS, gnutls server, client-initiated" \
-            "$G_SRV -u --mtu 4096" \
-            "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "client hello, adding renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -C "mbedtls_ssl_handshake returned" \
-            -C "error" \
-            -s "Extra-header:"
-
-# Test for the "secure renegotation" extension only (no actual renegotiation)
-
-requires_gnutls
-run_test    "Renego ext: gnutls server strict, client default" \
-            "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -c "found renegotiation extension" \
-            -C "error" \
-            -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-run_test    "Renego ext: gnutls server unsafe, client default" \
-            "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -C "found renegotiation extension" \
-            -C "error" \
-            -c "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-run_test    "Renego ext: gnutls server unsafe, client break legacy" \
-            "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
-            "$P_CLI debug_level=3 allow_legacy=-1" \
-            1 \
-            -C "found renegotiation extension" \
-            -c "error" \
-            -C "HTTP/1.0 200 [Oo][Kk]"
-
-requires_gnutls
-run_test    "Renego ext: gnutls client strict, server default" \
-            "$P_SRV debug_level=3" \
-            "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
-            0 \
-            -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-            -s "server hello, secure renegotiation extension"
-
-requires_gnutls
-run_test    "Renego ext: gnutls client unsafe, server default" \
-            "$P_SRV debug_level=3" \
-            "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
-            0 \
-            -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-            -S "server hello, secure renegotiation extension"
-
-requires_gnutls
-run_test    "Renego ext: gnutls client unsafe, server break legacy" \
-            "$P_SRV debug_level=3 allow_legacy=-1" \
-            "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
-            1 \
-            -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-            -S "server hello, secure renegotiation extension"
-
-# Tests for silently dropping trailing extra bytes in .der certificates
-
-requires_gnutls
-run_test    "DER format: no trailing bytes" \
-            "$P_SRV crt_file=data_files/server5-der0.crt \
-             key_file=data_files/server5.key" \
-            "$G_CLI localhost" \
-            0 \
-            -c "Handshake was completed" \
-
-requires_gnutls
-run_test    "DER format: with a trailing zero byte" \
-            "$P_SRV crt_file=data_files/server5-der1a.crt \
-             key_file=data_files/server5.key" \
-            "$G_CLI localhost" \
-            0 \
-            -c "Handshake was completed" \
-
-requires_gnutls
-run_test    "DER format: with a trailing random byte" \
-            "$P_SRV crt_file=data_files/server5-der1b.crt \
-             key_file=data_files/server5.key" \
-            "$G_CLI localhost" \
-            0 \
-            -c "Handshake was completed" \
-
-requires_gnutls
-run_test    "DER format: with 2 trailing random bytes" \
-            "$P_SRV crt_file=data_files/server5-der2.crt \
-             key_file=data_files/server5.key" \
-            "$G_CLI localhost" \
-            0 \
-            -c "Handshake was completed" \
-
-requires_gnutls
-run_test    "DER format: with 4 trailing random bytes" \
-            "$P_SRV crt_file=data_files/server5-der4.crt \
-             key_file=data_files/server5.key" \
-            "$G_CLI localhost" \
-            0 \
-            -c "Handshake was completed" \
-
-requires_gnutls
-run_test    "DER format: with 8 trailing random bytes" \
-            "$P_SRV crt_file=data_files/server5-der8.crt \
-             key_file=data_files/server5.key" \
-            "$G_CLI localhost" \
-            0 \
-            -c "Handshake was completed" \
-
-requires_gnutls
-run_test    "DER format: with 9 trailing random bytes" \
-            "$P_SRV crt_file=data_files/server5-der9.crt \
-             key_file=data_files/server5.key" \
-            "$G_CLI localhost" \
-            0 \
-            -c "Handshake was completed" \
-
-# Tests for auth_mode
-
-run_test    "Authentication: server badcert, client required" \
-            "$P_SRV crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            "$P_CLI debug_level=1 auth_mode=required" \
-            1 \
-            -c "x509_verify_cert() returned" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -c "X509 - Certificate verification failed"
-
-run_test    "Authentication: server badcert, client optional" \
-            "$P_SRV crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            "$P_CLI debug_level=1 auth_mode=optional" \
-            0 \
-            -c "x509_verify_cert() returned" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
-
-run_test    "Authentication: server goodcert, client optional, no trusted CA" \
-            "$P_SRV" \
-            "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
-            0 \
-            -c "x509_verify_cert() returned" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -c "! Certificate verification flags"\
-            -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed" \
-            -C "SSL - No CA Chain is set, but required to operate"
-
-run_test    "Authentication: server goodcert, client required, no trusted CA" \
-            "$P_SRV" \
-            "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
-            1 \
-            -c "x509_verify_cert() returned" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -c "! Certificate verification flags"\
-            -c "! mbedtls_ssl_handshake returned" \
-            -c "SSL - No CA Chain is set, but required to operate"
-
-# The purpose of the next two tests is to test the client's behaviour when receiving a server
-# certificate with an unsupported elliptic curve. This should usually not happen because
-# the client informs the server about the supported curves - it does, though, in the
-# corner case of a static ECDH suite, because the server doesn't check the curve on that
-# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
-# different means to have the server ignoring the client's supported curve list.
-
-requires_config_enabled MBEDTLS_ECP_C
-run_test    "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
-            "$P_SRV debug_level=1 key_file=data_files/server5.key \
-             crt_file=data_files/server5.ku-ka.crt" \
-            "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \
-            1 \
-            -c "bad certificate (EC key curve)"\
-            -c "! Certificate verification flags"\
-            -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-
-requires_config_enabled MBEDTLS_ECP_C
-run_test    "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
-            "$P_SRV debug_level=1 key_file=data_files/server5.key \
-             crt_file=data_files/server5.ku-ka.crt" \
-            "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \
-            1 \
-            -c "bad certificate (EC key curve)"\
-            -c "! Certificate verification flags"\
-            -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
-
-run_test    "Authentication: server badcert, client none" \
-            "$P_SRV crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            "$P_CLI debug_level=1 auth_mode=none" \
-            0 \
-            -C "x509_verify_cert() returned" \
-            -C "! The certificate is not correctly signed by the trusted CA" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
-
-run_test    "Authentication: client SHA256, server required" \
-            "$P_SRV auth_mode=required" \
-            "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
-             key_file=data_files/server6.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
-            0 \
-            -c "Supported Signature Algorithm found: 4," \
-            -c "Supported Signature Algorithm found: 5,"
-
-run_test    "Authentication: client SHA384, server required" \
-            "$P_SRV auth_mode=required" \
-            "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
-             key_file=data_files/server6.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
-            0 \
-            -c "Supported Signature Algorithm found: 4," \
-            -c "Supported Signature Algorithm found: 5,"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Authentication: client has no cert, server required (SSLv3)" \
-            "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \
-            "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \
-             key_file=data_files/server5.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -c "got no certificate to send" \
-            -S "x509_verify_cert() returned" \
-            -s "client has no certificate" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -s "No client certification received from the client, but required by the authentication mode"
-
-run_test    "Authentication: client has no cert, server required (TLS)" \
-            "$P_SRV debug_level=3 auth_mode=required" \
-            "$P_CLI debug_level=3 crt_file=none \
-             key_file=data_files/server5.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -c "= write certificate$" \
-            -C "skip write certificate$" \
-            -S "x509_verify_cert() returned" \
-            -s "client has no certificate" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -s "No client certification received from the client, but required by the authentication mode"
-
-run_test    "Authentication: client badcert, server required" \
-            "$P_SRV debug_level=3 auth_mode=required" \
-            "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -s "x509_verify_cert() returned" \
-            -s "! The certificate is not correctly signed by the trusted CA" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -s "send alert level=2 message=48" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -s "X509 - Certificate verification failed"
-# We don't check that the client receives the alert because it might
-# detect that its write end of the connection is closed and abort
-# before reading the alert message.
-
-run_test    "Authentication: client cert not trusted, server required" \
-            "$P_SRV debug_level=3 auth_mode=required" \
-            "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
-             key_file=data_files/server5.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -s "x509_verify_cert() returned" \
-            -s "! The certificate is not correctly signed by the trusted CA" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -s "X509 - Certificate verification failed"
-
-run_test    "Authentication: client badcert, server optional" \
-            "$P_SRV debug_level=3 auth_mode=optional" \
-            "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -s "x509_verify_cert() returned" \
-            -s "! The certificate is not correctly signed by the trusted CA" \
-            -S "! mbedtls_ssl_handshake returned" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
-
-run_test    "Authentication: client badcert, server none" \
-            "$P_SRV debug_level=3 auth_mode=none" \
-            "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            0 \
-            -s "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got no certificate request" \
-            -c "skip write certificate" \
-            -c "skip write certificate verify" \
-            -s "skip parse certificate verify" \
-            -S "x509_verify_cert() returned" \
-            -S "! The certificate is not correctly signed by the trusted CA" \
-            -S "! mbedtls_ssl_handshake returned" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
-
-run_test    "Authentication: client no cert, server optional" \
-            "$P_SRV debug_level=3 auth_mode=optional" \
-            "$P_CLI debug_level=3 crt_file=none key_file=none" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate$" \
-            -C "got no certificate to send" \
-            -S "SSLv3 client has no certificate" \
-            -c "skip write certificate verify" \
-            -s "skip parse certificate verify" \
-            -s "! Certificate was missing" \
-            -S "! mbedtls_ssl_handshake returned" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
-
-run_test    "Authentication: openssl client no cert, server optional" \
-            "$P_SRV debug_level=3 auth_mode=optional" \
-            "$O_CLI" \
-            0 \
-            -S "skip write certificate request" \
-            -s "skip parse certificate verify" \
-            -s "! Certificate was missing" \
-            -S "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
-
-run_test    "Authentication: client no cert, openssl server optional" \
-            "$O_SRV -verify 10" \
-            "$P_CLI debug_level=3 crt_file=none key_file=none" \
-            0 \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate$" \
-            -c "skip write certificate verify" \
-            -C "! mbedtls_ssl_handshake returned"
-
-run_test    "Authentication: client no cert, openssl server required" \
-            "$O_SRV -Verify 10" \
-            "$P_CLI debug_level=3 crt_file=none key_file=none" \
-            1 \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate$" \
-            -c "skip write certificate verify" \
-            -c "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Authentication: client no cert, ssl3" \
-            "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
-            "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate$" \
-            -c "skip write certificate verify" \
-            -c "got no certificate to send" \
-            -s "SSLv3 client has no certificate" \
-            -s "skip parse certificate verify" \
-            -s "! Certificate was missing" \
-            -S "! mbedtls_ssl_handshake returned" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
-
-# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
-# default value (8)
-
-MAX_IM_CA='8'
-MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
-
-if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
-    printf "The ${CONFIG_H} file contains a value for the configuration of\n"
-    printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n"
-    printf "test value of ${MAX_IM_CA}. \n"
-    printf "\n"
-    printf "The tests assume this value and if it changes, the tests in this\n"
-    printf "script should also be adjusted.\n"
-    printf "\n"
-
-    exit 1
-fi
-
-requires_full_size_output_buffer
-run_test    "Authentication: server max_int chain, client default" \
-            "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
-                    key_file=data_files/dir-maxpath/09.key" \
-            "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
-            0 \
-            -C "X509 - A fatal error occured"
-
-requires_full_size_output_buffer
-run_test    "Authentication: server max_int+1 chain, client default" \
-            "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
-                    key_file=data_files/dir-maxpath/10.key" \
-            "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
-            1 \
-            -c "X509 - A fatal error occured"
-
-requires_full_size_output_buffer
-run_test    "Authentication: server max_int+1 chain, client optional" \
-            "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
-                    key_file=data_files/dir-maxpath/10.key" \
-            "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
-                    auth_mode=optional" \
-            1 \
-            -c "X509 - A fatal error occured"
-
-requires_full_size_output_buffer
-run_test    "Authentication: server max_int+1 chain, client none" \
-            "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
-                    key_file=data_files/dir-maxpath/10.key" \
-            "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
-                    auth_mode=none" \
-            0 \
-            -C "X509 - A fatal error occured"
-
-requires_full_size_output_buffer
-run_test    "Authentication: client max_int+1 chain, server default" \
-            "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
-            "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
-                    key_file=data_files/dir-maxpath/10.key" \
-            0 \
-            -S "X509 - A fatal error occured"
-
-requires_full_size_output_buffer
-run_test    "Authentication: client max_int+1 chain, server optional" \
-            "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
-            "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
-                    key_file=data_files/dir-maxpath/10.key" \
-            1 \
-            -s "X509 - A fatal error occured"
-
-requires_full_size_output_buffer
-run_test    "Authentication: client max_int+1 chain, server required" \
-            "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
-            "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
-                    key_file=data_files/dir-maxpath/10.key" \
-            1 \
-            -s "X509 - A fatal error occured"
-
-requires_full_size_output_buffer
-run_test    "Authentication: client max_int chain, server required" \
-            "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
-            "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
-                    key_file=data_files/dir-maxpath/09.key" \
-            0 \
-            -S "X509 - A fatal error occured"
-
-# Tests for CA list in CertificateRequest messages
-
-run_test    "Authentication: send CA list in CertificateRequest  (default)" \
-            "$P_SRV debug_level=3 auth_mode=required" \
-            "$P_CLI crt_file=data_files/server6.crt \
-             key_file=data_files/server6.key" \
-            0 \
-            -s "requested DN"
-
-run_test    "Authentication: do not send CA list in CertificateRequest" \
-            "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
-            "$P_CLI crt_file=data_files/server6.crt \
-             key_file=data_files/server6.key" \
-            0 \
-            -S "requested DN"
-
-run_test    "Authentication: send CA list in CertificateRequest, client self signed" \
-            "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
-            "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
-             key_file=data_files/server5.key" \
-            1 \
-            -S "requested DN" \
-            -s "x509_verify_cert() returned" \
-            -s "! The certificate is not correctly signed by the trusted CA" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -s "X509 - Certificate verification failed"
-
-# Tests for certificate selection based on SHA verson
-
-run_test    "Certificate hash: client TLS 1.2 -> SHA-2" \
-            "$P_SRV crt_file=data_files/server5.crt \
-                    key_file=data_files/server5.key \
-                    crt_file2=data_files/server5-sha1.crt \
-                    key_file2=data_files/server5.key" \
-            "$P_CLI force_version=tls1_2" \
-            0 \
-            -c "signed using.*ECDSA with SHA256" \
-            -C "signed using.*ECDSA with SHA1"
-
-run_test    "Certificate hash: client TLS 1.1 -> SHA-1" \
-            "$P_SRV crt_file=data_files/server5.crt \
-                    key_file=data_files/server5.key \
-                    crt_file2=data_files/server5-sha1.crt \
-                    key_file2=data_files/server5.key" \
-            "$P_CLI force_version=tls1_1" \
-            0 \
-            -C "signed using.*ECDSA with SHA256" \
-            -c "signed using.*ECDSA with SHA1"
-
-run_test    "Certificate hash: client TLS 1.0 -> SHA-1" \
-            "$P_SRV crt_file=data_files/server5.crt \
-                    key_file=data_files/server5.key \
-                    crt_file2=data_files/server5-sha1.crt \
-                    key_file2=data_files/server5.key" \
-            "$P_CLI force_version=tls1" \
-            0 \
-            -C "signed using.*ECDSA with SHA256" \
-            -c "signed using.*ECDSA with SHA1"
-
-run_test    "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
-            "$P_SRV crt_file=data_files/server5.crt \
-                    key_file=data_files/server5.key \
-                    crt_file2=data_files/server6.crt \
-                    key_file2=data_files/server6.key" \
-            "$P_CLI force_version=tls1_1" \
-            0 \
-            -c "serial number.*09" \
-            -c "signed using.*ECDSA with SHA256" \
-            -C "signed using.*ECDSA with SHA1"
-
-run_test    "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
-            "$P_SRV crt_file=data_files/server6.crt \
-                    key_file=data_files/server6.key \
-                    crt_file2=data_files/server5.crt \
-                    key_file2=data_files/server5.key" \
-            "$P_CLI force_version=tls1_1" \
-            0 \
-            -c "serial number.*0A" \
-            -c "signed using.*ECDSA with SHA256" \
-            -C "signed using.*ECDSA with SHA1"
-
-# tests for SNI
-
-run_test    "SNI: no SNI callback" \
-            "$P_SRV debug_level=3 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key" \
-            "$P_CLI server_name=localhost" \
-            0 \
-            -S "parse ServerName extension" \
-            -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test    "SNI: matching cert 1" \
-            "$P_SRV debug_level=3 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
-            "$P_CLI server_name=localhost" \
-            0 \
-            -s "parse ServerName extension" \
-            -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test    "SNI: matching cert 2" \
-            "$P_SRV debug_level=3 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
-            "$P_CLI server_name=polarssl.example" \
-            0 \
-            -s "parse ServerName extension" \
-            -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-            -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
-
-run_test    "SNI: no matching cert" \
-            "$P_SRV debug_level=3 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
-            "$P_CLI server_name=nonesuch.example" \
-            1 \
-            -s "parse ServerName extension" \
-            -s "ssl_sni_wrapper() returned" \
-            -s "mbedtls_ssl_handshake returned" \
-            -c "mbedtls_ssl_handshake returned" \
-            -c "SSL - A fatal alert message was received from our peer"
-
-run_test    "SNI: client auth no override: optional" \
-            "$P_SRV debug_level=3 auth_mode=optional \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
-            "$P_CLI debug_level=3 server_name=localhost" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify"
-
-run_test    "SNI: client auth override: none -> optional" \
-            "$P_SRV debug_level=3 auth_mode=none \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
-            "$P_CLI debug_level=3 server_name=localhost" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify"
-
-run_test    "SNI: client auth override: optional -> none" \
-            "$P_SRV debug_level=3 auth_mode=optional \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
-            "$P_CLI debug_level=3 server_name=localhost" \
-            0 \
-            -s "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got no certificate request" \
-            -c "skip write certificate" \
-            -c "skip write certificate verify" \
-            -s "skip parse certificate verify"
-
-run_test    "SNI: CA no override" \
-            "$P_SRV debug_level=3 auth_mode=optional \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             ca_file=data_files/test-ca.crt \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
-            "$P_CLI debug_level=3 server_name=localhost \
-             crt_file=data_files/server6.crt key_file=data_files/server6.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -s "x509_verify_cert() returned" \
-            -s "! The certificate is not correctly signed by the trusted CA" \
-            -S "The certificate has been revoked (is on a CRL)"
-
-run_test    "SNI: CA override" \
-            "$P_SRV debug_level=3 auth_mode=optional \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             ca_file=data_files/test-ca.crt \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
-            "$P_CLI debug_level=3 server_name=localhost \
-             crt_file=data_files/server6.crt key_file=data_files/server6.key" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -S "x509_verify_cert() returned" \
-            -S "! The certificate is not correctly signed by the trusted CA" \
-            -S "The certificate has been revoked (is on a CRL)"
-
-run_test    "SNI: CA override with CRL" \
-            "$P_SRV debug_level=3 auth_mode=optional \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             ca_file=data_files/test-ca.crt \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
-            "$P_CLI debug_level=3 server_name=localhost \
-             crt_file=data_files/server6.crt key_file=data_files/server6.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -s "x509_verify_cert() returned" \
-            -S "! The certificate is not correctly signed by the trusted CA" \
-            -s "The certificate has been revoked (is on a CRL)"
-
-# Tests for SNI and DTLS
-
-run_test    "SNI: DTLS, no SNI callback" \
-            "$P_SRV debug_level=3 dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key" \
-            "$P_CLI server_name=localhost dtls=1" \
-            0 \
-            -S "parse ServerName extension" \
-            -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test    "SNI: DTLS, matching cert 1" \
-            "$P_SRV debug_level=3 dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
-            "$P_CLI server_name=localhost dtls=1" \
-            0 \
-            -s "parse ServerName extension" \
-            -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
-
-run_test    "SNI: DTLS, matching cert 2" \
-            "$P_SRV debug_level=3 dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
-            "$P_CLI server_name=polarssl.example dtls=1" \
-            0 \
-            -s "parse ServerName extension" \
-            -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-            -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
-
-run_test    "SNI: DTLS, no matching cert" \
-            "$P_SRV debug_level=3 dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
-            "$P_CLI server_name=nonesuch.example dtls=1" \
-            1 \
-            -s "parse ServerName extension" \
-            -s "ssl_sni_wrapper() returned" \
-            -s "mbedtls_ssl_handshake returned" \
-            -c "mbedtls_ssl_handshake returned" \
-            -c "SSL - A fatal alert message was received from our peer"
-
-run_test    "SNI: DTLS, client auth no override: optional" \
-            "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
-            "$P_CLI debug_level=3 server_name=localhost dtls=1" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify"
-
-run_test    "SNI: DTLS, client auth override: none -> optional" \
-            "$P_SRV debug_level=3 auth_mode=none dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
-            "$P_CLI debug_level=3 server_name=localhost dtls=1" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify"
-
-run_test    "SNI: DTLS, client auth override: optional -> none" \
-            "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
-            "$P_CLI debug_level=3 server_name=localhost dtls=1" \
-            0 \
-            -s "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got no certificate request" \
-            -c "skip write certificate" \
-            -c "skip write certificate verify" \
-            -s "skip parse certificate verify"
-
-run_test    "SNI: DTLS, CA no override" \
-            "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             ca_file=data_files/test-ca.crt \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
-            "$P_CLI debug_level=3 server_name=localhost dtls=1 \
-             crt_file=data_files/server6.crt key_file=data_files/server6.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -s "x509_verify_cert() returned" \
-            -s "! The certificate is not correctly signed by the trusted CA" \
-            -S "The certificate has been revoked (is on a CRL)"
-
-run_test    "SNI: DTLS, CA override" \
-            "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             ca_file=data_files/test-ca.crt \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
-            "$P_CLI debug_level=3 server_name=localhost dtls=1 \
-             crt_file=data_files/server6.crt key_file=data_files/server6.key" \
-            0 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -S "x509_verify_cert() returned" \
-            -S "! The certificate is not correctly signed by the trusted CA" \
-            -S "The certificate has been revoked (is on a CRL)"
-
-run_test    "SNI: DTLS, CA override with CRL" \
-            "$P_SRV debug_level=3 auth_mode=optional \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
-             ca_file=data_files/test-ca.crt \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
-            "$P_CLI debug_level=3 server_name=localhost dtls=1 \
-             crt_file=data_files/server6.crt key_file=data_files/server6.key" \
-            1 \
-            -S "skip write certificate request" \
-            -C "skip parse certificate request" \
-            -c "got a certificate request" \
-            -C "skip write certificate" \
-            -C "skip write certificate verify" \
-            -S "skip parse certificate verify" \
-            -s "x509_verify_cert() returned" \
-            -S "! The certificate is not correctly signed by the trusted CA" \
-            -s "The certificate has been revoked (is on a CRL)"
-
-# Tests for non-blocking I/O: exercise a variety of handshake flows
-
-run_test    "Non-blocking I/O: basic handshake" \
-            "$P_SRV nbio=2 tickets=0 auth_mode=none" \
-            "$P_CLI nbio=2 tickets=0" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Non-blocking I/O: client auth" \
-            "$P_SRV nbio=2 tickets=0 auth_mode=required" \
-            "$P_CLI nbio=2 tickets=0" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Non-blocking I/O: ticket" \
-            "$P_SRV nbio=2 tickets=1 auth_mode=none" \
-            "$P_CLI nbio=2 tickets=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Non-blocking I/O: ticket + client auth" \
-            "$P_SRV nbio=2 tickets=1 auth_mode=required" \
-            "$P_CLI nbio=2 tickets=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Non-blocking I/O: ticket + client auth + resume" \
-            "$P_SRV nbio=2 tickets=1 auth_mode=required" \
-            "$P_CLI nbio=2 tickets=1 reconnect=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Non-blocking I/O: ticket + resume" \
-            "$P_SRV nbio=2 tickets=1 auth_mode=none" \
-            "$P_CLI nbio=2 tickets=1 reconnect=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Non-blocking I/O: session-id resume" \
-            "$P_SRV nbio=2 tickets=0 auth_mode=none" \
-            "$P_CLI nbio=2 tickets=0 reconnect=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-# Tests for event-driven I/O: exercise a variety of handshake flows
-
-run_test    "Event-driven I/O: basic handshake" \
-            "$P_SRV event=1 tickets=0 auth_mode=none" \
-            "$P_CLI event=1 tickets=0" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O: client auth" \
-            "$P_SRV event=1 tickets=0 auth_mode=required" \
-            "$P_CLI event=1 tickets=0" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O: ticket" \
-            "$P_SRV event=1 tickets=1 auth_mode=none" \
-            "$P_CLI event=1 tickets=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O: ticket + client auth" \
-            "$P_SRV event=1 tickets=1 auth_mode=required" \
-            "$P_CLI event=1 tickets=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O: ticket + client auth + resume" \
-            "$P_SRV event=1 tickets=1 auth_mode=required" \
-            "$P_CLI event=1 tickets=1 reconnect=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O: ticket + resume" \
-            "$P_SRV event=1 tickets=1 auth_mode=none" \
-            "$P_CLI event=1 tickets=1 reconnect=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O: session-id resume" \
-            "$P_SRV event=1 tickets=0 auth_mode=none" \
-            "$P_CLI event=1 tickets=0 reconnect=1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O, DTLS: basic handshake" \
-            "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
-            "$P_CLI dtls=1 event=1 tickets=0" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O, DTLS: client auth" \
-            "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
-            "$P_CLI dtls=1 event=1 tickets=0" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O, DTLS: ticket" \
-            "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
-            "$P_CLI dtls=1 event=1 tickets=1" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O, DTLS: ticket + client auth" \
-            "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
-            "$P_CLI dtls=1 event=1 tickets=1" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O, DTLS: ticket + client auth + resume" \
-            "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
-            "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O, DTLS: ticket + resume" \
-            "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
-            "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-run_test    "Event-driven I/O, DTLS: session-id resume" \
-            "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
-            "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-# This test demonstrates the need for the mbedtls_ssl_check_pending function.
-# During session resumption, the client will send its ApplicationData record
-# within the same datagram as the Finished messages. In this situation, the
-# server MUST NOT idle on the underlying transport after handshake completion,
-# because the ApplicationData request has already been queued internally.
-run_test    "Event-driven I/O, DTLS: session-id resume, UDP packing" \
-            -p "$P_PXY pack=50" \
-            "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
-            "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
-            0 \
-            -c "Read from server: .* bytes read"
-
-# Tests for version negotiation
-
-run_test    "Version check: all -> 1.2" \
-            "$P_SRV" \
-            "$P_CLI" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -s "Protocol is TLSv1.2" \
-            -c "Protocol is TLSv1.2"
-
-run_test    "Version check: cli max 1.1 -> 1.1" \
-            "$P_SRV" \
-            "$P_CLI max_version=tls1_1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -s "Protocol is TLSv1.1" \
-            -c "Protocol is TLSv1.1"
-
-run_test    "Version check: srv max 1.1 -> 1.1" \
-            "$P_SRV max_version=tls1_1" \
-            "$P_CLI" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -s "Protocol is TLSv1.1" \
-            -c "Protocol is TLSv1.1"
-
-run_test    "Version check: cli+srv max 1.1 -> 1.1" \
-            "$P_SRV max_version=tls1_1" \
-            "$P_CLI max_version=tls1_1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -s "Protocol is TLSv1.1" \
-            -c "Protocol is TLSv1.1"
-
-run_test    "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
-            "$P_SRV min_version=tls1_1" \
-            "$P_CLI max_version=tls1_1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -s "Protocol is TLSv1.1" \
-            -c "Protocol is TLSv1.1"
-
-run_test    "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
-            "$P_SRV max_version=tls1_1" \
-            "$P_CLI min_version=tls1_1" \
-            0 \
-            -S "mbedtls_ssl_handshake returned" \
-            -C "mbedtls_ssl_handshake returned" \
-            -s "Protocol is TLSv1.1" \
-            -c "Protocol is TLSv1.1"
-
-run_test    "Version check: cli min 1.2, srv max 1.1 -> fail" \
-            "$P_SRV max_version=tls1_1" \
-            "$P_CLI min_version=tls1_2" \
-            1 \
-            -s "mbedtls_ssl_handshake returned" \
-            -c "mbedtls_ssl_handshake returned" \
-            -c "SSL - Handshake protocol not within min/max boundaries"
-
-run_test    "Version check: srv min 1.2, cli max 1.1 -> fail" \
-            "$P_SRV min_version=tls1_2" \
-            "$P_CLI max_version=tls1_1" \
-            1 \
-            -s "mbedtls_ssl_handshake returned" \
-            -c "mbedtls_ssl_handshake returned" \
-            -s "SSL - Handshake protocol not within min/max boundaries"
-
-# Tests for ALPN extension
-
-run_test    "ALPN: none" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -C "client hello, adding alpn extension" \
-            -S "found alpn extension" \
-            -C "got an alert message, type: \\[2:120]" \
-            -S "server hello, adding alpn extension" \
-            -C "found alpn extension " \
-            -C "Application Layer Protocol is" \
-            -S "Application Layer Protocol is"
-
-run_test    "ALPN: client only" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 alpn=abc,1234" \
-            0 \
-            -c "client hello, adding alpn extension" \
-            -s "found alpn extension" \
-            -C "got an alert message, type: \\[2:120]" \
-            -S "server hello, adding alpn extension" \
-            -C "found alpn extension " \
-            -c "Application Layer Protocol is (none)" \
-            -S "Application Layer Protocol is"
-
-run_test    "ALPN: server only" \
-            "$P_SRV debug_level=3 alpn=abc,1234" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -C "client hello, adding alpn extension" \
-            -S "found alpn extension" \
-            -C "got an alert message, type: \\[2:120]" \
-            -S "server hello, adding alpn extension" \
-            -C "found alpn extension " \
-            -C "Application Layer Protocol is" \
-            -s "Application Layer Protocol is (none)"
-
-run_test    "ALPN: both, common cli1-srv1" \
-            "$P_SRV debug_level=3 alpn=abc,1234" \
-            "$P_CLI debug_level=3 alpn=abc,1234" \
-            0 \
-            -c "client hello, adding alpn extension" \
-            -s "found alpn extension" \
-            -C "got an alert message, type: \\[2:120]" \
-            -s "server hello, adding alpn extension" \
-            -c "found alpn extension" \
-            -c "Application Layer Protocol is abc" \
-            -s "Application Layer Protocol is abc"
-
-run_test    "ALPN: both, common cli2-srv1" \
-            "$P_SRV debug_level=3 alpn=abc,1234" \
-            "$P_CLI debug_level=3 alpn=1234,abc" \
-            0 \
-            -c "client hello, adding alpn extension" \
-            -s "found alpn extension" \
-            -C "got an alert message, type: \\[2:120]" \
-            -s "server hello, adding alpn extension" \
-            -c "found alpn extension" \
-            -c "Application Layer Protocol is abc" \
-            -s "Application Layer Protocol is abc"
-
-run_test    "ALPN: both, common cli1-srv2" \
-            "$P_SRV debug_level=3 alpn=abc,1234" \
-            "$P_CLI debug_level=3 alpn=1234,abcde" \
-            0 \
-            -c "client hello, adding alpn extension" \
-            -s "found alpn extension" \
-            -C "got an alert message, type: \\[2:120]" \
-            -s "server hello, adding alpn extension" \
-            -c "found alpn extension" \
-            -c "Application Layer Protocol is 1234" \
-            -s "Application Layer Protocol is 1234"
-
-run_test    "ALPN: both, no common" \
-            "$P_SRV debug_level=3 alpn=abc,123" \
-            "$P_CLI debug_level=3 alpn=1234,abcde" \
-            1 \
-            -c "client hello, adding alpn extension" \
-            -s "found alpn extension" \
-            -c "got an alert message, type: \\[2:120]" \
-            -S "server hello, adding alpn extension" \
-            -C "found alpn extension" \
-            -C "Application Layer Protocol is 1234" \
-            -S "Application Layer Protocol is 1234"
-
-
-# Tests for keyUsage in leaf certificates, part 1:
-# server-side certificate/suite selection
-
-run_test    "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
-            "$P_SRV key_file=data_files/server2.key \
-             crt_file=data_files/server2.ku-ds.crt" \
-            "$P_CLI" \
-            0 \
-            -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
-
-
-run_test    "keyUsage srv: RSA, keyEncipherment -> RSA" \
-            "$P_SRV key_file=data_files/server2.key \
-             crt_file=data_files/server2.ku-ke.crt" \
-            "$P_CLI" \
-            0 \
-            -c "Ciphersuite is TLS-RSA-WITH-"
-
-run_test    "keyUsage srv: RSA, keyAgreement -> fail" \
-            "$P_SRV key_file=data_files/server2.key \
-             crt_file=data_files/server2.ku-ka.crt" \
-            "$P_CLI" \
-            1 \
-            -C "Ciphersuite is "
-
-run_test    "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
-            "$P_SRV key_file=data_files/server5.key \
-             crt_file=data_files/server5.ku-ds.crt" \
-            "$P_CLI" \
-            0 \
-            -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
-
-
-run_test    "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
-            "$P_SRV key_file=data_files/server5.key \
-             crt_file=data_files/server5.ku-ka.crt" \
-            "$P_CLI" \
-            0 \
-            -c "Ciphersuite is TLS-ECDH-"
-
-run_test    "keyUsage srv: ECDSA, keyEncipherment -> fail" \
-            "$P_SRV key_file=data_files/server5.key \
-             crt_file=data_files/server5.ku-ke.crt" \
-            "$P_CLI" \
-            1 \
-            -C "Ciphersuite is "
-
-# Tests for keyUsage in leaf certificates, part 2:
-# client-side checking of server cert
-
-run_test    "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ds_ke.crt" \
-            "$P_CLI debug_level=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -C "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
-
-run_test    "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ds_ke.crt" \
-            "$P_CLI debug_level=1 \
-             force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -C "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
-
-run_test    "keyUsage cli: KeyEncipherment, RSA: OK" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ke.crt" \
-            "$P_CLI debug_level=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -C "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
-
-run_test    "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ke.crt" \
-            "$P_CLI debug_level=1 \
-             force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
-            1 \
-            -c "bad certificate (usage extensions)" \
-            -c "Processing of the Certificate handshake message failed" \
-            -C "Ciphersuite is TLS-"
-
-run_test    "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ke.crt" \
-            "$P_CLI debug_level=1 auth_mode=optional \
-             force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -c "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-" \
-            -c "! Usage does not match the keyUsage extension"
-
-run_test    "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ds.crt" \
-            "$P_CLI debug_level=1 \
-             force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -C "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
-
-run_test    "keyUsage cli: DigitalSignature, RSA: fail" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ds.crt" \
-            "$P_CLI debug_level=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            1 \
-            -c "bad certificate (usage extensions)" \
-            -c "Processing of the Certificate handshake message failed" \
-            -C "Ciphersuite is TLS-"
-
-run_test    "keyUsage cli: DigitalSignature, RSA: fail, soft" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.ku-ds.crt" \
-            "$P_CLI debug_level=1 auth_mode=optional \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -c "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-" \
-            -c "! Usage does not match the keyUsage extension"
-
-# Tests for keyUsage in leaf certificates, part 3:
-# server-side checking of client cert
-
-run_test    "keyUsage cli-auth: RSA, DigitalSignature: OK" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server2.key \
-             -cert data_files/server2.ku-ds.crt" \
-            0 \
-            -S "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-run_test    "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server2.key \
-             -cert data_files/server2.ku-ke.crt" \
-            0 \
-            -s "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-run_test    "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
-            "$P_SRV debug_level=1 auth_mode=required" \
-            "$O_CLI -key data_files/server2.key \
-             -cert data_files/server2.ku-ke.crt" \
-            1 \
-            -s "bad certificate (usage extensions)" \
-            -s "Processing of the Certificate handshake message failed"
-
-run_test    "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server5.key \
-             -cert data_files/server5.ku-ds.crt" \
-            0 \
-            -S "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-run_test    "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server5.key \
-             -cert data_files/server5.ku-ka.crt" \
-            0 \
-            -s "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
-
-run_test    "extKeyUsage srv: serverAuth -> OK" \
-            "$P_SRV key_file=data_files/server5.key \
-             crt_file=data_files/server5.eku-srv.crt" \
-            "$P_CLI" \
-            0
-
-run_test    "extKeyUsage srv: serverAuth,clientAuth -> OK" \
-            "$P_SRV key_file=data_files/server5.key \
-             crt_file=data_files/server5.eku-srv.crt" \
-            "$P_CLI" \
-            0
-
-run_test    "extKeyUsage srv: codeSign,anyEKU -> OK" \
-            "$P_SRV key_file=data_files/server5.key \
-             crt_file=data_files/server5.eku-cs_any.crt" \
-            "$P_CLI" \
-            0
-
-run_test    "extKeyUsage srv: codeSign -> fail" \
-            "$P_SRV key_file=data_files/server5.key \
-             crt_file=data_files/server5.eku-cli.crt" \
-            "$P_CLI" \
-            1
-
-# Tests for extendedKeyUsage, part 2: client-side checking of server cert
-
-run_test    "extKeyUsage cli: serverAuth -> OK" \
-            "$O_SRV -key data_files/server5.key \
-             -cert data_files/server5.eku-srv.crt" \
-            "$P_CLI debug_level=1" \
-            0 \
-            -C "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
-
-run_test    "extKeyUsage cli: serverAuth,clientAuth -> OK" \
-            "$O_SRV -key data_files/server5.key \
-             -cert data_files/server5.eku-srv_cli.crt" \
-            "$P_CLI debug_level=1" \
-            0 \
-            -C "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
-
-run_test    "extKeyUsage cli: codeSign,anyEKU -> OK" \
-            "$O_SRV -key data_files/server5.key \
-             -cert data_files/server5.eku-cs_any.crt" \
-            "$P_CLI debug_level=1" \
-            0 \
-            -C "bad certificate (usage extensions)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
-
-run_test    "extKeyUsage cli: codeSign -> fail" \
-            "$O_SRV -key data_files/server5.key \
-             -cert data_files/server5.eku-cs.crt" \
-            "$P_CLI debug_level=1" \
-            1 \
-            -c "bad certificate (usage extensions)" \
-            -c "Processing of the Certificate handshake message failed" \
-            -C "Ciphersuite is TLS-"
-
-# Tests for extendedKeyUsage, part 3: server-side checking of client cert
-
-run_test    "extKeyUsage cli-auth: clientAuth -> OK" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server5.key \
-             -cert data_files/server5.eku-cli.crt" \
-            0 \
-            -S "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-run_test    "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server5.key \
-             -cert data_files/server5.eku-srv_cli.crt" \
-            0 \
-            -S "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-run_test    "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server5.key \
-             -cert data_files/server5.eku-cs_any.crt" \
-            0 \
-            -S "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-run_test    "extKeyUsage cli-auth: codeSign -> fail (soft)" \
-            "$P_SRV debug_level=1 auth_mode=optional" \
-            "$O_CLI -key data_files/server5.key \
-             -cert data_files/server5.eku-cs.crt" \
-            0 \
-            -s "bad certificate (usage extensions)" \
-            -S "Processing of the Certificate handshake message failed"
-
-run_test    "extKeyUsage cli-auth: codeSign -> fail (hard)" \
-            "$P_SRV debug_level=1 auth_mode=required" \
-            "$O_CLI -key data_files/server5.key \
-             -cert data_files/server5.eku-cs.crt" \
-            1 \
-            -s "bad certificate (usage extensions)" \
-            -s "Processing of the Certificate handshake message failed"
-
-# Tests for DHM parameters loading
-
-run_test    "DHM parameters: reference" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
-                    debug_level=3" \
-            0 \
-            -c "value of 'DHM: P ' (2048 bits)" \
-            -c "value of 'DHM: G ' (2 bits)"
-
-run_test    "DHM parameters: other parameters" \
-            "$P_SRV dhm_file=data_files/dhparams.pem" \
-            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
-                    debug_level=3" \
-            0 \
-            -c "value of 'DHM: P ' (1024 bits)" \
-            -c "value of 'DHM: G ' (2 bits)"
-
-# Tests for DHM client-side size checking
-
-run_test    "DHM size: server default, client default, OK" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
-                    debug_level=1" \
-            0 \
-            -C "DHM prime too short:"
-
-run_test    "DHM size: server default, client 2048, OK" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
-                    debug_level=1 dhmlen=2048" \
-            0 \
-            -C "DHM prime too short:"
-
-run_test    "DHM size: server 1024, client default, OK" \
-            "$P_SRV dhm_file=data_files/dhparams.pem" \
-            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
-                    debug_level=1" \
-            0 \
-            -C "DHM prime too short:"
-
-run_test    "DHM size: server 1000, client default, rejected" \
-            "$P_SRV dhm_file=data_files/dh.1000.pem" \
-            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
-                    debug_level=1" \
-            1 \
-            -c "DHM prime too short:"
-
-run_test    "DHM size: server default, client 2049, rejected" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
-                    debug_level=1 dhmlen=2049" \
-            1 \
-            -c "DHM prime too short:"
-
-# Tests for PSK callback
-
-run_test    "PSK callback: psk, no callback" \
-            "$P_SRV psk=abc123 psk_identity=foo" \
-            "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
-            0 \
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: opaque psk on client, no callback" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
-            "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
-            0 \
-            -c "skip PMS generation for opaque PSK"\
-            -S "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: opaque psk on client, no callback, SHA-384" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
-            "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
-            0 \
-            -c "skip PMS generation for opaque PSK"\
-            -S "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: opaque psk on client, no callback, EMS" \
-            "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
-            "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
-            0 \
-            -c "skip PMS generation for opaque PSK"\
-            -S "skip PMS generation for opaque PSK"\
-            -c "using extended master secret"\
-            -s "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
-            "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
-            "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
-            0 \
-            -c "skip PMS generation for opaque PSK"\
-            -S "skip PMS generation for opaque PSK"\
-            -c "using extended master secret"\
-            -s "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, static opaque on server, no callback" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
-            "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
-            "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
-            force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
-            "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123 extended_ms=1" \
-            0 \
-            -c "using extended master secret"\
-            -s "using extended master secret"\
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
-            "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
-            force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
-            "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123 extended_ms=1" \
-            0 \
-            -c "using extended master secret"\
-            -s "using extended master secret"\
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
-            "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=def psk=beef" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
-            "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
-            "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=def psk=beef" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
-            "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
-            force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
-            "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=abc psk=dead extended_ms=1" \
-            0 \
-            -c "using extended master secret"\
-            -s "using extended master secret"\
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
-            "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
-            force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
-            "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=abc psk=dead extended_ms=1" \
-            0 \
-            -c "using extended master secret"\
-            -s "using extended master secret"\
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=def psk=beef" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=def psk=beef" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -s "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=def psk=beef" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=def psk=beef" \
-            0 \
-            -C "skip PMS generation for opaque PSK"\
-            -C "using extended master secret"\
-            -S "using extended master secret"\
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-run_test    "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=def psk=beef" \
-            1 \
-            -s "SSL - Verification of the message MAC failed"
-
-run_test    "PSK callback: no psk, no callback" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
-            1 \
-            -s "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-run_test    "PSK callback: callback overrides other settings" \
-            "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
-            "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
-            1 \
-            -S "SSL - None of the common ciphersuites is usable" \
-            -s "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-run_test    "PSK callback: first id matches" \
-            "$P_SRV psk_list=abc,dead,def,beef" \
-            "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=abc psk=dead" \
-            0 \
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-run_test    "PSK callback: second id matches" \
-            "$P_SRV psk_list=abc,dead,def,beef" \
-            "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=def psk=beef" \
-            0 \
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-run_test    "PSK callback: no match" \
-            "$P_SRV psk_list=abc,dead,def,beef" \
-            "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=ghi psk=beef" \
-            1 \
-            -S "SSL - None of the common ciphersuites is usable" \
-            -s "SSL - Unknown identity received" \
-            -S "SSL - Verification of the message MAC failed"
-
-run_test    "PSK callback: wrong key" \
-            "$P_SRV psk_list=abc,dead,def,beef" \
-            "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=abc psk=beef" \
-            1 \
-            -S "SSL - None of the common ciphersuites is usable" \
-            -S "SSL - Unknown identity received" \
-            -s "SSL - Verification of the message MAC failed"
-
-# Tests for EC J-PAKE
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: client not configured" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -C "add ciphersuite: c0ff" \
-            -C "adding ecjpake_kkpp extension" \
-            -S "found ecjpake kkpp extension" \
-            -S "skip ecjpake kkpp extension" \
-            -S "ciphersuite mismatch: ecjpake not configured" \
-            -S "server hello, ecjpake kkpp extension" \
-            -C "found ecjpake_kkpp extension" \
-            -S "None of the common ciphersuites is usable"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: server not configured" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 ecjpake_pw=bla \
-             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
-            1 \
-            -c "add ciphersuite: c0ff" \
-            -c "adding ecjpake_kkpp extension" \
-            -s "found ecjpake kkpp extension" \
-            -s "skip ecjpake kkpp extension" \
-            -s "ciphersuite mismatch: ecjpake not configured" \
-            -S "server hello, ecjpake kkpp extension" \
-            -C "found ecjpake_kkpp extension" \
-            -s "None of the common ciphersuites is usable"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: working, TLS" \
-            "$P_SRV debug_level=3 ecjpake_pw=bla" \
-            "$P_CLI debug_level=3 ecjpake_pw=bla \
-             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
-            0 \
-            -c "add ciphersuite: c0ff" \
-            -c "adding ecjpake_kkpp extension" \
-            -C "re-using cached ecjpake parameters" \
-            -s "found ecjpake kkpp extension" \
-            -S "skip ecjpake kkpp extension" \
-            -S "ciphersuite mismatch: ecjpake not configured" \
-            -s "server hello, ecjpake kkpp extension" \
-            -c "found ecjpake_kkpp extension" \
-            -S "None of the common ciphersuites is usable" \
-            -S "SSL - Verification of the message MAC failed"
-
-server_needs_more_time 1
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: password mismatch, TLS" \
-            "$P_SRV debug_level=3 ecjpake_pw=bla" \
-            "$P_CLI debug_level=3 ecjpake_pw=bad \
-             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
-            1 \
-            -C "re-using cached ecjpake parameters" \
-            -s "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: working, DTLS" \
-            "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
-            "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
-             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
-            0 \
-            -c "re-using cached ecjpake parameters" \
-            -S "SSL - Verification of the message MAC failed"
-
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: working, DTLS, no cookie" \
-            "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
-            "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
-             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
-            0 \
-            -C "re-using cached ecjpake parameters" \
-            -S "SSL - Verification of the message MAC failed"
-
-server_needs_more_time 1
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: password mismatch, DTLS" \
-            "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
-            "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
-             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
-            1 \
-            -c "re-using cached ecjpake parameters" \
-            -s "SSL - Verification of the message MAC failed"
-
-# for tests with configs/config-thread.h
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
-run_test    "ECJPAKE: working, DTLS, nolog" \
-            "$P_SRV dtls=1 ecjpake_pw=bla" \
-            "$P_CLI dtls=1 ecjpake_pw=bla \
-             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
-            0
-
-# Tests for ciphersuites per version
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Per-version suites: SSL3" \
-            "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
-            "$P_CLI force_version=ssl3" \
-            0 \
-            -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
-
-run_test    "Per-version suites: TLS 1.0" \
-            "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
-            "$P_CLI force_version=tls1 arc4=1" \
-            0 \
-            -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
-
-run_test    "Per-version suites: TLS 1.1" \
-            "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
-            "$P_CLI force_version=tls1_1" \
-            0 \
-            -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
-
-run_test    "Per-version suites: TLS 1.2" \
-            "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
-            "$P_CLI force_version=tls1_2" \
-            0 \
-            -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
-
-# Test for ClientHello without extensions
-
-requires_gnutls
-run_test    "ClientHello without extensions, SHA-1 allowed" \
-            "$P_SRV debug_level=3" \
-            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
-            0 \
-            -s "dumping 'client hello extensions' (0 bytes)"
-
-requires_gnutls
-run_test    "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
-            "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
-            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
-            0 \
-            -s "dumping 'client hello extensions' (0 bytes)"
-
-# Tests for mbedtls_ssl_get_bytes_avail()
-
-run_test    "mbedtls_ssl_get_bytes_avail: no extra data" \
-            "$P_SRV" \
-            "$P_CLI request_size=100" \
-            0 \
-            -s "Read from client: 100 bytes read$"
-
-run_test    "mbedtls_ssl_get_bytes_avail: extra data" \
-            "$P_SRV" \
-            "$P_CLI request_size=500" \
-            0 \
-            -s "Read from client: 500 bytes read (.*+.*)"
-
-# Tests for small client packets
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Small client packet SSLv3 BlockCipher" \
-            "$P_SRV min_version=ssl3" \
-            "$P_CLI request_size=1 force_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Small client packet SSLv3 StreamCipher" \
-            "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=1 force_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.0 BlockCipher" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.0 BlockCipher, without EtM" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1 etm=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.0 StreamCipher" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=1 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.0 StreamCipher, without EtM" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=1 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.0 StreamCipher, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
-             trunc_hmac=1 etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.1 BlockCipher" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.1 BlockCipher, without EtM" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.1 StreamCipher" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.1 StreamCipher, without EtM" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.1 StreamCipher, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.2 BlockCipher" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.2 BlockCipher, without EtM" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.2 BlockCipher larger MAC" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.2 StreamCipher" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.2 StreamCipher, without EtM" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.2 AEAD" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-run_test    "Small client packet TLS 1.2 AEAD shorter tag" \
-            "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-# Tests for small client packets in DTLS
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small client packet DTLS 1.0" \
-            "$P_SRV dtls=1 force_version=dtls1" \
-            "$P_CLI dtls=1 request_size=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small client packet DTLS 1.0, without EtM" \
-            "$P_SRV dtls=1 force_version=dtls1 etm=0" \
-            "$P_CLI dtls=1 request_size=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet DTLS 1.0, truncated hmac" \
-            "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
-            "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet DTLS 1.0, without EtM, truncated MAC" \
-            "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
-            "$P_CLI dtls=1 request_size=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small client packet DTLS 1.2" \
-            "$P_SRV dtls=1 force_version=dtls1_2" \
-            "$P_CLI dtls=1 request_size=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small client packet DTLS 1.2, without EtM" \
-            "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
-            "$P_CLI dtls=1 request_size=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet DTLS 1.2, truncated hmac" \
-            "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
-            "$P_CLI dtls=1 request_size=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small client packet DTLS 1.2, without EtM, truncated MAC" \
-            "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
-            "$P_CLI dtls=1 request_size=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
-            0 \
-            -s "Read from client: 1 bytes read"
-
-# Tests for small server packets
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Small server packet SSLv3 BlockCipher" \
-            "$P_SRV response_size=1 min_version=ssl3" \
-            "$P_CLI force_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Small server packet SSLv3 StreamCipher" \
-            "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.0 BlockCipher" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.0 BlockCipher, without EtM" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1 etm=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
-            "$P_SRV response_size=1 trunc_hmac=1" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=1 trunc_hmac=1" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.0 StreamCipher" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.0 StreamCipher, without EtM" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.0 StreamCipher, truncated MAC" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
-             trunc_hmac=1 etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.1 BlockCipher" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.1 BlockCipher, without EtM" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
-            "$P_SRV response_size=1 trunc_hmac=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=1 trunc_hmac=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.1 StreamCipher" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.1 StreamCipher, without EtM" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.1 StreamCipher, truncated MAC" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.2 BlockCipher" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.2 BlockCipher, without EtM" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.2 BlockCipher larger MAC" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
-            "$P_SRV response_size=1 trunc_hmac=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=1 trunc_hmac=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.2 StreamCipher" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.2 StreamCipher, without EtM" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.2 AEAD" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-run_test    "Small server packet TLS 1.2 AEAD shorter tag" \
-            "$P_SRV response_size=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-# Tests for small server packets in DTLS
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small server packet DTLS 1.0" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1" \
-            "$P_CLI dtls=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small server packet DTLS 1.0, without EtM" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
-            "$P_CLI dtls=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet DTLS 1.0, truncated hmac" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
-            "$P_CLI dtls=1 trunc_hmac=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet DTLS 1.0, without EtM, truncated MAC" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
-            "$P_CLI dtls=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small server packet DTLS 1.2" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
-            "$P_CLI dtls=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test    "Small server packet DTLS 1.2, without EtM" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \
-            "$P_CLI dtls=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet DTLS 1.2, truncated hmac" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \
-            "$P_CLI dtls=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Small server packet DTLS 1.2, without EtM, truncated MAC" \
-            "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
-            "$P_CLI dtls=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
-            0 \
-            -c "Read from server: 1 bytes read"
-
-# A test for extensions in SSLv3
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "SSLv3 with extensions, server side" \
-            "$P_SRV min_version=ssl3 debug_level=3" \
-            "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
-            0 \
-            -S "dumping 'client hello extensions'" \
-            -S "server hello, total extension length:"
-
-# Test for large client packets
-
-# How many fragments do we expect to write $1 bytes?
-fragments_for_write() {
-    echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
-}
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Large client packet SSLv3 BlockCipher" \
-            "$P_SRV min_version=ssl3" \
-            "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Large client packet SSLv3 StreamCipher" \
-            "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=16384 force_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.0 BlockCipher" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.0 BlockCipher, without EtM" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.0 StreamCipher" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=16384 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.0 StreamCipher, without EtM" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=16384 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.0 StreamCipher, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.1 BlockCipher" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.1 BlockCipher, without EtM" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.1 StreamCipher" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=16384 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.1 StreamCipher, without EtM" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=16384 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.1 StreamCipher, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.2 BlockCipher" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.2 BlockCipher, without EtM" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.2 BlockCipher larger MAC" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.2 StreamCipher" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.2 StreamCipher, without EtM" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.2 AEAD" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test    "Large client packet TLS 1.2 AEAD shorter tag" \
-            "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
-            0 \
-            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-            -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-# Test for large server packets
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Large server packet SSLv3 StreamCipher" \
-            "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=ssl3 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-# Checking next 4 tests logs for 1n-1 split against BEAST too
-requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test    "Large server packet SSLv3 BlockCipher" \
-            "$P_SRV response_size=16384 min_version=ssl3" \
-            "$P_CLI force_version=ssl3 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"\
-            -c "16383 bytes read"\
-            -C "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.0 BlockCipher" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"\
-            -c "16383 bytes read"\
-            -C "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.0 BlockCipher, without EtM" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1 etm=0 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 1 bytes read"\
-            -c "16383 bytes read"\
-            -C "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.0 BlockCipher truncated MAC" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1 recsplit=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
-             trunc_hmac=1" \
-            0 \
-            -c "Read from server: 1 bytes read"\
-            -c "16383 bytes read"\
-            -C "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.0 StreamCipher truncated MAC" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
-             trunc_hmac=1" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.0 StreamCipher" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.0 StreamCipher, without EtM" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.0 StreamCipher, truncated MAC" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.1 BlockCipher" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.1 BlockCipher, without EtM" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_1 etm=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.1 BlockCipher truncated MAC" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
-             trunc_hmac=1" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=16384 trunc_hmac=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.1 StreamCipher" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.1 StreamCipher, without EtM" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.1 StreamCipher truncated MAC" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
-             trunc_hmac=1" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1_1 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 BlockCipher" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 BlockCipher, without EtM" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_2 etm=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 BlockCipher larger MAC" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.2 BlockCipher truncated MAC" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
-             trunc_hmac=1" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=16384 trunc_hmac=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 StreamCipher" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 StreamCipher, without EtM" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.2 StreamCipher truncated MAC" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
-             trunc_hmac=1" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test    "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
-            "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
-            0 \
-            -s "16384 bytes written in 1 fragments" \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 AEAD" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-run_test    "Large server packet TLS 1.2 AEAD shorter tag" \
-            "$P_SRV response_size=16384" \
-            "$P_CLI force_version=tls1_2 \
-             force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
-            0 \
-            -c "Read from server: 16384 bytes read"
-
-# Tests for restartable ECC
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, default" \
-            "$P_SRV auth_mode=required" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             debug_level=1" \
-            0 \
-            -C "x509_verify_cert.*4b00" \
-            -C "mbedtls_pk_verify.*4b00" \
-            -C "mbedtls_ecdh_make_public.*4b00" \
-            -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=0" \
-            "$P_SRV auth_mode=required" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             debug_level=1 ec_max_ops=0" \
-            0 \
-            -C "x509_verify_cert.*4b00" \
-            -C "mbedtls_pk_verify.*4b00" \
-            -C "mbedtls_ecdh_make_public.*4b00" \
-            -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=65535" \
-            "$P_SRV auth_mode=required" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             debug_level=1 ec_max_ops=65535" \
-            0 \
-            -C "x509_verify_cert.*4b00" \
-            -C "mbedtls_pk_verify.*4b00" \
-            -C "mbedtls_ecdh_make_public.*4b00" \
-            -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=1000" \
-            "$P_SRV auth_mode=required" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             debug_level=1 ec_max_ops=1000" \
-            0 \
-            -c "x509_verify_cert.*4b00" \
-            -c "mbedtls_pk_verify.*4b00" \
-            -c "mbedtls_ecdh_make_public.*4b00" \
-            -c "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=1000, badsign" \
-            "$P_SRV auth_mode=required \
-             crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             debug_level=1 ec_max_ops=1000" \
-            1 \
-            -c "x509_verify_cert.*4b00" \
-            -C "mbedtls_pk_verify.*4b00" \
-            -C "mbedtls_ecdh_make_public.*4b00" \
-            -C "mbedtls_pk_sign.*4b00" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -c "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
-            "$P_SRV auth_mode=required \
-             crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             debug_level=1 ec_max_ops=1000 auth_mode=optional" \
-            0 \
-            -c "x509_verify_cert.*4b00" \
-            -c "mbedtls_pk_verify.*4b00" \
-            -c "mbedtls_ecdh_make_public.*4b00" \
-            -c "mbedtls_pk_sign.*4b00" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
-            "$P_SRV auth_mode=required \
-             crt_file=data_files/server5-badsign.crt \
-             key_file=data_files/server5.key" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             debug_level=1 ec_max_ops=1000 auth_mode=none" \
-            0 \
-            -C "x509_verify_cert.*4b00" \
-            -c "mbedtls_pk_verify.*4b00" \
-            -c "mbedtls_ecdh_make_public.*4b00" \
-            -c "mbedtls_pk_sign.*4b00" \
-            -C "! The certificate is not correctly signed by the trusted CA" \
-            -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: DTLS, max_ops=1000" \
-            "$P_SRV auth_mode=required dtls=1" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt  \
-             dtls=1 debug_level=1 ec_max_ops=1000" \
-            0 \
-            -c "x509_verify_cert.*4b00" \
-            -c "mbedtls_pk_verify.*4b00" \
-            -c "mbedtls_ecdh_make_public.*4b00" \
-            -c "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=1000 no client auth" \
-            "$P_SRV" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             debug_level=1 ec_max_ops=1000" \
-            0 \
-            -c "x509_verify_cert.*4b00" \
-            -c "mbedtls_pk_verify.*4b00" \
-            -c "mbedtls_ecdh_make_public.*4b00" \
-            -C "mbedtls_pk_sign.*4b00"
-
-requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-run_test    "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
-            "$P_SRV psk=abc123" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
-             psk=abc123 debug_level=1 ec_max_ops=1000" \
-            0 \
-            -C "x509_verify_cert.*4b00" \
-            -C "mbedtls_pk_verify.*4b00" \
-            -C "mbedtls_ecdh_make_public.*4b00" \
-            -C "mbedtls_pk_sign.*4b00"
-
-# Tests of asynchronous private key support in SSL
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, delay=0" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=0 async_private_delay2=0" \
-            "$P_CLI" \
-            0 \
-            -s "Async sign callback: using key slot " \
-            -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, delay=1" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1" \
-            "$P_CLI" \
-            0 \
-            -s "Async sign callback: using key slot " \
-            -s "Async resume (slot [0-9]): call 0 more times." \
-            -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, delay=2" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=2 async_private_delay2=2" \
-            "$P_CLI" \
-            0 \
-            -s "Async sign callback: using key slot " \
-            -U "Async sign callback: using key slot " \
-            -s "Async resume (slot [0-9]): call 1 more times." \
-            -s "Async resume (slot [0-9]): call 0 more times." \
-            -s "Async resume (slot [0-9]): sign done, status=0"
-
-# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1
-# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1.
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test    "SSL async private: sign, RSA, TLS 1.1" \
-            "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \
-             async_operations=s async_private_delay1=0 async_private_delay2=0" \
-            "$P_CLI force_version=tls1_1" \
-            0 \
-            -s "Async sign callback: using key slot " \
-            -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, SNI" \
-            "$P_SRV debug_level=3 \
-             async_operations=s async_private_delay1=0 async_private_delay2=0 \
-             crt_file=data_files/server5.crt key_file=data_files/server5.key \
-             sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
-            "$P_CLI server_name=polarssl.example" \
-            0 \
-            -s "Async sign callback: using key slot " \
-            -s "Async resume (slot [0-9]): sign done, status=0" \
-            -s "parse ServerName extension" \
-            -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-            -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt, delay=0" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=0 async_private_delay2=0" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -s "Async decrypt callback: using key slot " \
-            -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt, delay=1" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=1 async_private_delay2=1" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -s "Async decrypt callback: using key slot " \
-            -s "Async resume (slot [0-9]): call 0 more times." \
-            -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt RSA-PSK, delay=0" \
-            "$P_SRV psk=abc123 \
-             async_operations=d async_private_delay1=0 async_private_delay2=0" \
-            "$P_CLI psk=abc123 \
-             force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async decrypt callback: using key slot " \
-            -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt RSA-PSK, delay=1" \
-            "$P_SRV psk=abc123 \
-             async_operations=d async_private_delay1=1 async_private_delay2=1" \
-            "$P_CLI psk=abc123 \
-             force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async decrypt callback: using key slot " \
-            -s "Async resume (slot [0-9]): call 0 more times." \
-            -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign callback not present" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=1 async_private_delay2=1" \
-            "$P_CLI; [ \$? -eq 1 ] &&
-             $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -S "Async sign callback" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -s "The own private key or pre-shared key is not set, but needed" \
-            -s "Async resume (slot [0-9]): decrypt done, status=0" \
-            -s "Successful connection"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt callback not present" \
-            "$P_SRV debug_level=1 \
-             async_operations=s async_private_delay1=1 async_private_delay2=1" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA;
-             [ \$? -eq 1 ] && $P_CLI" \
-            0 \
-            -S "Async decrypt callback" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -s "got no RSA private key" \
-            -s "Async resume (slot [0-9]): sign done, status=0" \
-            -s "Successful connection"
-
-# key1: ECDSA, key2: RSA; use key1 from slot 0
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: slot 0 used with key1" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt \
-             key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async sign callback: using key slot 0," \
-            -s "Async resume (slot 0): call 0 more times." \
-            -s "Async resume (slot 0): sign done, status=0"
-
-# key1: ECDSA, key2: RSA; use key2 from slot 0
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: slot 0 used with key2" \
-            "$P_SRV \
-             async_operations=s async_private_delay2=1 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt \
-             key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async sign callback: using key slot 0," \
-            -s "Async resume (slot 0): call 0 more times." \
-            -s "Async resume (slot 0): sign done, status=0"
-
-# key1: ECDSA, key2: RSA; use key2 from slot 1
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: slot 1 used with key2" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt \
-             key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async sign callback: using key slot 1," \
-            -s "Async resume (slot 1): call 0 more times." \
-            -s "Async resume (slot 1): sign done, status=0"
-
-# key1: ECDSA, key2: RSA; use key2 directly
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: fall back to transparent key" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt \
-             key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async sign callback: no key matches this certificate."
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, error in start" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=1" \
-            "$P_CLI" \
-            1 \
-            -s "Async sign callback: injected error" \
-            -S "Async resume" \
-            -S "Async cancel" \
-            -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, cancel after start" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=2" \
-            "$P_CLI" \
-            1 \
-            -s "Async sign callback: using key slot " \
-            -S "Async resume" \
-            -s "Async cancel"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, error in resume" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=3" \
-            "$P_CLI" \
-            1 \
-            -s "Async sign callback: using key slot " \
-            -s "Async resume callback: sign done but injected error" \
-            -S "Async cancel" \
-            -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt, error in start" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=1" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            1 \
-            -s "Async decrypt callback: injected error" \
-            -S "Async resume" \
-            -S "Async cancel" \
-            -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt, cancel after start" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=2" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            1 \
-            -s "Async decrypt callback: using key slot " \
-            -S "Async resume" \
-            -s "Async cancel"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: decrypt, error in resume" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=3" \
-            "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            1 \
-            -s "Async decrypt callback: using key slot " \
-            -s "Async resume callback: decrypt done but injected error" \
-            -S "Async cancel" \
-            -s "! mbedtls_ssl_handshake returned"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: cancel after start then operate correctly" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=-2" \
-            "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
-            0 \
-            -s "Async cancel" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -s "Async resume" \
-            -s "Successful connection"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: error in resume then operate correctly" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             async_private_error=-3" \
-            "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
-            0 \
-            -s "! mbedtls_ssl_handshake returned" \
-            -s "Async resume" \
-            -s "Successful connection"
-
-# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: cancel after start then fall back to transparent key" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_error=-2 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt \
-             key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
-             [ \$? -eq 1 ] &&
-             $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async sign callback: using key slot 0" \
-            -S "Async resume" \
-            -s "Async cancel" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -s "Async sign callback: no key matches this certificate." \
-            -s "Successful connection"
-
-# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test    "SSL async private: sign, error in resume then fall back to transparent key" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_error=-3 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt \
-             key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
-            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
-             [ \$? -eq 1 ] &&
-             $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -s "Async resume" \
-            -s "! mbedtls_ssl_handshake returned" \
-            -s "Async sign callback: no key matches this certificate." \
-            -s "Successful connection"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "SSL async private: renegotiation: client-initiated; sign" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             exchanges=2 renegotiation=1" \
-            "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
-            0 \
-            -s "Async sign callback: using key slot " \
-            -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "SSL async private: renegotiation: server-initiated; sign" \
-            "$P_SRV \
-             async_operations=s async_private_delay1=1 async_private_delay2=1 \
-             exchanges=2 renegotiation=1 renegotiate=1" \
-            "$P_CLI exchanges=2 renegotiation=1" \
-            0 \
-            -s "Async sign callback: using key slot " \
-            -s "Async resume (slot [0-9]): sign done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "SSL async private: renegotiation: client-initiated; decrypt" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=1 async_private_delay2=1 \
-             exchanges=2 renegotiation=1" \
-            "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -s "Async decrypt callback: using key slot " \
-            -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "SSL async private: renegotiation: server-initiated; decrypt" \
-            "$P_SRV \
-             async_operations=d async_private_delay1=1 async_private_delay2=1 \
-             exchanges=2 renegotiation=1 renegotiate=1" \
-            "$P_CLI exchanges=2 renegotiation=1 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -s "Async decrypt callback: using key slot " \
-            -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-# Tests for ECC extensions (rfc 4492)
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-run_test    "Force a non ECC ciphersuite in the client side" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -C "client hello, adding supported_elliptic_curves extension" \
-            -C "client hello, adding supported_point_formats extension" \
-            -S "found supported elliptic curves extension" \
-            -S "found supported point formats extension"
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-run_test    "Force a non ECC ciphersuite in the server side" \
-            "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -C "found supported_point_formats extension" \
-            -S "server hello, supported_point_formats extension"
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test    "Force an ECC ciphersuite in the client side" \
-            "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
-            0 \
-            -c "client hello, adding supported_elliptic_curves extension" \
-            -c "client hello, adding supported_point_formats extension" \
-            -s "found supported elliptic curves extension" \
-            -s "found supported point formats extension"
-
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test    "Force an ECC ciphersuite in the server side" \
-            "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
-            "$P_CLI debug_level=3" \
-            0 \
-            -c "found supported_point_formats extension" \
-            -s "server hello, supported_point_formats extension"
-
-# Tests for DTLS HelloVerifyRequest
-
-run_test    "DTLS cookie: enabled" \
-            "$P_SRV dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -s "cookie verification failed" \
-            -s "cookie verification passed" \
-            -S "cookie verification skipped" \
-            -c "received hello verify request" \
-            -s "hello verification requested" \
-            -S "SSL - The requested feature is not available"
-
-run_test    "DTLS cookie: disabled" \
-            "$P_SRV dtls=1 debug_level=2 cookies=0" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -S "cookie verification failed" \
-            -S "cookie verification passed" \
-            -s "cookie verification skipped" \
-            -C "received hello verify request" \
-            -S "hello verification requested" \
-            -S "SSL - The requested feature is not available"
-
-run_test    "DTLS cookie: default (failing)" \
-            "$P_SRV dtls=1 debug_level=2 cookies=-1" \
-            "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
-            1 \
-            -s "cookie verification failed" \
-            -S "cookie verification passed" \
-            -S "cookie verification skipped" \
-            -C "received hello verify request" \
-            -S "hello verification requested" \
-            -s "SSL - The requested feature is not available"
-
-requires_ipv6
-run_test    "DTLS cookie: enabled, IPv6" \
-            "$P_SRV dtls=1 debug_level=2 server_addr=::1" \
-            "$P_CLI dtls=1 debug_level=2 server_addr=::1" \
-            0 \
-            -s "cookie verification failed" \
-            -s "cookie verification passed" \
-            -S "cookie verification skipped" \
-            -c "received hello verify request" \
-            -s "hello verification requested" \
-            -S "SSL - The requested feature is not available"
-
-run_test    "DTLS cookie: enabled, nbio" \
-            "$P_SRV dtls=1 nbio=2 debug_level=2" \
-            "$P_CLI dtls=1 nbio=2 debug_level=2" \
-            0 \
-            -s "cookie verification failed" \
-            -s "cookie verification passed" \
-            -S "cookie verification skipped" \
-            -c "received hello verify request" \
-            -s "hello verification requested" \
-            -S "SSL - The requested feature is not available"
-
-# Tests for client reconnecting from the same port with DTLS
-
-not_with_valgrind # spurious resend
-run_test    "DTLS client reconnect from same port: reference" \
-            "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
-            "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
-            0 \
-            -C "resend" \
-            -S "The operation timed out" \
-            -S "Client initiated reconnection from same port"
-
-not_with_valgrind # spurious resend
-run_test    "DTLS client reconnect from same port: reconnect" \
-            "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
-            "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
-            0 \
-            -C "resend" \
-            -S "The operation timed out" \
-            -s "Client initiated reconnection from same port"
-
-not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
-run_test    "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
-            "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
-            "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
-            0 \
-            -S "The operation timed out" \
-            -s "Client initiated reconnection from same port"
-
-only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
-run_test    "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
-            "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
-            "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
-            0 \
-            -S "The operation timed out" \
-            -s "Client initiated reconnection from same port"
-
-run_test    "DTLS client reconnect from same port: no cookies" \
-            "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
-            "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
-            0 \
-            -s "The operation timed out" \
-            -S "Client initiated reconnection from same port"
-
-# Tests for various cases of client authentication with DTLS
-# (focused on handshake flows and message parsing)
-
-run_test    "DTLS client auth: required" \
-            "$P_SRV dtls=1 auth_mode=required" \
-            "$P_CLI dtls=1" \
-            0 \
-            -s "Verifying peer X.509 certificate... ok"
-
-run_test    "DTLS client auth: optional, client has no cert" \
-            "$P_SRV dtls=1 auth_mode=optional" \
-            "$P_CLI dtls=1 crt_file=none key_file=none" \
-            0 \
-            -s "! Certificate was missing"
-
-run_test    "DTLS client auth: none, client has no cert" \
-            "$P_SRV dtls=1 auth_mode=none" \
-            "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
-            0 \
-            -c "skip write certificate$" \
-            -s "! Certificate verification was skipped"
-
-run_test    "DTLS wrong PSK: badmac alert" \
-            "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
-            "$P_CLI dtls=1 psk=abc124" \
-            1 \
-            -s "SSL - Verification of the message MAC failed" \
-            -c "SSL - A fatal alert message was received from our peer"
-
-# Tests for receiving fragmented handshake messages with DTLS
-
-requires_gnutls
-run_test    "DTLS reassembly: no fragmentation (gnutls server)" \
-            "$G_SRV -u --mtu 2048 -a" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -C "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_gnutls
-run_test    "DTLS reassembly: some fragmentation (gnutls server)" \
-            "$G_SRV -u --mtu 512" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_gnutls
-run_test    "DTLS reassembly: more fragmentation (gnutls server)" \
-            "$G_SRV -u --mtu 128" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_gnutls
-run_test    "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
-            "$G_SRV -u --mtu 128" \
-            "$P_CLI dtls=1 nbio=2 debug_level=2" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "DTLS reassembly: fragmentation, renego (gnutls server)" \
-            "$G_SRV -u --mtu 256" \
-            "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -c "client hello, adding renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -C "mbedtls_ssl_handshake returned" \
-            -C "error" \
-            -s "Extra-header:"
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
-            "$G_SRV -u --mtu 256" \
-            "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -c "client hello, adding renegotiation extension" \
-            -c "found renegotiation extension" \
-            -c "=> renegotiate" \
-            -C "mbedtls_ssl_handshake returned" \
-            -C "error" \
-            -s "Extra-header:"
-
-run_test    "DTLS reassembly: no fragmentation (openssl server)" \
-            "$O_SRV -dtls1 -mtu 2048" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -C "found fragmented DTLS handshake message" \
-            -C "error"
-
-run_test    "DTLS reassembly: some fragmentation (openssl server)" \
-            "$O_SRV -dtls1 -mtu 768" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-run_test    "DTLS reassembly: more fragmentation (openssl server)" \
-            "$O_SRV -dtls1 -mtu 256" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-run_test    "DTLS reassembly: fragmentation, nbio (openssl server)" \
-            "$O_SRV -dtls1 -mtu 256" \
-            "$P_CLI dtls=1 nbio=2 debug_level=2" \
-            0 \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Tests for sending fragmented handshake messages with DTLS
-#
-# Use client auth when we need the client to send large messages,
-# and use large cert chains on both sides too (the long chains we have all use
-# both RSA and ECDSA, but ideally we should have long chains with either).
-# Sizes reached (UDP payload):
-# - 2037B for server certificate
-# - 1542B for client certificate
-# - 1013B for newsessionticket
-# - all others below 512B
-# All those tests assume MAX_CONTENT_LEN is at least 2048
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: none (for reference)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=4096" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=4096" \
-            0 \
-            -S "found fragmented DTLS handshake message" \
-            -C "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: server only (max_frag_len)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=1024" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=2048" \
-            0 \
-            -S "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# With the MFL extension, the server has no way of forcing
-# the client to not exceed a certain MTU; hence, the following
-# test can't be replicated with an MTU proxy such as the one
-# `client-initiated, server only (max_frag_len)` below.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: server only (more) (max_frag_len)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=512" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=4096" \
-            0 \
-            -S "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=none \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=2048" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=1024" \
-             0 \
-            -S "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# While not required by the standard defining the MFL extension
-# (according to which it only applies to records, not to datagrams),
-# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
-# as otherwise there wouldn't be any means to communicate MTU restrictions
-# to the peer.
-# The next test checks that no datagrams significantly larger than the
-# negotiated MFL are sent.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
-            -p "$P_PXY mtu=1110" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=none \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=2048" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=1024" \
-            0 \
-            -S "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: client-initiated, both (max_frag_len)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=2048" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=1024" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# While not required by the standard defining the MFL extension
-# (according to which it only applies to records, not to datagrams),
-# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
-# as otherwise there wouldn't be any means to communicate MTU restrictions
-# to the peer.
-# The next test checks that no datagrams significantly larger than the
-# negotiated MFL are sent.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
-            -p "$P_PXY mtu=1110" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=2048" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             max_frag_len=1024" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test    "DTLS fragmenting: none (for reference) (MTU)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             mtu=4096" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             mtu=4096" \
-            0 \
-            -S "found fragmented DTLS handshake message" \
-            -C "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test    "DTLS fragmenting: client (MTU)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=3500-60000 \
-             mtu=4096" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=3500-60000 \
-             mtu=1024" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -C "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test    "DTLS fragmenting: server (MTU)" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             mtu=512" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             mtu=2048" \
-            0 \
-            -S "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test    "DTLS fragmenting: both (MTU=1024)" \
-            -p "$P_PXY mtu=1024" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             mtu=1024" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=2500-60000 \
-             mtu=1024" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test    "DTLS fragmenting: both (MTU=512)" \
-            -p "$P_PXY mtu=512" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=2500-60000 \
-             mtu=512" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=2500-60000 \
-             mtu=512" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Test for automatic MTU reduction on repeated resend.
-# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
-# The ratio of max/min timeout should ideally equal 4 to accept two
-# retransmissions, but in some cases (like both the server and client using
-# fragmentation and auto-reduction) an extra retransmission might occur,
-# hence the ratio of 8.
-not_with_valgrind
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test    "DTLS fragmenting: proxy MTU: auto-reduction" \
-            -p "$P_PXY mtu=508" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=400-3200" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=400-3200" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
-only_with_valgrind
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test    "DTLS fragmenting: proxy MTU: auto-reduction" \
-            -p "$P_PXY mtu=508" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=250-10000" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=250-10000" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
-# OTOH the client might resend if the server is to slow to reset after sending
-# a HelloVerifyRequest, so only check for no retransmission server-side
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test    "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
-            -p "$P_PXY mtu=1024" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
-# OTOH the client might resend if the server is to slow to reset after sending
-# a HelloVerifyRequest, so only check for no retransmission server-side
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test    "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-            -p "$P_PXY mtu=512" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=10000-60000 \
-             mtu=512" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=10000-60000 \
-             mtu=512" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-run_test    "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
-            -p "$P_PXY mtu=1024" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=10000-60000 \
-             mtu=1024 nbio=2" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=10000-60000 \
-             mtu=1024 nbio=2" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test    "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-            -p "$P_PXY mtu=512" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=10000-60000 \
-             mtu=512 nbio=2" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=10000-60000 \
-             mtu=512 nbio=2" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 1450 with full config.
-# This ensures things still work after session_reset().
-# It also exercises the "resumed handshake" flow.
-# Since we don't support reading fragmented ClientHello yet,
-# up the MTU to 1450 (larger than ClientHello with session ticket,
-# but still smaller than client's Certificate to ensure fragmentation).
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-# reco_delay avoids races where the client reconnects before the server has
-# resumed listening, which would result in a spurious autoreduction.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test    "DTLS fragmenting: proxy MTU, resumed handshake" \
-            -p "$P_PXY mtu=1450" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=10000-60000 \
-             mtu=1450" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=10000-60000 \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             mtu=1450 reconnect=1 reco_delay=1" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_CHACHAPOLY_C
-run_test    "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-            -p "$P_PXY mtu=512" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             exchanges=2 renegotiation=1 \
-             hs_timeout=10000-60000 \
-             mtu=512" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             exchanges=2 renegotiation=1 renegotiate=1 \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=10000-60000 \
-             mtu=512" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-run_test    "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-            -p "$P_PXY mtu=512" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             exchanges=2 renegotiation=1 \
-             hs_timeout=10000-60000 \
-             mtu=512" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             exchanges=2 renegotiation=1 renegotiate=1 \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=10000-60000 \
-             mtu=512" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CCM_C
-run_test    "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-            -p "$P_PXY mtu=1024" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             exchanges=2 renegotiation=1 \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             exchanges=2 renegotiation=1 renegotiate=1 \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
-run_test    "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
-            -p "$P_PXY mtu=1024" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             exchanges=2 renegotiation=1 \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             exchanges=2 renegotiation=1 renegotiate=1 \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# An autoreduction on the client-side might happen if the server is
-# slow to reset, therefore omitting '-C "autoreduction"' below.
-not_with_valgrind # spurious autoreduction due to timeout
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-run_test    "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-            -p "$P_PXY mtu=1024" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             exchanges=2 renegotiation=1 \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             exchanges=2 renegotiation=1 renegotiate=1 \
-             hs_timeout=10000-60000 \
-             mtu=1024" \
-            0 \
-            -S "autoreduction" \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-client_needs_more_time 2
-run_test    "DTLS fragmenting: proxy MTU + 3d" \
-            -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
-            "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=250-10000 mtu=512" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=250-10000 mtu=512" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
-client_needs_more_time 2
-run_test    "DTLS fragmenting: proxy MTU + 3d, nbio" \
-            -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=250-10000 mtu=512 nbio=2" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             hs_timeout=250-10000 mtu=512 nbio=2" \
-            0 \
-            -s "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# interop tests for DTLS fragmentating with reliable connection
-#
-# here and below we just want to test that the we fragment in a way that
-# pleases other implementations, so we don't need the peer to fragment
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_gnutls
-run_test    "DTLS fragmenting: gnutls server, DTLS 1.2" \
-            "$G_SRV -u" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1_2" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_gnutls
-run_test    "DTLS fragmenting: gnutls server, DTLS 1.0" \
-            "$G_SRV -u" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-# We use --insecure for the GnuTLS client because it expects
-# the hostname / IP it connects to to be the name used in the
-# certificate obtained from the server. Here, however, it
-# connects to 127.0.0.1 while our test certificates use 'localhost'
-# as the server name in the certificate. This will make the
-# certifiate validation fail, but passing --insecure makes
-# GnuTLS continue the connection nonetheless.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_gnutls
-requires_not_i686
-run_test    "DTLS fragmenting: gnutls client, DTLS 1.2" \
-            "$P_SRV dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             mtu=512 force_version=dtls1_2" \
-            "$G_CLI -u --insecure 127.0.0.1" \
-            0 \
-            -s "fragmenting handshake message"
-
-# See previous test for the reason to use --insecure
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_gnutls
-requires_not_i686
-run_test    "DTLS fragmenting: gnutls client, DTLS 1.0" \
-            "$P_SRV dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             mtu=512 force_version=dtls1" \
-            "$G_CLI -u --insecure 127.0.0.1" \
-            0 \
-            -s "fragmenting handshake message"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "DTLS fragmenting: openssl server, DTLS 1.2" \
-            "$O_SRV -dtls1_2 -verify 10" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1_2" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test    "DTLS fragmenting: openssl server, DTLS 1.0" \
-            "$O_SRV -dtls1 -verify 10" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "DTLS fragmenting: openssl client, DTLS 1.2" \
-            "$P_SRV dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             mtu=512 force_version=dtls1_2" \
-            "$O_CLI -dtls1_2" \
-            0 \
-            -s "fragmenting handshake message"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test    "DTLS fragmenting: openssl client, DTLS 1.0" \
-            "$P_SRV dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             mtu=512 force_version=dtls1" \
-            "$O_CLI -dtls1" \
-            0 \
-            -s "fragmenting handshake message"
-
-# interop tests for DTLS fragmentating with unreliable connection
-#
-# again we just want to test that the we fragment in a way that
-# pleases other implementations, so we don't need the peer to fragment
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$G_NEXT_SRV -u" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$G_NEXT_SRV -u" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-## The two tests below are disabled due to a bug in GnuTLS client that causes
-## handshake failures when the NewSessionTicket message is lost, see
-## https://gitlab.com/gnutls/gnutls/issues/543
-## We can re-enable them when a fixed version fo GnuTLS is available
-## and installed in our CI system.
-skip_next_test
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$P_SRV dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-           "$G_CLI -u --insecure 127.0.0.1" \
-            0 \
-            -s "fragmenting handshake message"
-
-skip_next_test
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$P_SRV dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
-           "$G_CLI -u --insecure 127.0.0.1" \
-            0 \
-            -s "fragmenting handshake message"
-
-## Interop test with OpenSSL might trigger a bug in recent versions (including
-## all versions installed on the CI machines), reported here:
-## Bug report: https://github.com/openssl/openssl/issues/6902
-## They should be re-enabled once a fixed version of OpenSSL is available
-## (this should happen in some 1.1.1_ release according to the ticket).
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$O_SRV -dtls1_2 -verify 10" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$O_SRV -dtls1 -verify 10" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
-            0 \
-            -c "fragmenting handshake message" \
-            -C "error"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$P_SRV dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-            "$O_CLI -dtls1_2" \
-            0 \
-            -s "fragmenting handshake message"
-
-# -nbio is added to prevent s_client from blocking in case of duplicated
-# messages at the end of the handshake
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
-            -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
-            "$O_CLI -nbio -dtls1" \
-            0 \
-            -s "fragmenting handshake message"
-
-# Tests for specific things with "unreliable" UDP connection
-
-not_with_valgrind # spurious resend due to timeout
-run_test    "DTLS proxy: reference" \
-            -p "$P_PXY" \
-            "$P_SRV dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
-            0 \
-            -C "replayed record" \
-            -S "replayed record" \
-            -C "record from another epoch" \
-            -S "record from another epoch" \
-            -C "discarding invalid record" \
-            -S "discarding invalid record" \
-            -S "resend" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-not_with_valgrind # spurious resend due to timeout
-run_test    "DTLS proxy: duplicate every packet" \
-            -p "$P_PXY duplicate=1" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
-            0 \
-            -c "replayed record" \
-            -s "replayed record" \
-            -c "record from another epoch" \
-            -s "record from another epoch" \
-            -S "resend" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-run_test    "DTLS proxy: duplicate every packet, server anti-replay off" \
-            -p "$P_PXY duplicate=1" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
-            0 \
-            -c "replayed record" \
-            -S "replayed record" \
-            -c "record from another epoch" \
-            -s "record from another epoch" \
-            -c "resend" \
-            -s "resend" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-run_test    "DTLS proxy: multiple records in same datagram" \
-            -p "$P_PXY pack=50" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
-            0 \
-            -c "next record in same datagram" \
-            -s "next record in same datagram"
-
-run_test    "DTLS proxy: multiple records in same datagram, duplicate every packet" \
-            -p "$P_PXY pack=50 duplicate=1" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
-            0 \
-            -c "next record in same datagram" \
-            -s "next record in same datagram"
-
-run_test    "DTLS proxy: inject invalid AD record, default badmac_limit" \
-            -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
-            0 \
-            -c "discarding invalid record (mac)" \
-            -s "discarding invalid record (mac)" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK" \
-            -S "too many records with bad MAC" \
-            -S "Verification of the message MAC failed"
-
-run_test    "DTLS proxy: inject invalid AD record, badmac_limit 1" \
-            -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
-            1 \
-            -C "discarding invalid record (mac)" \
-            -S "discarding invalid record (mac)" \
-            -S "Extra-header:" \
-            -C "HTTP/1.0 200 OK" \
-            -s "too many records with bad MAC" \
-            -s "Verification of the message MAC failed"
-
-run_test    "DTLS proxy: inject invalid AD record, badmac_limit 2" \
-            -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
-            0 \
-            -c "discarding invalid record (mac)" \
-            -s "discarding invalid record (mac)" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK" \
-            -S "too many records with bad MAC" \
-            -S "Verification of the message MAC failed"
-
-run_test    "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
-            -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
-            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \
-            1 \
-            -c "discarding invalid record (mac)" \
-            -s "discarding invalid record (mac)" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK" \
-            -s "too many records with bad MAC" \
-            -s "Verification of the message MAC failed"
-
-run_test    "DTLS proxy: delay ChangeCipherSpec" \
-            -p "$P_PXY delay_ccs=1" \
-            "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
-            "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \
-            0 \
-            -c "record from another epoch" \
-            -s "record from another epoch" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-# Tests for reordering support with DTLS
-
-run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
-            -p "$P_PXY delay_srv=ServerHello" \
-            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -c "Buffering HS message" \
-            -c "Next handshake message has been buffered - load"\
-            -S "Buffering HS message" \
-            -S "Next handshake message has been buffered - load"\
-            -C "Injecting buffered CCS message" \
-            -C "Remember CCS message" \
-            -S "Injecting buffered CCS message" \
-            -S "Remember CCS message"
-
-run_test    "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
-            -p "$P_PXY delay_srv=ServerHello" \
-            "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -c "Buffering HS message" \
-            -c "found fragmented DTLS handshake message"\
-            -c "Next handshake message 1 not or only partially bufffered" \
-            -c "Next handshake message has been buffered - load"\
-            -S "Buffering HS message" \
-            -S "Next handshake message has been buffered - load"\
-            -C "Injecting buffered CCS message" \
-            -C "Remember CCS message" \
-            -S "Injecting buffered CCS message" \
-            -S "Remember CCS message"
-
-# The client buffers the ServerKeyExchange before receiving the fragmented
-# Certificate message; at the time of writing, together these are aroudn 1200b
-# in size, so that the bound below ensures that the certificate can be reassembled
-# while keeping the ServerKeyExchange.
-requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
-run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
-            -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
-            "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -c "Buffering HS message" \
-            -c "Next handshake message has been buffered - load"\
-            -C "attempt to make space by freeing buffered messages" \
-            -S "Buffering HS message" \
-            -S "Next handshake message has been buffered - load"\
-            -C "Injecting buffered CCS message" \
-            -C "Remember CCS message" \
-            -S "Injecting buffered CCS message" \
-            -S "Remember CCS message"
-
-# The size constraints ensure that the delayed certificate message can't
-# be reassembled while keeping the ServerKeyExchange message, but it can
-# when dropping it first.
-requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
-requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
-run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
-            -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
-            "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -c "Buffering HS message" \
-            -c "attempt to make space by freeing buffered future messages" \
-            -c "Enough space available after freeing buffered HS messages" \
-            -S "Buffering HS message" \
-            -S "Next handshake message has been buffered - load"\
-            -C "Injecting buffered CCS message" \
-            -C "Remember CCS message" \
-            -S "Injecting buffered CCS message" \
-            -S "Remember CCS message"
-
-run_test    "DTLS reordering: Buffer out-of-order handshake message on server" \
-            -p "$P_PXY delay_cli=Certificate" \
-            "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -C "Buffering HS message" \
-            -C "Next handshake message has been buffered - load"\
-            -s "Buffering HS message" \
-            -s "Next handshake message has been buffered - load" \
-            -C "Injecting buffered CCS message" \
-            -C "Remember CCS message" \
-            -S "Injecting buffered CCS message" \
-            -S "Remember CCS message"
-
-run_test    "DTLS reordering: Buffer out-of-order CCS message on client"\
-            -p "$P_PXY delay_srv=NewSessionTicket" \
-            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -C "Buffering HS message" \
-            -C "Next handshake message has been buffered - load"\
-            -S "Buffering HS message" \
-            -S "Next handshake message has been buffered - load" \
-            -c "Injecting buffered CCS message" \
-            -c "Remember CCS message" \
-            -S "Injecting buffered CCS message" \
-            -S "Remember CCS message"
-
-run_test    "DTLS reordering: Buffer out-of-order CCS message on server"\
-            -p "$P_PXY delay_cli=ClientKeyExchange" \
-            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -C "Buffering HS message" \
-            -C "Next handshake message has been buffered - load"\
-            -S "Buffering HS message" \
-            -S "Next handshake message has been buffered - load" \
-            -C "Injecting buffered CCS message" \
-            -C "Remember CCS message" \
-            -s "Injecting buffered CCS message" \
-            -s "Remember CCS message"
-
-run_test    "DTLS reordering: Buffer encrypted Finished message" \
-            -p "$P_PXY delay_ccs=1" \
-            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
-            hs_timeout=2500-60000" \
-            0 \
-            -s "Buffer record from epoch 1" \
-            -s "Found buffered record from current epoch - load" \
-            -c "Buffer record from epoch 1" \
-            -c "Found buffered record from current epoch - load"
-
-# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
-# from the server are delayed, so that the encrypted Finished message
-# is received and buffered. When the fragmented NewSessionTicket comes
-# in afterwards, the encrypted Finished message must be freed in order
-# to make space for the NewSessionTicket to be reassembled.
-# This works only in very particular circumstances:
-# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
-#   of the NewSessionTicket, but small enough to also allow buffering of
-#   the encrypted Finished message.
-# - The MTU setting on the server must be so small that the NewSessionTicket
-#   needs to be fragmented.
-# - All messages sent by the server must be small enough to be either sent
-#   without fragmentation or be reassembled within the bounds of
-#   MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
-#   handshake, omitting CRTs.
-requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
-requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
-run_test    "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
-            -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
-            "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
-            0 \
-            -s "Buffer record from epoch 1" \
-            -s "Found buffered record from current epoch - load" \
-            -c "Buffer record from epoch 1" \
-            -C "Found buffered record from current epoch - load" \
-            -c "Enough space available after freeing future epoch record"
-
-# Tests for "randomly unreliable connection": try a variety of flows and peers
-
-client_needs_more_time 2
-run_test    "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
-             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
-            0 \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test    "DTLS proxy: 3d, \"short\" RSA handshake" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \
-             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
-            0 \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test    "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
-            0 \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test    "DTLS proxy: 3d, FS, client auth" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
-            0 \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test    "DTLS proxy: 3d, FS, ticket" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
-            0 \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test    "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
-            0 \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 2
-run_test    "DTLS proxy: 3d, max handshake, nbio" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
-             auth_mode=required" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \
-            0 \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-run_test    "DTLS proxy: 3d, min handshake, resumption" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 debug_level=3" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
-             debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
-             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
-            0 \
-            -s "a session has been resumed" \
-            -c "a session has been resumed" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-run_test    "DTLS proxy: 3d, min handshake, resumption, nbio" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 debug_level=3 nbio=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
-             debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
-             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
-            0 \
-            -s "a session has been resumed" \
-            -c "a session has been resumed" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "DTLS proxy: 3d, min handshake, client-initiated renego" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiation=1 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
-             renegotiate=1 debug_level=2 \
-             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
-            0 \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiation=1 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
-             renegotiate=1 debug_level=2 \
-             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
-            0 \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "DTLS proxy: 3d, min handshake, server-initiated renego" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
-             debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
-             renegotiation=1 exchanges=4 debug_level=2 \
-             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
-            0 \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-client_needs_more_time 4
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
-             debug_level=2 nbio=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
-             renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
-             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
-            0 \
-            -c "=> renegotiate" \
-            -s "=> renegotiate" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
-## Interop tests with OpenSSL might trigger a bug in recent versions (including
-## all versions installed on the CI machines), reported here:
-## Bug report: https://github.com/openssl/openssl/issues/6902
-## They should be re-enabled once a fixed version of OpenSSL is available
-## (this should happen in some 1.1.1_ release according to the ticket).
-skip_next_test
-client_needs_more_time 6
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test    "DTLS proxy: 3d, openssl server" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
-            "$O_SRV -dtls1 -mtu 2048" \
-            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
-            0 \
-            -c "HTTP/1.0 200 OK"
-
-skip_next_test # see above
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test    "DTLS proxy: 3d, openssl server, fragmentation" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
-            "$O_SRV -dtls1 -mtu 768" \
-            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
-            0 \
-            -c "HTTP/1.0 200 OK"
-
-skip_next_test # see above
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test    "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
-            "$O_SRV -dtls1 -mtu 768" \
-            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
-            0 \
-            -c "HTTP/1.0 200 OK"
-
-requires_gnutls
-client_needs_more_time 6
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test    "DTLS proxy: 3d, gnutls server" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$G_SRV -u --mtu 2048 -a" \
-            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
-            0 \
-            -s "Extra-header:" \
-            -c "Extra-header:"
-
-requires_gnutls
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test    "DTLS proxy: 3d, gnutls server, fragmentation" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$G_SRV -u --mtu 512" \
-            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
-            0 \
-            -s "Extra-header:" \
-            -c "Extra-header:"
-
-requires_gnutls
-client_needs_more_time 8
-not_with_valgrind # risk of non-mbedtls peer timing out
-run_test    "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-            -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$G_SRV -u --mtu 512" \
-            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
-            0 \
-            -s "Extra-header:" \
-            -c "Extra-header:"
-
-# Final report
-
-echo "------------------------------------------------------------------------"
-
-if [ $FAILS = 0 ]; then
-    printf "PASSED"
-else
-    printf "FAILED"
-fi
-PASSES=$(( $TESTS - $FAILS ))
-echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
-
-exit $FAILS
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 5f9f7b0..122a17d 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -23,6 +23,11 @@
 #include "mbedtls/memory_buffer_alloc.h"
 #endif
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+#include <setjmp.h>
+#endif
+
 #ifdef _MSC_VER
 #include <basetsd.h>
 typedef UINT8 uint8_t;
@@ -65,29 +70,50 @@
 #define DISPATCH_UNSUPPORTED_SUITE      -5  /* Test suite not supported by the
                                                build */
 
+typedef enum
+{
+    PARAMFAIL_TESTSTATE_IDLE = 0,           /* No parameter failure call test */
+    PARAMFAIL_TESTSTATE_PENDING,            /* Test call to the parameter failure
+                                             * is pending */
+    PARAMFAIL_TESTSTATE_CALLED              /* The test call to the parameter
+                                             * failure function has been made */
+} paramfail_test_state_t;
+
 
 /*----------------------------------------------------------------------------*/
 /* Macros */
 
-/** Evaluate an expression and fail the test case if it is false.
+/**
+ * \brief   This macro tests the expression passed to it as a test step or
+ *          individual test in a test case.
  *
- * Failing the test means:
- * - Mark this test case as failed.
- * - Print a message identifying the failure.
- * - Jump to the \c exit label.
+ *          It allows a library function to return a value and return an error
+ *          code that can be tested.
  *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
+ *          When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ *          callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test
+ *          failure.
  *
- * \param TEST      The expression to evaluate.
+ *          This macro is not suitable for negative parameter validation tests,
+ *          as it assumes the test step will not create an error.
+ *
+ *          Failing the test means:
+ *          - Mark this test case as failed.
+ *          - Print a message identifying the failure.
+ *          - Jump to the \c exit label.
+ *
+ *          This macro expands to an instruction, not an expression.
+ *          It may jump to the \c exit label.
+ *
+ * \param   TEST    The test expression to be tested.
  */
-#define TEST_ASSERT( TEST )                         \
-    do {                                            \
-        if( ! (TEST) )                              \
-        {                                           \
-            test_fail( #TEST, __LINE__, __FILE__ ); \
-            goto exit;                              \
-        }                                           \
+#define TEST_ASSERT( TEST )                                 \
+    do {                                                    \
+       if( ! (TEST) )                                       \
+       {                                                    \
+          test_fail( #TEST, __LINE__, __FILE__ );           \
+          goto exit;                                        \
+       }                                                    \
     } while( 0 )
 
 /** Evaluate two expressions and fail the test case if they have different
@@ -161,6 +187,105 @@
     }                                                                   \
     while( 0 )
 
+#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
+/**
+ * \brief   This macro tests the statement passed to it as a test step or
+ *          individual test in a test case. The macro assumes the test will fail
+ *          and will generate an error.
+ *
+ *          It allows a library function to return a value and tests the return
+ *          code on return to confirm the given error code was returned.
+ *
+ *          When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ *          callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
+ *          expected failure, and the test will pass.
+ *
+ *          This macro is intended for negative parameter validation tests,
+ *          where the failing function may return an error value or call
+ *          MBEDTLS_PARAM_FAILED() to indicate the error.
+ *
+ * \param   PARAM_ERROR_VALUE   The expected error code.
+ *
+ * \param   TEST                The test expression to be tested.
+ */
+#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST )                     \
+    do {                                                                    \
+        test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING;       \
+        if( (TEST) != (PARAM_ERR_VALUE) ||                                  \
+            test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED )  \
+        {                                                                   \
+            test_fail( #TEST, __LINE__, __FILE__ );                         \
+            goto exit;                                                      \
+        }                                                                   \
+   } while( 0 )
+
+/**
+ * \brief   This macro tests the statement passed to it as a test step or
+ *          individual test in a test case. The macro assumes the test will fail
+ *          and will generate an error.
+ *
+ *          It assumes the library function under test cannot return a value and
+ *          assumes errors can only be indicated byt calls to
+ *          MBEDTLS_PARAM_FAILED().
+ *
+ *          When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ *          callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
+ *          expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
+ *          can be made.
+ *
+ *          This macro is intended for negative parameter validation tests,
+ *          where the failing function can only return an error by calling
+ *          MBEDTLS_PARAM_FAILED() to indicate the error.
+ *
+ * \param   TEST                The test expression to be tested.
+ */
+#define TEST_INVALID_PARAM( TEST )                                          \
+    do {                                                                    \
+        memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf));                   \
+        if( setjmp( param_fail_jmp ) == 0 )                                 \
+        {                                                                   \
+            TEST;                                                           \
+            test_fail( #TEST, __LINE__, __FILE__ );                         \
+            goto exit;                                                      \
+        }                                                                   \
+        memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf));                   \
+    } while( 0 )
+#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
+
+/**
+ * \brief   This macro tests the statement passed to it as a test step or
+ *          individual test in a test case. The macro assumes the test will not fail.
+ *
+ *          It assumes the library function under test cannot return a value and
+ *          assumes errors can only be indicated by calls to
+ *          MBEDTLS_PARAM_FAILED().
+ *
+ *          When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ *          callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
+ *          expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
+ *          can be made.
+ *
+ *          This macro is intended to test that functions returning void
+ *          accept all of the parameter values they're supposed to accept - eg
+ *          that they don't call MBEDTLS_PARAM_FAILED() when a parameter
+ *          that's allowed to be NULL happens to be NULL.
+ *
+ *          Note: for functions that return something other that void,
+ *          checking that they accept all the parameters they're supposed to
+ *          accept is best done by using TEST_ASSERT() and checking the return
+ *          value as well.
+ *
+ *          Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is
+ *          disabled, as it makes sense to check that the functions accept all
+ *          legal values even if this option is disabled - only in that case,
+ *          the test is more about whether the function segfaults than about
+ *          whether it invokes MBEDTLS_PARAM_FAILED().
+ *
+ * \param   TEST                The test expression to be tested.
+ */
+#define TEST_VALID_PARAM( TEST )                                    \
+    TEST_ASSERT( ( TEST, 1 ) );
+
 #define assert(a) if( !( a ) )                                      \
 {                                                                   \
     mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n",   \
@@ -247,9 +372,9 @@
 /*----------------------------------------------------------------------------*/
 /* Global variables */
 
-
 static struct
 {
+    paramfail_test_state_t paramfail_test_state;
     int failed;
     const char *test;
     const char *filename;
@@ -261,6 +386,11 @@
 mbedtls_platform_context platform_ctx;
 #endif
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+jmp_buf param_fail_jmp;
+jmp_buf jmp_tmp;
+#endif
+
 /*----------------------------------------------------------------------------*/
 /* Helper flags for complex dependencies */
 
@@ -278,6 +408,15 @@
 
 /*----------------------------------------------------------------------------*/
 /* Helper Functions */
+
+static void test_fail( const char *test, int line_no, const char* filename )
+{
+    test_info.failed = 1;
+    test_info.test = test;
+    test_info.line_no = line_no;
+    test_info.filename = filename;
+}
+
 static int platform_setup()
 {
     int ret = 0;
@@ -294,6 +433,30 @@
 #endif /* MBEDTLS_PLATFORM_C */
 }
 
+#if defined(MBEDTLS_CHECK_PARAMS)
+void mbedtls_param_failed( const char *failure_condition,
+                           const char *file,
+                           int line )
+{
+    /* If we are testing the callback function...  */
+    if( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING )
+    {
+        test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED;
+    }
+    else
+    {
+        /* ...else we treat this as an error */
+
+        /* Record the location of the failure, but not as a failure yet, in case
+         * it was part of the test */
+        test_fail( failure_condition, line, file );
+        test_info.failed = 0;
+
+        longjmp( param_fail_jmp, 1 );
+    }
+}
+#endif
+
 #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
 static int redirect_output( FILE** out_stream, const char* path )
 {
@@ -310,6 +473,7 @@
 
     if( *out_stream == NULL )
     {
+        close( stdout_fd );
         return -1;
     }
 
@@ -582,25 +746,17 @@
     return( 0 );
 }
 
-static void test_fail( const char *test, int line_no, const char* filename )
-{
-    test_info.failed = 1;
-    test_info.test = test;
-    test_info.line_no = line_no;
-    test_info.filename = filename;
-}
-
 int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len )
 {
     int ret = 0;
     uint32_t i = 0;
 
-    if ( a_len != b_len )
+    if( a_len != b_len )
         return( -1 );
 
     for( i = 0; i < a_len; i++ )
     {
-        if ( a[i] != b[i] )
+        if( a[i] != b[i] )
         {
             ret = -1;
             break;
@@ -608,4 +764,3 @@
     }
     return ret;
 }
-
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index b354af4..3c43032 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -546,6 +546,7 @@
             if( unmet_dep_count == 0 )
             {
                 test_info.failed = 0;
+                test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE;
 
 #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
                 /* Suppress all output from the library unless we're verbose
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 8bd408c..1574556 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -137,9 +137,39 @@
 #line $line_no "suites/main_test.function"
 };
 
+/**
+ * \brief        Execute the test function.
+ *
+ *               This is a wrapper function around the test function execution
+ *               to allow the setjmp() call used to catch any calls to the
+ *               parameter failure callback, to be used. Calls to setjmp()
+ *               can invalidate the state of any local auto variables.
+ *
+ * \param fp     Function pointer to the test function
+ * \param params Parameters to pass
+ *
+ */
+void execute_function_ptr(TestWrapper_t fp, void **params)
+{
+#if defined(MBEDTLS_CHECK_PARAMS)
+    if ( setjmp( param_fail_jmp ) == 0 )
+    {
+        fp( params );
+    }
+    else
+    {
+        /* Unexpected parameter validation error */
+        test_info.failed = 1;
+    }
+
+    memset( param_fail_jmp, 0, sizeof(jmp_buf) );
+#else
+    fp( params );
+#endif
+}
 
 /**
- * \brief       Dispatches test functions based on function index.
+ * \brief        Dispatches test functions based on function index.
  *
  * \param exp_id    Test function index.
  *
@@ -156,7 +186,7 @@
     {
         fp = test_funcs[func_idx];
         if ( fp )
-            fp( params );
+            execute_function_ptr(fp, params);
         else
             ret = DISPATCH_UNSUPPORTED_SUITE;
     }
@@ -225,20 +255,6 @@
         return( -1 );
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    {
-        psa_status_t status;
-        status = psa_crypto_init();
-        if( status != PSA_SUCCESS )
-        {
-            mbedtls_fprintf( stderr,
-                          "FATAL: Failed to initialize PSA Crypto - error %d\n",
-                          status );
-            return( -1 );
-        }
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     ret = execute_tests( argc, argv );
     platform_teardown();
     return( ret );
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index a797e69..da8c1e9 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -15,8 +15,8 @@
     mbedtls_aes_context ctx;
 
     memset(output, 0x00, 100);
-    mbedtls_aes_init( &ctx );
 
+    mbedtls_aes_init( &ctx );
 
     TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
@@ -39,8 +39,8 @@
     mbedtls_aes_context ctx;
 
     memset(output, 0x00, 100);
-    mbedtls_aes_init( &ctx );
 
+    mbedtls_aes_init( &ctx );
 
     TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
@@ -64,8 +64,8 @@
     mbedtls_aes_context ctx;
 
     memset(output, 0x00, 100);
-    mbedtls_aes_init( &ctx );
 
+    mbedtls_aes_init( &ctx );
 
     mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
@@ -91,7 +91,6 @@
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-
     mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0)
@@ -195,8 +194,8 @@
 void aes_crypt_xts_size( int size, int retval )
 {
     mbedtls_aes_xts_context ctx;
-    const unsigned char *src = NULL;
-    unsigned char *output = NULL;
+    const unsigned char src[16] = { 0 };
+    unsigned char output[16];
     unsigned char data_unit[16];
     size_t length = size;
 
@@ -204,10 +203,8 @@
     memset( data_unit, 0x00, sizeof( data_unit ) );
 
 
-    /* Note that this function will most likely crash on failure, as NULL
-     * parameters will be used. In the passing case, the length check in
-     * mbedtls_aes_crypt_xts() will prevent any accesses to parameters by
-     * exiting the function early. */
+    /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
+     * otherwise we wouldn't get to the size check we're interested in. */
     TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
 }
 /* END_CASE */
@@ -216,7 +213,7 @@
 void aes_crypt_xts_keysize( int size, int retval )
 {
     mbedtls_aes_xts_context ctx;
-    const unsigned char *key = NULL;
+    const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
     size_t key_len = size;
 
     mbedtls_aes_xts_init( &ctx );
@@ -372,6 +369,259 @@
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void aes_check_params( )
+{
+    mbedtls_aes_context aes_ctx;
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    mbedtls_aes_xts_context xts_ctx;
+#endif
+    const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+    const unsigned char in[16] = { 0 };
+    unsigned char out[16];
+    size_t size;
+    const int valid_mode = MBEDTLS_AES_ENCRYPT;
+    const int invalid_mode = 42;
+
+    TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) );
+#endif
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_setkey_enc( NULL, key, 128 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_setkey_dec( NULL, key, 128 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
+#endif
+
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ecb( NULL,
+                                                   valid_mode, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ecb( &aes_ctx,
+                                                   invalid_mode, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ecb( &aes_ctx,
+                                                   valid_mode, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ecb( &aes_ctx,
+                                                   valid_mode, in, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cbc( NULL,
+                                                   valid_mode, 16,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cbc( &aes_ctx,
+                                                   invalid_mode, 16,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cbc( &aes_ctx,
+                                                   valid_mode, 16,
+                                                   NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cbc( &aes_ctx,
+                                                   valid_mode, 16,
+                                                   out, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cbc( &aes_ctx,
+                                                   valid_mode, 16,
+                                                   out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_xts( NULL,
+                                                   valid_mode, 16,
+                                                   in, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_xts( &xts_ctx,
+                                                   invalid_mode, 16,
+                                                   in, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_xts( &xts_ctx,
+                                                   valid_mode, 16,
+                                                   NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_xts( &xts_ctx,
+                                                   valid_mode, 16,
+                                                   in, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_xts( &xts_ctx,
+                                                   valid_mode, 16,
+                                                   in, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb128( NULL,
+                                                      valid_mode, 16,
+                                                      &size, out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb128( &aes_ctx,
+                                                      invalid_mode, 16,
+                                                      &size, out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb128( &aes_ctx,
+                                                      valid_mode, 16,
+                                                      NULL, out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb128( &aes_ctx,
+                                                      valid_mode, 16,
+                                                      &size, NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb128( &aes_ctx,
+                                                      valid_mode, 16,
+                                                      &size, out, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb128( &aes_ctx,
+                                                      valid_mode, 16,
+                                                      &size, out, in, NULL ) );
+
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb8( NULL,
+                                                    valid_mode, 16,
+                                                    out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb8( &aes_ctx,
+                                                    invalid_mode, 16,
+                                                    out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb8( &aes_ctx,
+                                                    valid_mode, 16,
+                                                    NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb8( &aes_ctx,
+                                                    valid_mode, 16,
+                                                    out, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_cfb8( &aes_ctx,
+                                                    valid_mode, 16,
+                                                    out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( NULL, 16,
+                                                   &size, out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   NULL, out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   &size, NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   &size, out, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   &size, out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_OFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+                                                   NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+                                                   out, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+                                                   out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aes_misc_params( )
+{
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
+    defined(MBEDTLS_CIPHER_MODE_XTS) || \
+    defined(MBEDTLS_CIPHER_MODE_CFB) || \
+    defined(MBEDTLS_CIPHER_MODE_OFB)
+    mbedtls_aes_context aes_ctx;
+    const unsigned char in[16] = { 0 };
+    unsigned char out[16];
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    mbedtls_aes_xts_context xts_ctx;
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB) || \
+    defined(MBEDTLS_CIPHER_MODE_OFB)
+    size_t size;
+#endif
+
+    /* These calls accept NULL */
+    TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                        15,
+                                        out, in, out )
+                 == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+    TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                        17,
+                                        out, in, out )
+                 == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
+                                        15,
+                                        in, in, out )
+                 == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+    TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
+                                        (1 << 24) + 1,
+                                        in, in, out )
+                 == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    size = 16;
+    TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
+                                           &size, out, in, out )
+                 == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    size = 16;
+    TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
+                 == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void aes_selftest(  )
 {
diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data
index bbb222f..6a76b43 100644
--- a/tests/suites/test_suite_aes.rest.data
+++ b/tests/suites/test_suite_aes.rest.data
@@ -10,6 +10,12 @@
 AES-256-CBC Decrypt (Invalid input length)
 aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
 
+AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS)
+aes_check_params:
+
+AES - Mandatory Parameter Validation and Valid Parameters
+aes_misc_params:
+
 AES Selftest
 depends_on:MBEDTLS_SELF_TEST
 aes_selftest:
diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data
index 8cb2d2a..2da0b30 100644
--- a/tests/suites/test_suite_aria.data
+++ b/tests/suites/test_suite_aria.data
@@ -1,3 +1,9 @@
+ARIA - Valid parameters
+aria_valid_param:
+
+ARIA - Invalid parameters
+aria_invalid_param:
+
 ARIA-128-ECB Encrypt - RFC 5794
 aria_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"00112233445566778899aabbccddeeff":"d718fbd6ab644c739da95f3be6451778":0
 
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 4e39078..7e35f15 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -17,6 +17,195 @@
  */
 
 /* BEGIN_CASE */
+void aria_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_aria_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void aria_invalid_param( )
+{
+    mbedtls_aria_context ctx;
+    unsigned char key[128 / 8] = { 0 };
+    unsigned char input[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
+    unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
+    unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
+    size_t iv_off = 0;
+
+    ((void) iv_off);
+    ((void) iv);
+
+    TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_setkey_enc( NULL, key,
+                                                     sizeof( key ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_setkey_enc( &ctx, NULL,
+                                                     sizeof( key ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_setkey_dec( NULL, key,
+                                                     sizeof( key ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_setkey_dec( &ctx, NULL,
+                                                     sizeof( key ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ecb( NULL, input, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ecb( &ctx, NULL, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ecb( &ctx, input, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cbc( NULL,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cbc( &ctx,
+                                                    42 /* invalid mode */,
+                                                    sizeof( input ),
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cbc( &ctx,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    NULL,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cbc( &ctx,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    iv,
+                                                    NULL,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cbc( &ctx,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    iv,
+                                                    input,
+                                                    NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cfb128( NULL,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cfb128( &ctx,
+                                                    42, /* invalid mode */
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cfb128( &ctx,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    NULL,
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cfb128( &ctx,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    NULL,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cfb128( &ctx,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    NULL,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_cfb128( &ctx,
+                                                    MBEDTLS_ARIA_ENCRYPT,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    input,
+                                                    NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ctr( NULL,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ctr( &ctx,
+                                                    sizeof( input ),
+                                                    NULL,
+                                                    iv,
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ctr( &ctx,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    NULL,
+                                                    iv,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ctr( &ctx,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    NULL,
+                                                    input,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ctr( &ctx,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    iv,
+                                                    NULL,
+                                                    output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+                            mbedtls_aria_crypt_ctr( &ctx,
+                                                    sizeof( input ),
+                                                    &iv_off,
+                                                    iv,
+                                                    iv,
+                                                    input,
+                                                    NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+exit:
+    return;
+
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string,
                        char *hex_dst_string, int setkey_result )
 {
diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data
index c2a78b1..9982d03 100644
--- a/tests/suites/test_suite_asn1write.data
+++ b/tests/suites/test_suite_asn1write.data
@@ -90,3 +90,75 @@
 
 ASN.1 Write / Read Length #12 (Len = 16909060, buffer too small)
 mbedtls_asn1_write_len:16909060:"8401020304":4:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ASN.1 Write Named Bitstring / Unused bits #0
+test_asn1_write_bitstrings:"FF":8:"030200FF":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #1
+test_asn1_write_bitstrings:"FE":8:"030201FE":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #2
+test_asn1_write_bitstrings:"FC":7:"030202FC":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #3
+test_asn1_write_bitstrings:"F8":8:"030203F8":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #4
+test_asn1_write_bitstrings:"F0":6:"030204F0":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #5
+test_asn1_write_bitstrings:"E0":6:"030205E0":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #6
+test_asn1_write_bitstrings:"C0":8:"030206C0":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #7
+test_asn1_write_bitstrings:"80":8:"03020780":4:1
+
+ASN.1 Write Named Bitstring / Empty bitstring
+test_asn1_write_bitstrings:"00":7:"030100":3:1
+
+ASN.1 Write Named Bitstring / Empty bitstring (bits = 16)
+test_asn1_write_bitstrings:"0000":16:"030100":3:1
+
+ASN.1 Write Named Bitstring / Empty bitstring (bits = 24)
+test_asn1_write_bitstrings:"FFFFFF":0:"030100":3:1
+
+ASN.1 Write Named Bitstring / 15 trailing bits all unset
+test_asn1_write_bitstrings:"F88000":24:"030307F880":5:1
+
+ASN.1 Write Named Bitstring / 15 trailing bits all set
+test_asn1_write_bitstrings:"F8FFFF":9:"030307F880":5:1
+
+ASN.1 Write Bitstring / Unused bits #0
+test_asn1_write_bitstrings:"FF":8:"030200FF":4:0
+
+ASN.1 Write Bitstring / Unused bits #1
+test_asn1_write_bitstrings:"FF":7:"030201FE":4:0
+
+ASN.1 Write Bitstring / Unused bits #2
+test_asn1_write_bitstrings:"FF":6:"030202FC":4:0
+
+ASN.1 Write Bitstring / Unused bits #3
+test_asn1_write_bitstrings:"FF":5:"030203F8":4:0
+
+ASN.1 Write Bitstring / Unused bits #4
+test_asn1_write_bitstrings:"FF":4:"030204F0":4:0
+
+ASN.1 Write Bitstring / Unused bits #5
+test_asn1_write_bitstrings:"FF":3:"030205E0":4:0
+
+ASN.1 Write Bitstring / Unused bits #6
+test_asn1_write_bitstrings:"FF":2:"030206C0":4:0
+
+ASN.1 Write Bitstring / Unused bits #7
+test_asn1_write_bitstrings:"FF":1:"03020780":4:0
+
+ASN.1 Write Bitstring / 1 trailing bit (bits 15)
+test_asn1_write_bitstrings:"0003":15:"0303010002":5:0
+
+ASN.1 Write Bitstring / 0 bits
+test_asn1_write_bitstrings:"":0:"030100":3:0
+
+ASN.1 Write Bitstring / long string all bits unset except trailing bits
+test_asn1_write_bitstrings:"000000000007":45:"030703000000000000":9:0
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index aae44a8..e45583c 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -78,7 +78,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1PARSE_C */
 void mbedtls_asn1_write_len( int len, data_t * asn1, int buf_len,
                              int result )
 {
@@ -128,3 +128,47 @@
     }
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void test_asn1_write_bitstrings( data_t *bitstring, int bits,
+                                 data_t *expected_asn1, int result,
+                                 int is_named )
+{
+    int ret;
+    size_t i;
+    unsigned char buf[150];
+    unsigned char *p;
+
+    memset( buf, GUARD_VAL, sizeof( buf ) );
+
+    p = buf + GUARD_LEN + expected_asn1->len;
+
+    if ( is_named == 0 )
+    {
+        ret = mbedtls_asn1_write_bitstring( &p,
+                                            buf,
+                                            (unsigned char *)bitstring->x,
+                                            (size_t) bits );
+    }
+    else
+    {
+        ret = mbedtls_asn1_write_named_bitstring( &p,
+                                                  buf,
+                                                  (unsigned char *)bitstring->x,
+                                                  (size_t) bits );
+    }
+    TEST_ASSERT( ret == result );
+
+    /* Check for buffer overwrite on both sides */
+    for( i = 0; i < GUARD_LEN; i++ )
+    {
+        TEST_ASSERT( buf[i] == GUARD_VAL );
+        TEST_ASSERT( buf[GUARD_LEN + expected_asn1->len + i] == GUARD_VAL );
+    }
+
+    if ( result >= 0 )
+    {
+        TEST_ASSERT( memcmp( p, expected_asn1->x, expected_asn1->len ) == 0 );
+    }
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data
index 1ba311f..fd172d3 100644
--- a/tests/suites/test_suite_blowfish.data
+++ b/tests/suites/test_suite_blowfish.data
@@ -1,3 +1,9 @@
+BLOWFISH - Valid parameters
+blowfish_valid_param:
+
+BLOWFISH - Invalid parameters
+blowfish_invalid_param:
+
 BLOWFISH-ECB Encrypt SSLeay reference #1
 blowfish_encrypt_ecb:"0000000000000000":"0000000000000000":"4ef997456198dd78":0
 
@@ -203,13 +209,13 @@
 blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0
 
 BLOWFISH-SETKEY Setkey SSLeay reference #1
-blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
 
 BLOWFISH-SETKEY Setkey SSLeay reference #2
-blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
 
 BLOWFISH-SETKEY Setkey SSLeay reference #3
-blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
 
 BLOWFISH-SETKEY Setkey SSLeay reference #4
 blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0
@@ -281,7 +287,7 @@
 blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0
 
 BLOWFISH-SETKEY Setkey 456 bits
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
 
 BLOWFISH-CBC Encrypt
 blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index 189e23d..7a93cd1 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -8,6 +8,164 @@
  */
 
 /* BEGIN_CASE */
+void blowfish_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void blowfish_invalid_param( )
+{
+    mbedtls_blowfish_context ctx;
+    unsigned char buf[16] = { 0 };
+    size_t const valid_keylength = sizeof( buf ) * 8;
+    size_t valid_mode = MBEDTLS_BLOWFISH_ENCRYPT;
+    size_t invalid_mode = 42;
+    size_t off;
+    ((void) off);
+
+    TEST_INVALID_PARAM( mbedtls_blowfish_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_setkey( NULL,
+                                                     buf,
+                                                     valid_keylength ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_setkey( &ctx,
+                                                     NULL,
+                                                     valid_keylength ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ecb( NULL,
+                                                     valid_mode,
+                                                     buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ecb( &ctx,
+                                                        invalid_mode,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ecb( &ctx,
+                                                        valid_mode,
+                                                        NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ecb( &ctx,
+                                                        valid_mode,
+                                                        buf, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cbc( NULL,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        buf, buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cbc( &ctx,
+                                                        invalid_mode,
+                                                        sizeof( buf ),
+                                                        buf, buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cbc( &ctx,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        NULL, buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cbc( &ctx,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        buf, NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cbc( &ctx,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        buf, buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cfb64( NULL,
+                                                          valid_mode,
+                                                          sizeof( buf ),
+                                                          &off, buf,
+                                                          buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cfb64( &ctx,
+                                                          invalid_mode,
+                                                          sizeof( buf ),
+                                                          &off, buf,
+                                                          buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cfb64( &ctx,
+                                                          valid_mode,
+                                                          sizeof( buf ),
+                                                          NULL, buf,
+                                                          buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cfb64( &ctx,
+                                                          valid_mode,
+                                                          sizeof( buf ),
+                                                          &off, NULL,
+                                                          buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cfb64( &ctx,
+                                                          valid_mode,
+                                                          sizeof( buf ),
+                                                          &off, buf,
+                                                          NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_cfb64( &ctx,
+                                                          valid_mode,
+                                                          sizeof( buf ),
+                                                          &off, buf,
+                                                          buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ctr( NULL,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, buf,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        NULL,
+                                                        buf, buf,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        NULL, buf,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, NULL,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, buf,
+                                                        NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+                            mbedtls_blowfish_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, buf,
+                                                        buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str,
                            data_t * hex_dst_string, int setkey_result )
 {
diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data
index 1429838..671d570 100644
--- a/tests/suites/test_suite_camellia.data
+++ b/tests/suites/test_suite_camellia.data
@@ -1,3 +1,9 @@
+Camellia - Valid parameters
+camellia_valid_param:
+
+Camellia - Invalid parameters
+camellia_invalid_param:
+
 Camellia-128-ECB Encrypt RFC3713 #1
 camellia_encrypt_ecb:"0123456789abcdeffedcba9876543210":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":0
 
@@ -185,10 +191,10 @@
 camellia_decrypt_cfb128:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"555FC3F34BDD2D54C62D9E3BF338C1C4":"F69F2445DF4F9B17AD2B417BE66C3710":"5953ADCE14DB8C7F39F1BD39F359BFFA"
 
 Camellia-ECB Encrypt (Invalid key length)
-camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
 
 Camellia-ECB Decrypt (Invalid key length)
-camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
 
 Camellia-256-CBC Encrypt (Invalid input length)
 camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index d09a610..9408348 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -8,6 +8,172 @@
  */
 
 /* BEGIN_CASE */
+void camellia_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void camellia_invalid_param( )
+{
+    mbedtls_camellia_context ctx;
+    unsigned char buf[16] = { 0 };
+    const size_t valid_keybits   = 128;
+    const int invalid_mode = 42;
+    const int valid_mode = MBEDTLS_CAMELLIA_ENCRYPT;
+    size_t off;
+    ((void) off);
+
+    TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_setkey_enc( NULL,
+                                                         buf,
+                                                         valid_keybits ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_setkey_enc( &ctx,
+                                                         NULL,
+                                                         valid_keybits ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_setkey_dec( NULL,
+                                                         buf,
+                                                         valid_keybits ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_setkey_dec( &ctx,
+                                                         NULL,
+                                                         valid_keybits ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ecb( NULL,
+                                                        valid_mode,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ecb( &ctx,
+                                                        invalid_mode,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ecb( &ctx,
+                                                        valid_mode,
+                                                        NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ecb( &ctx,
+                                                        valid_mode,
+                                                        buf, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cbc( NULL,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        buf, buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cbc( &ctx,
+                                                        invalid_mode,
+                                                        sizeof( buf ),
+                                                        buf, buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cbc( &ctx,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        NULL, buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cbc( &ctx,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        buf, NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cbc( &ctx,
+                                                        valid_mode,
+                                                        sizeof( buf ),
+                                                        buf, buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cfb128( NULL,
+                                                           valid_mode,
+                                                           sizeof( buf ),
+                                                           &off, buf,
+                                                           buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cfb128( &ctx,
+                                                           invalid_mode,
+                                                           sizeof( buf ),
+                                                           &off, buf,
+                                                           buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cfb128( &ctx,
+                                                           valid_mode,
+                                                           sizeof( buf ),
+                                                           NULL, buf,
+                                                           buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cfb128( &ctx,
+                                                           valid_mode,
+                                                           sizeof( buf ),
+                                                           &off, NULL,
+                                                           buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cfb128( &ctx,
+                                                           valid_mode,
+                                                           sizeof( buf ),
+                                                           &off, buf,
+                                                           NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_cfb128( &ctx,
+                                                           valid_mode,
+                                                           sizeof( buf ),
+                                                           &off, buf,
+                                                           buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ctr( NULL,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, buf,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        NULL,
+                                                        buf, buf,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        NULL, buf,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, NULL,
+                                                        buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, buf,
+                                                        NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+                            mbedtls_camellia_crypt_ctr( &ctx,
+                                                        sizeof( buf ),
+                                                        &off,
+                                                        buf, buf,
+                                                        buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void camellia_encrypt_ecb( data_t * key_str, data_t * src_str,
                            data_t * hex_dst_string, int setkey_result )
 {
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index a2d8778..46c172b 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1,6 +1,12 @@
 CCM self test
 mbedtls_ccm_self_test:
 
+CCM - Invalid parameters
+ccm_invalid_param:
+
+CCM - Valid parameters
+ccm_valid_param:
+
 CCM init #1 AES-128: OK
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0
@@ -35,7 +41,8 @@
 CCM lengths #6 tag length not even
 ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT
 
-CCM lenghts #7 AD too long (2^16 - 2^8 + 1)
+CCM lengths #7 AD too long (2^16 - 2^8 + 1)
+depends_on:!MBEDTLS_CCM_ALT
 ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT
 
 CCM lengths #8 msg too long for this IV length (2^16, q = 2)
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 9951ca1..16f9f8e 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -326,3 +326,216 @@
     mbedtls_ccm_free( &ctx );
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ccm_invalid_param( )
+{
+    struct mbedtls_ccm_context ctx;
+    unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+    mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
+    int valid_len = sizeof(valid_buffer);
+    int valid_bitlen = valid_len * 8;
+
+    mbedtls_ccm_init( &ctx );
+
+    /* mbedtls_ccm_init() */
+    TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) );
+
+    /* mbedtls_ccm_setkey() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
+
+    /* mbedtls_ccm_encrypt_and_tag() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_encrypt_and_tag( NULL, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, valid_buffer,
+                                     valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+                                     NULL, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, valid_buffer,
+                                     valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+                                     valid_buffer, valid_len,
+                                     NULL, valid_len,
+                                     valid_buffer, valid_buffer,
+                                     valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, valid_len,
+                                     NULL, valid_buffer,
+                                     valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, NULL,
+                                     valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, valid_len,
+                                     valid_buffer, valid_buffer,
+                                     NULL, valid_len ) );
+
+    /* mbedtls_ccm_star_encrypt_and_tag() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, valid_buffer,
+                                          valid_buffer, valid_len) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+                                          NULL, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, valid_buffer,
+                                          valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+                                          valid_buffer, valid_len,
+                                          NULL, valid_len,
+                                          valid_buffer, valid_buffer,
+                                          valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, valid_len,
+                                          NULL, valid_buffer,
+                                          valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, NULL,
+                                          valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, valid_len,
+                                          valid_buffer, valid_buffer,
+                                          NULL, valid_len ) );
+
+    /* mbedtls_ccm_auth_decrypt() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_auth_decrypt( NULL, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_buffer,
+                                  valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+                                  NULL, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_buffer,
+                                  valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  NULL, valid_len,
+                                  valid_buffer, valid_buffer,
+                                  valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  NULL, valid_buffer,
+                                  valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, NULL,
+                                  valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_buffer,
+                                  NULL, valid_len ) );
+
+    /* mbedtls_ccm_star_auth_decrypt() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_auth_decrypt( NULL, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, valid_buffer,
+                                       valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+                                       NULL, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, valid_buffer,
+                                       valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+                                       valid_buffer, valid_len,
+                                       NULL, valid_len,
+                                       valid_buffer, valid_buffer,
+                                       valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, valid_len,
+                                       NULL, valid_buffer,
+                                       valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, NULL,
+                                       valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CCM_BAD_INPUT,
+        mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, valid_len,
+                                       valid_buffer, valid_buffer,
+                                       NULL, valid_len ) );
+
+exit:
+    mbedtls_ccm_free( &ctx );
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ccm_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) );
+exit:
+    return;
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 669d91e..49b389c 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -82,7 +82,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
 void chacha20_bad_params()
 {
     unsigned char key[32];
@@ -93,42 +93,38 @@
     size_t len = sizeof( src );
     mbedtls_chacha20_context ctx;
 
-    mbedtls_chacha20_init( NULL );
-    mbedtls_chacha20_free( NULL );
+    TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) );
 
-    mbedtls_chacha20_init( &ctx );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_setkey( NULL, key ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_setkey( &ctx, NULL ) );
 
-    TEST_ASSERT( mbedtls_chacha20_setkey( NULL, key )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, NULL )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_starts( NULL, nonce, counter ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_starts( &ctx, NULL, counter ) );
 
-    TEST_ASSERT( mbedtls_chacha20_starts( NULL, nonce, counter )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_starts( &ctx, NULL, counter )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_update( NULL, 0, src, dst ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_update( &ctx, len, NULL, dst ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_update( &ctx, len, src, NULL ) );
 
-    TEST_ASSERT( mbedtls_chacha20_update( NULL, 0, src, dst )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, NULL, dst )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, src, NULL )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_update( &ctx, 0, NULL, NULL )
-                 == 0 );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+                            mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) );
 
-    mbedtls_chacha20_free( &ctx );
+exit:
+    return;
 
-    TEST_ASSERT( mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL )
-                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, 0, NULL, NULL )
-                 == 0 );
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 95dfd8a..8e56bf6 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -118,7 +118,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
 void chachapoly_bad_params()
 {
     unsigned char key[32];
@@ -138,124 +138,114 @@
     memset( output, 0x00, sizeof( output ) );
     memset( mac,    0x00, sizeof( mac ) );
 
-    mbedtls_chachapoly_init( NULL );
-    mbedtls_chachapoly_free( NULL );
+    TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );
 
-    mbedtls_chachapoly_init( &ctx );
+    /* setkey */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_setkey( NULL, key ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_setkey( &ctx, NULL ) );
 
-    TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( NULL,
+    /* encrypt_and_tag */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_encrypt_and_tag( NULL,
                                       0, nonce,
                                       aad, 0,
-                                      input, output, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+                                      input, output, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       0, NULL,
                                       aad, 0,
-                                      input, output, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+                                      input, output, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       0, nonce,
                                       NULL, aad_len,
-                                      input, output, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+                                      input, output, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       input_len, nonce,
                                       aad, 0,
-                                      NULL, output, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+                                      NULL, output, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       input_len, nonce,
                                       aad, 0,
-                                      input, NULL, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+                                      input, NULL, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       0, nonce,
                                       aad, 0,
-                                      input, output, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+                                      input, output, NULL ) );
 
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL,
+    /* auth_decrypt */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_auth_decrypt( NULL,
                                            0, nonce,
                                            aad, 0,
-                                           mac, input, output )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           mac, input, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                            0, NULL,
                                            aad, 0,
-                                           mac, input, output )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           mac, input, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                            0, nonce,
                                            NULL, aad_len,
-                                           mac, input, output )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           mac, input, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                            0, nonce,
                                            aad, 0,
-                                           NULL, input, output )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           NULL, input, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                            input_len, nonce,
                                            aad, 0,
-                                           mac, NULL, output )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           mac, NULL, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                            input_len, nonce,
                                            aad, 0,
-                                           mac, input, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+                                           mac, input, NULL ) );
 
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
-                                      0, nonce,
-                                      aad, aad_len,
-                                      NULL, NULL, mac )
-                 == 0 );
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
-                                           0, nonce,
-                                           aad, aad_len,
-                                           mac, NULL, NULL )
-                 == 0 );
+    /* starts */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_starts( NULL, nonce,
+                                               MBEDTLS_CHACHAPOLY_ENCRYPT ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_starts( &ctx, NULL,
+                                               MBEDTLS_CHACHAPOLY_ENCRYPT ) );
 
-    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
-                                      input_len, nonce,
-                                      NULL, 0,
-                                      input, output, mac )
-                 == 0 );
-    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
-                                           input_len, nonce,
-                                           NULL, 0,
-                                           mac, input, output )
-                 == 0 );
+    /* update_aad */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_update_aad( NULL, aad,
+                                                           aad_len ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_update_aad( &ctx, NULL,
+                                                           aad_len ) );
 
-    TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    /* update */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_update( NULL, input_len,
+                                                       input, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_update( &ctx, input_len,
+                                                       NULL, output ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_update( &ctx, input_len,
+                                                       input, NULL ) );
 
-    TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-
-    TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-
-    TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    /* finish */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_finish( NULL, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                            mbedtls_chachapoly_finish( &ctx, NULL ) );
 
 exit:
-    mbedtls_chachapoly_free( &ctx );
+    return;
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index ada7347..a7d3a6e 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -22,72 +22,464 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void cipher_null_args(  )
+void cipher_invalid_param_unconditional( )
 {
-    mbedtls_cipher_context_t ctx;
-    const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) );
-    unsigned char buf[1] = { 0 };
-    size_t olen;
+    mbedtls_cipher_context_t valid_ctx;
+    mbedtls_cipher_context_t invalid_ctx;
+    mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
+    mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
+    unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
+    int valid_size = sizeof(valid_buffer);
+    int valid_bitlen = valid_size * 8;
+    const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
+        *( mbedtls_cipher_list() ) );
+    size_t size_t_var;
 
-    mbedtls_cipher_init( &ctx );
+    (void)valid_mode; /* In some configurations this is unused */
 
-    TEST_ASSERT( mbedtls_cipher_get_block_size( NULL ) == 0 );
-    TEST_ASSERT( mbedtls_cipher_get_block_size( &ctx ) == 0 );
+    mbedtls_cipher_init( &valid_ctx );
+    mbedtls_cipher_setup( &valid_ctx, valid_info );
+    mbedtls_cipher_init( &invalid_ctx );
 
-    TEST_ASSERT( mbedtls_cipher_get_cipher_mode( NULL ) == MBEDTLS_MODE_NONE );
-    TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &ctx ) == MBEDTLS_MODE_NONE );
+    /* mbedtls_cipher_setup() */
+    TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) ==
+                 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-    TEST_ASSERT( mbedtls_cipher_get_iv_size( NULL ) == 0 );
-    TEST_ASSERT( mbedtls_cipher_get_iv_size( &ctx ) == 0 );
+    /* mbedtls_cipher_get_block_size() */
+    TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 );
 
-    TEST_ASSERT( mbedtls_cipher_info_from_string( NULL ) == NULL );
+    /* mbedtls_cipher_get_cipher_mode() */
+    TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ==
+                 MBEDTLS_MODE_NONE );
 
-    TEST_ASSERT( mbedtls_cipher_setup( &ctx, NULL )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_setup( NULL, info )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_get_iv_size() */
+    TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 );
 
-    TEST_ASSERT( mbedtls_cipher_setkey( NULL, buf, 0, MBEDTLS_ENCRYPT )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_setkey( &ctx, buf, 0, MBEDTLS_ENCRYPT )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_get_type() */
+    TEST_ASSERT(
+        mbedtls_cipher_get_type( &invalid_ctx ) ==
+        MBEDTLS_CIPHER_NONE);
 
-    TEST_ASSERT( mbedtls_cipher_set_iv( NULL, buf, 0 )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, buf, 0 )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_get_name() */
+    TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 );
 
-    TEST_ASSERT( mbedtls_cipher_reset( NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_get_key_bitlen() */
+    TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ==
+                 MBEDTLS_KEY_LENGTH_NONE );
+
+    /* mbedtls_cipher_get_operation() */
+    TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) ==
+                 MBEDTLS_OPERATION_NONE );
+
+    /* mbedtls_cipher_setkey() */
+    TEST_ASSERT(
+        mbedtls_cipher_setkey( &invalid_ctx,
+                               valid_buffer,
+                               valid_bitlen,
+                               valid_operation ) ==
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    /* mbedtls_cipher_set_iv() */
+    TEST_ASSERT(
+        mbedtls_cipher_set_iv( &invalid_ctx,
+                               valid_buffer,
+                               valid_size ) ==
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    /* mbedtls_cipher_reset() */
+    TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) ==
+                 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-    TEST_ASSERT( mbedtls_cipher_update_ad( NULL, buf, 0 )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_update_ad( &ctx, buf, 0 )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_update_ad() */
+    TEST_ASSERT(
+        mbedtls_cipher_update_ad( &invalid_ctx,
+                                  valid_buffer,
+                                  valid_size ) ==
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /* mbedtls_cipher_set_padding_mode() */
+    TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) ==
+                 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 #endif
 
-    TEST_ASSERT( mbedtls_cipher_update( NULL, buf, 0, buf, &olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_update( &ctx, buf, 0, buf, &olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_update() */
+    TEST_ASSERT(
+        mbedtls_cipher_update( &invalid_ctx,
+                               valid_buffer,
+                               valid_size,
+                               valid_buffer,
+                               &size_t_var ) ==
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-    TEST_ASSERT( mbedtls_cipher_finish( NULL, buf, &olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_finish( &ctx, buf, &olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_finish() */
+    TEST_ASSERT(
+        mbedtls_cipher_finish( &invalid_ctx,
+                               valid_buffer,
+                               &size_t_var ) ==
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-    TEST_ASSERT( mbedtls_cipher_write_tag( NULL, buf, olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_write_tag( &ctx, buf, olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_write_tag() */
+    TEST_ASSERT(
+        mbedtls_cipher_write_tag( &invalid_ctx,
+                                  valid_buffer,
+                                  valid_size ) ==
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-    TEST_ASSERT( mbedtls_cipher_check_tag( NULL, buf, olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_cipher_check_tag( &ctx, buf, olen )
-                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    /* mbedtls_cipher_check_tag() */
+    TEST_ASSERT(
+        mbedtls_cipher_check_tag( &invalid_ctx,
+                                  valid_buffer,
+                                  valid_size ) ==
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+exit:
+    mbedtls_cipher_free( &invalid_ctx );
+    mbedtls_cipher_free( &valid_ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void cipher_invalid_param_conditional( )
+{
+    mbedtls_cipher_context_t valid_ctx;
+
+    mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
+    mbedtls_operation_t invalid_operation = 100;
+    mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
+    unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
+    int valid_size = sizeof(valid_buffer);
+    int valid_bitlen = valid_size * 8;
+    const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
+        *( mbedtls_cipher_list() ) );
+
+    size_t size_t_var;
+
+    (void)valid_mode; /* In some configurations this is unused */
+
+    /* mbedtls_cipher_init() */
+    TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) );
+    TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
+
+    /* mbedtls_cipher_setup() */
+    TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_setup( NULL, valid_info ) );
+
+    /* mbedtls_cipher_get_block_size() */
+    TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) );
+
+    /* mbedtls_cipher_get_cipher_mode() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_MODE_NONE,
+        mbedtls_cipher_get_cipher_mode( NULL ) );
+
+    /* mbedtls_cipher_get_iv_size() */
+    TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) );
+
+    /* mbedtls_cipher_get_type() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_CIPHER_NONE,
+        mbedtls_cipher_get_type( NULL ) );
+
+    /* mbedtls_cipher_get_name() */
+    TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) );
+
+    /* mbedtls_cipher_get_key_bitlen() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_KEY_LENGTH_NONE,
+        mbedtls_cipher_get_key_bitlen( NULL ) );
+
+    /* mbedtls_cipher_get_operation() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_OPERATION_NONE,
+        mbedtls_cipher_get_operation( NULL ) );
+
+    /* mbedtls_cipher_setkey() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_setkey( NULL,
+                               valid_buffer,
+                               valid_bitlen,
+                               valid_operation ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_setkey( &valid_ctx,
+                               NULL,
+                               valid_bitlen,
+                               valid_operation ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_setkey( &valid_ctx,
+                               valid_buffer,
+                               valid_bitlen,
+                               invalid_operation ) );
+
+    /* mbedtls_cipher_set_iv() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_set_iv( NULL,
+                               valid_buffer,
+                               valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_set_iv( &valid_ctx,
+                               NULL,
+                               valid_size ) );
+
+    /* mbedtls_cipher_reset() */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+                            mbedtls_cipher_reset( NULL ) );
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
+    /* mbedtls_cipher_update_ad() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_update_ad( NULL,
+                                  valid_buffer,
+                                  valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_update_ad( &valid_ctx,
+                                  NULL,
+                                  valid_size ) );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /* mbedtls_cipher_set_padding_mode() */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+                            mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
 #endif
+
+    /* mbedtls_cipher_update() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_update( NULL,
+                               valid_buffer,
+                               valid_size,
+                               valid_buffer,
+                               &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_update( &valid_ctx,
+                               NULL, valid_size,
+                               valid_buffer,
+                               &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_update( &valid_ctx,
+                               valid_buffer, valid_size,
+                               NULL,
+                               &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_update( &valid_ctx,
+                               valid_buffer, valid_size,
+                               valid_buffer,
+                               NULL ) );
+
+    /* mbedtls_cipher_finish() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_finish( NULL,
+                               valid_buffer,
+                               &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_finish( &valid_ctx,
+                               NULL,
+                               &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_finish( &valid_ctx,
+                               valid_buffer,
+                               NULL ) );
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
+    /* mbedtls_cipher_write_tag() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_write_tag( NULL,
+                                  valid_buffer,
+                                  valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_write_tag( &valid_ctx,
+                                  NULL,
+                                  valid_size ) );
+
+    /* mbedtls_cipher_check_tag() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_check_tag( NULL,
+                                  valid_buffer,
+                                  valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_check_tag( &valid_ctx,
+                                  NULL,
+                                  valid_size ) );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+    /* mbedtls_cipher_crypt() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_crypt( NULL,
+                              valid_buffer, valid_size,
+                              valid_buffer, valid_size,
+                              valid_buffer, &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_crypt( &valid_ctx,
+                              NULL, valid_size,
+                              valid_buffer, valid_size,
+                              valid_buffer, &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_crypt( &valid_ctx,
+                              valid_buffer, valid_size,
+                              NULL, valid_size,
+                              valid_buffer, &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_crypt( &valid_ctx,
+                              valid_buffer, valid_size,
+                              valid_buffer, valid_size,
+                              NULL, &size_t_var ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_crypt( &valid_ctx,
+                              valid_buffer, valid_size,
+                              valid_buffer, valid_size,
+                              valid_buffer, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+    /* mbedtls_cipher_auth_encrypt() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_encrypt( NULL,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_encrypt( &valid_ctx,
+                                     NULL, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_encrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     NULL, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_encrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     NULL, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_encrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     NULL, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_encrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, NULL,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_encrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     NULL, valid_size ) );
+
+    /* mbedtls_cipher_auth_decrypt() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_decrypt( NULL,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_decrypt( &valid_ctx,
+                                     NULL, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_decrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     NULL, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_decrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     NULL, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_decrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     NULL, &size_t_var,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_decrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, NULL,
+                                     valid_buffer, valid_size ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+        mbedtls_cipher_auth_decrypt( &valid_ctx,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, valid_size,
+                                     valid_buffer, &size_t_var,
+                                     NULL, valid_size ) );
+#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
+
+    /* mbedtls_cipher_free() */
+    TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );
+exit:
+    TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) );
 }
 /* END_CASE */
 
@@ -570,6 +962,8 @@
 #else
     if( use_psa == 1 )
     {
+        TEST_ASSERT( psa_crypto_init() == 0 );
+
         /* PSA requires that the tag immediately follows the ciphertext. */
         tmp_cipher = mbedtls_calloc( 1, cipher->len + tag->len );
         TEST_ASSERT( tmp_cipher != NULL );
@@ -712,6 +1106,7 @@
 #else
     if( use_psa == 1 )
     {
+        TEST_ASSERT( psa_crypto_init() == 0 );
         TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
                               mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
     }
diff --git a/tests/suites/test_suite_cipher.misc.data b/tests/suites/test_suite_cipher.misc.data
new file mode 100644
index 0000000..25bfd40
--- /dev/null
+++ b/tests/suites/test_suite_cipher.misc.data
@@ -0,0 +1,5 @@
+CIPHER - Conditional invalid parameter checks
+cipher_invalid_param_conditional:
+
+CIPHER - Unconditional invalid parameter checks
+cipher_invalid_param_unconditional:
diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data
index 1c0ba09..dc4c9d7 100644
--- a/tests/suites/test_suite_cipher.padding.data
+++ b/tests/suites/test_suite_cipher.padding.data
@@ -1,9 +1,6 @@
 Cipher list
 mbedtls_cipher_list:
 
-Cipher null/uninitialised arguments
-cipher_null_args:
-
 Set padding with AES-CBC
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 set_padding:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_PKCS7:0
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index f10e98a..4a97826 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -244,9 +244,11 @@
     }
     TEST_ASSERT( last_idx == test_offset_idx );
 
-    /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT)
-     * (just make sure it doesn't cause memory corruption) */
-    mbedtls_ctr_drbg_update( &ctx, entropy, sizeof( entropy ) );
+    /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
+     * Make sure it's detected as an error and doesn't cause memory
+     * corruption. */
+    TEST_ASSERT( mbedtls_ctr_drbg_update_ret(
+                     &ctx, entropy, sizeof( entropy ) ) != 0 );
 
     /* Now enable PR, so the next few calls should all reseed */
     mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
deleted file mode 100644
index 7f747d0..0000000
--- a/tests/suites/test_suite_debug.data
+++ /dev/null
@@ -1,64 +0,0 @@
-Debug print msg (threshold 1, level 0)
-debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
-
-Debug print msg (threshold 1, level 1)
-debug_print_msg_threshold:1:1:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
-
-Debug print msg (threshold 1, level 2)
-debug_print_msg_threshold:1:2:"MyFile":999:""
-
-Debug print msg (threshold 0, level 1)
-debug_print_msg_threshold:0:1:"MyFile":999:""
-
-Debug print msg (threshold 0, level 5)
-debug_print_msg_threshold:0:5:"MyFile":999:""
-
-Debug print return value #1
-mbedtls_debug_print_ret:"MyFile":999:"Test return value":0:"MyFile(0999)\: Test return value() returned 0 (-0x0000)\n"
-
-Debug print return value #2
-mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0x1000:"MyFile(0999)\: Test return value() returned -4096 (-0x1000)\n"
-
-Debug print return value #3
-mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0xFFFF:"MyFile(0999)\: Test return value() returned -65535 (-0xffff)\n"
-
-Debug print buffer #1
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n"
-
-Debug print buffer #2
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\:  00                                               .\n"
-
-Debug print buffer #3
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\:  00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f  ................\n"
-
-Debug print buffer #4
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\:  00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f  ................\nMyFile(0999)\: 0010\:  00                                               .\n"
-
-Debug print buffer #5
-mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\:  00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f  ................\nMyFile(0999)\: 0010\:  10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f  ................\nMyFile(0999)\: 0020\:  20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f   !"#$%&'()*+,-./\nMyFile(0999)\: 0030\:  30                                               0\n"
-
-Debug print certificate #1 (RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: 01\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued  on        \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on        \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using      \: RSA with SHA1\nMyFile(0999)\: RSA key size      \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\:  a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\:  15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\:  43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\:  dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\:  83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\:  70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\:  4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\:  f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\:  ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\:  24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\:  ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\:  69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\:  73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\:  db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\:  5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\:  ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\:  01 00 01\n"
-
-Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued  on        \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on        \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using      \: ECDSA with SHA256\nMyFile(0999)\: EC key size       \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\:  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\:  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\:  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\:  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\:  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\:  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
-
-Debug print mbedtls_mpi #1
-mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\:  01 02 03 04 05 06 07\n"
-
-Debug print mbedtls_mpi #2
-mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\:  07\n"
-
-Debug print mbedtls_mpi #3
-mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\:  00\n"
-
-Debug print mbedtls_mpi #4
-mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\:  09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\:  14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\:  ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\:  09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\:  af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\:  52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #5
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\:  09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\:  14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\:  ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\:  09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\:  af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\:  52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #6
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\:  41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\:  2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\:  e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\:  18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\:  48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\:  62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
deleted file mode 100644
index 377d630..0000000
--- a/tests/suites/test_suite_debug.function
+++ /dev/null
@@ -1,195 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/debug.h"
-#include "string.h"
-
-struct buffer_data
-{
-    char buf[2000];
-    char *ptr;
-};
-
-void string_debug(void *data, int level, const char *file, int line, const char *str)
-{
-    struct buffer_data *buffer = (struct buffer_data *) data;
-    char *p = buffer->ptr;
-    ((void) level);
-
-    memcpy( p, file, strlen( file ) );
-    p += strlen( file );
-
-    *p++ = '(';
-    *p++ = '0' + ( line / 1000 ) % 10;
-    *p++ = '0' + ( line / 100  ) % 10;
-    *p++ = '0' + ( line / 10   ) % 10;
-    *p++ = '0' + ( line / 1    ) % 10;
-    *p++ = ')';
-    *p++ = ':';
-    *p++ = ' ';
-
-#if defined(MBEDTLS_THREADING_C)
-    /* Skip "thread ID" (up to the first space) as it is not predictable */
-    while( *str++ != ' ' );
-#endif
-
-    memcpy( p, str, strlen( str ) );
-    p += strlen( str );
-
-    /* Detect if debug messages output partial lines and mark them */
-    if( p[-1] != '\n' )
-        *p++ = '*';
-
-    buffer->ptr = p;
-}
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void debug_print_msg_threshold( int threshold, int level, char * file,
-                                int line, char * result_str )
-{
-    mbedtls_ssl_context ssl;
-    mbedtls_ssl_config conf;
-    struct buffer_data buffer;
-
-    mbedtls_ssl_init( &ssl );
-    mbedtls_ssl_config_init( &conf );
-    memset( buffer.buf, 0, 2000 );
-    buffer.ptr = buffer.buf;
-
-    TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
-    mbedtls_debug_set_threshold( threshold );
-    mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
-    mbedtls_debug_print_msg( &ssl, level, file, line,
-                             "Text message, 2 == %d", 2 );
-
-    TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
-                              char * result_str )
-{
-    mbedtls_ssl_context ssl;
-    mbedtls_ssl_config conf;
-    struct buffer_data buffer;
-
-    mbedtls_ssl_init( &ssl );
-    mbedtls_ssl_config_init( &conf );
-    memset( buffer.buf, 0, 2000 );
-    buffer.ptr = buffer.buf;
-
-    TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
-    mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
-    mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
-
-    TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_debug_print_buf( char * file, int line, char * text,
-                              data_t * data, char * result_str )
-{
-    mbedtls_ssl_context ssl;
-    mbedtls_ssl_config conf;
-    struct buffer_data buffer;
-
-    mbedtls_ssl_init( &ssl );
-    mbedtls_ssl_config_init( &conf );
-    memset( buffer.buf, 0, 2000 );
-    buffer.ptr = buffer.buf;
-
-
-    TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
-    mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
-    mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
-
-    TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
-                              char * prefix, char * result_str )
-{
-    mbedtls_x509_crt   crt;
-    mbedtls_ssl_context ssl;
-    mbedtls_ssl_config conf;
-    struct buffer_data buffer;
-
-    mbedtls_ssl_init( &ssl );
-    mbedtls_ssl_config_init( &conf );
-    mbedtls_x509_crt_init( &crt );
-    memset( buffer.buf, 0, 2000 );
-    buffer.ptr = buffer.buf;
-
-    TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
-    mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-    mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
-
-    TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
-void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
-                              char * prefix, char * result_str )
-{
-    mbedtls_ssl_context ssl;
-    mbedtls_ssl_config conf;
-    struct buffer_data buffer;
-    mbedtls_mpi val;
-
-    mbedtls_ssl_init( &ssl );
-    mbedtls_ssl_config_init( &conf );
-    mbedtls_mpi_init( &val );
-    memset( buffer.buf, 0, 2000 );
-    buffer.ptr = buffer.buf;
-
-    TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
-    TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
-
-    mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
-
-    mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
-
-    TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
-
-exit:
-    mbedtls_mpi_free( &val );
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index 734fd97..edebce0 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -1,3 +1,6 @@
+Diffie-Hellman parameter validation
+dhm_invalid_params:
+
 Diffie-Hellman full exchange #1
 dhm_do_dhm:10:"23":10:"5":0
 
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 9a4c99c..8a05a38 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -7,6 +7,113 @@
  * END_DEPENDENCIES
  */
 
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void dhm_invalid_params( )
+{
+    mbedtls_dhm_context ctx;
+    unsigned char buf[42] = { 0 };
+    unsigned char *buf_null = NULL;
+    mbedtls_mpi X;
+    size_t const buflen = sizeof( buf );
+    size_t len;
+
+    TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_dhm_free( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_read_params( NULL,
+                                                     (unsigned char**) &buf,
+                                                     buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_read_params( &ctx, &buf_null, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_read_params( &ctx, NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_read_params( &ctx,
+                                                     (unsigned char**) &buf,
+                                                     NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_make_params( NULL, buflen,
+                                                     buf, &len,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_make_params( &ctx, buflen,
+                                                     NULL, &len,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_make_params( &ctx, buflen,
+                                                     buf, NULL,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_make_params( &ctx, buflen,
+                                                     buf, &len,
+                                                     NULL,
+                                                     NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_set_group( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_set_group( &ctx, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_set_group( &ctx, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_read_public( NULL, buf, buflen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_read_public( &ctx, NULL, buflen ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_make_public( NULL, buflen,
+                                                     buf, buflen,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_make_public( &ctx, buflen,
+                                                     NULL, buflen,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_make_public( &ctx, buflen,
+                                                     buf, buflen,
+                                                     NULL,
+                                                     NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_calc_secret( NULL, buf, buflen,
+                                                     &len, rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_calc_secret( &ctx, NULL, buflen,
+                                                     &len, rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_calc_secret( &ctx, buf, buflen,
+                                                     NULL, rnd_std_rand,
+                                                     NULL ) );
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_parse_dhm( NULL, buf, buflen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_parse_dhm( &ctx, NULL, buflen ) );
+
+#if defined(MBEDTLS_FS_IO)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_parse_dhmfile( NULL, "" ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+                            mbedtls_dhm_parse_dhmfile( &ctx, NULL ) );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+exit:
+    return;
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void dhm_do_dhm( int radix_P, char *input_P,
                  int radix_G, char *input_G, int result )
diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data
index 0165a7e..fb4a232 100644
--- a/tests/suites/test_suite_ecdh.data
+++ b/tests/suites/test_suite_ecdh.data
@@ -1,3 +1,9 @@
+ECDH - Valid parameters
+ecdh_valid_param:
+
+ECDH - Invalid parameters
+ecdh_invalid_param:
+
 ECDH primitive random #1
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 ecdh_primitive_random:MBEDTLS_ECP_DP_SECP192R1
@@ -69,3 +75,35 @@
 ECDH restartable rfc 5903 p256 restart disabled max_ops=250
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:250:0:0
+
+ECDH exchange legacy context
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1
+
+ECDH calc_secret: ours first, SECP256R1 (RFC 5903)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
+
+ECDH calc_secret: theirs first, SECP256R1 (RFC 5903)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
+
+ecdh calc_secret: ours first (Alice), curve25519 (rfc 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":0:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
+ecdh calc_secret: theirs first (Alice), curve25519 (rfc 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":1:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
+ecdh calc_secret: ours first (Bob), curve25519 (rfc 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":0:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
+ECDH get_params with mismatched groups: our BP256R1, their SECP256R1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+
+ECDH get_params with mismatched groups: their SECP256R1, our BP256R1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 9652308..d6bed7f 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -1,5 +1,40 @@
 /* BEGIN_HEADER */
 #include "mbedtls/ecdh.h"
+
+static int load_public_key( int grp_id, data_t *point,
+                            mbedtls_ecp_keypair *ecp )
+{
+    int ok = 0;
+    TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
+    TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
+                                                &ecp->Q,
+                                                point->x,
+                                                point->len ) == 0 );
+    TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
+                                           &ecp->Q ) == 0 );
+    ok = 1;
+exit:
+    return( ok );
+}
+
+static int load_private_key( int grp_id, data_t *private_key,
+                             mbedtls_ecp_keypair *ecp,
+                             rnd_pseudo_info *rnd_info )
+{
+    int ok = 0;
+    TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp,
+                                       private_key->x,
+                                       private_key->len ) == 0 );
+    TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
+    /* Calculate the public key from the private key. */
+    TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
+                                  &ecp->grp.G,
+                                  &rnd_pseudo_rand, rnd_info ) == 0 );
+    ok = 1;
+exit:
+    return( ok );
+}
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -8,6 +43,148 @@
  */
 
 /* BEGIN_CASE */
+void ecdh_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecdh_invalid_param( )
+{
+    mbedtls_ecp_group grp;
+    mbedtls_ecdh_context ctx;
+    mbedtls_mpi m;
+    mbedtls_ecp_point P;
+    mbedtls_ecp_keypair kp;
+    size_t olen;
+    unsigned char buf[42] = { 0 };
+    const unsigned char *buf_null = NULL;
+    size_t const buflen = sizeof( buf );
+    int invalid_side = 42;
+    mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
+
+    TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_gen_public( NULL, &m, &P,
+                                                     rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_gen_public( &grp, NULL, &P,
+                                                     rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_gen_public( &grp, &m, NULL,
+                                                     rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_gen_public( &grp, &m, &P,
+                                                     NULL, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
+                                                         rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
+                                                         rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
+                                                         rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
+                                                         rnd_std_rand, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_setup( NULL, valid_grp ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_params( NULL, &olen,
+                                                      buf, buflen,
+                                                      rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_params( &ctx, NULL,
+                                                      buf, buflen,
+                                                      rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_params( &ctx, &olen,
+                                                      NULL, buflen,
+                                                      rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_params( &ctx, &olen,
+                                                      buf, buflen,
+                                                      NULL, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_read_params( NULL,
+                                                  (const unsigned char**) &buf,
+                                                  buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_read_params( &ctx, &buf_null,
+                                                      buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_read_params( &ctx,
+                                                  (const unsigned char**) &buf,
+                                                  NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_get_params( NULL, &kp,
+                                                     MBEDTLS_ECDH_OURS ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_get_params( &ctx, NULL,
+                                                     MBEDTLS_ECDH_OURS ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_get_params( &ctx, &kp,
+                                                     invalid_side ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_public( NULL, &olen,
+                                                      buf, buflen,
+                                                      rnd_std_rand,
+                                                      NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_public( &ctx, NULL,
+                                                      buf, buflen,
+                                                      rnd_std_rand,
+                                                      NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_public( &ctx, &olen,
+                                                      NULL, buflen,
+                                                      rnd_std_rand,
+                                                      NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_make_public( &ctx, &olen,
+                                                      buf, buflen,
+                                                      NULL,
+                                                      NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_read_public( NULL, buf, buflen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
+                                                      rnd_std_rand,
+                                                      NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
+                                                      rnd_std_rand,
+                                                      NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
+                                                      rnd_std_rand,
+                                                      NULL ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void ecdh_primitive_random( int id )
 {
     mbedtls_ecp_group grp;
@@ -129,27 +306,31 @@
     const unsigned char *vbuf;
     size_t len;
     rnd_pseudo_info rnd_info;
+    unsigned char res_buf[1000];
+    size_t res_len;
 
     mbedtls_ecdh_init( &srv );
     mbedtls_ecdh_init( &cli );
     memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
 
-    TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
+    TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
 
     memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
     TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
-                                   &rnd_pseudo_rand, &rnd_info ) == 0 );
+                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
     TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
 
     memset( buf, 0x00, sizeof( buf ) );
     TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
-                                   &rnd_pseudo_rand, &rnd_info ) == 0 );
+                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
     TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
 
     TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
-                                   &rnd_pseudo_rand, &rnd_info ) == 0 );
-    TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, NULL ) == 0 );
-    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
+                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
+    TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
+                                           NULL, NULL ) == 0 );
+    TEST_ASSERT( len == res_len );
+    TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
 
 exit:
     mbedtls_ecdh_free( &srv );
@@ -172,7 +353,9 @@
     unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES];
     rnd_buf_info rnd_info_A, rnd_info_B;
     int cnt_restart;
+    mbedtls_ecp_group grp;
 
+    mbedtls_ecp_group_init( &grp );
     mbedtls_ecdh_init( &srv );
     mbedtls_ecdh_init( &cli );
 
@@ -184,22 +367,26 @@
     rnd_info_B.buf = rnd_buf_B;
     rnd_info_B.length = unhexify( rnd_buf_B, dB_str );
 
-    TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
+    /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
+     * in every configuration, therefore we load it separately. */
+    TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
 
-    /* otherwise we would have to fix the random buffer,
-     * as in ecdh_primitive_test_vec */
-    TEST_ASSERT( srv.grp.nbits % 8 == 0 );
+    /* Otherwise we would have to fix the random buffer,
+     * as in ecdh_primitive_testvec. */
+    TEST_ASSERT( grp.nbits % 8 == 0 );
+
+    TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
 
     /* set up restart parameters */
     mbedtls_ecp_set_max_ops( max_ops );
 
-    if( enable)
+    if( enable )
     {
         mbedtls_ecdh_enable_restart( &srv );
         mbedtls_ecdh_enable_restart( &cli );
     }
 
-    /* server writes its paramaters */
+    /* server writes its parameters */
     memset( buf, 0x00, sizeof( buf ) );
     len = 0;
 
@@ -269,7 +456,150 @@
     TEST_ASSERT( memcmp( buf, z, len ) == 0 );
 
 exit:
+    mbedtls_ecp_group_free( &grp );
     mbedtls_ecdh_free( &srv );
     mbedtls_ecdh_free( &cli );
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
+void ecdh_exchange_legacy( int id )
+{
+    mbedtls_ecdh_context srv, cli;
+    unsigned char buf[1000];
+    const unsigned char *vbuf;
+    size_t len;
+
+    rnd_pseudo_info rnd_info;
+
+    mbedtls_ecdh_init( &srv );
+    mbedtls_ecdh_init( &cli );
+    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+
+    TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
+
+    memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
+    TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
+                                   &rnd_pseudo_rand, &rnd_info ) == 0 );
+    TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
+
+    memset( buf, 0x00, sizeof( buf ) );
+    TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
+                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
+    TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
+                                           &rnd_pseudo_rand, &rnd_info ) == 0 );
+    TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
+                                           NULL ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
+
+exit:
+    mbedtls_ecdh_free( &srv );
+    mbedtls_ecdh_free( &cli );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ecdh_exchange_calc_secret( int grp_id,
+                                data_t *our_private_key,
+                                data_t *their_point,
+                                int ours_first,
+                                data_t *expected )
+{
+    rnd_pseudo_info rnd_info;
+    mbedtls_ecp_keypair our_key;
+    mbedtls_ecp_keypair their_key;
+    mbedtls_ecdh_context ecdh;
+    unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
+    size_t shared_secret_length = 0;
+
+    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+    mbedtls_ecdh_init( &ecdh );
+    mbedtls_ecp_keypair_init( &our_key );
+    mbedtls_ecp_keypair_init( &their_key );
+
+    if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
+        goto exit;
+    if( ! load_public_key( grp_id, their_point, &their_key ) )
+        goto exit;
+
+    /* Import the keys to the ECDH calculation. */
+    if( ours_first )
+    {
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
+    }
+    else
+    {
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
+    }
+
+    /* Perform the ECDH calculation. */
+    TEST_ASSERT( mbedtls_ecdh_calc_secret(
+                     &ecdh,
+                     &shared_secret_length,
+                     shared_secret, sizeof( shared_secret ),
+                     &rnd_pseudo_rand, &rnd_info ) == 0 );
+    TEST_ASSERT( shared_secret_length == expected->len );
+    TEST_ASSERT( memcmp( expected->x, shared_secret,
+                         shared_secret_length ) == 0 );
+
+exit:
+    mbedtls_ecdh_free( &ecdh );
+    mbedtls_ecp_keypair_free( &our_key );
+    mbedtls_ecp_keypair_free( &their_key );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ecdh_exchange_get_params_fail( int our_grp_id,
+                                    data_t *our_private_key,
+                                    int their_grp_id,
+                                    data_t *their_point,
+                                    int ours_first,
+                                    int expected_ret )
+{
+    rnd_pseudo_info rnd_info;
+    mbedtls_ecp_keypair our_key;
+    mbedtls_ecp_keypair their_key;
+    mbedtls_ecdh_context ecdh;
+
+    memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+    mbedtls_ecdh_init( &ecdh );
+    mbedtls_ecp_keypair_init( &our_key );
+    mbedtls_ecp_keypair_init( &their_key );
+
+    if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
+        goto exit;
+    if( ! load_public_key( their_grp_id, their_point, &their_key ) )
+        goto exit;
+
+    if( ours_first )
+    {
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
+                     expected_ret );
+    }
+    else
+    {
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
+        TEST_ASSERT( mbedtls_ecdh_get_params(
+                         &ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
+                     expected_ret );
+    }
+
+exit:
+    mbedtls_ecdh_free( &ecdh );
+    mbedtls_ecp_keypair_free( &our_key );
+    mbedtls_ecp_keypair_free( &their_key );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index 7e6ec6c..59e209b 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -1,3 +1,6 @@
+ECDSA Parameter validation
+ecdsa_invalid_param:
+
 ECDSA primitive random #1
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 ecdsa_prim_random:MBEDTLS_ECP_DP_SECP192R1
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 7f89952..22d92b6 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -7,6 +7,201 @@
  * END_DEPENDENCIES
  */
 
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecdsa_invalid_param( )
+{
+    mbedtls_ecdsa_context ctx;
+    mbedtls_ecp_keypair key;
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
+    mbedtls_ecp_point P;
+    mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
+    mbedtls_mpi m;
+    size_t slen;
+    unsigned char buf[42] = { 0 };
+
+    TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdsa_sign( NULL, &m, &m, &m,
+                                                buf, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
+                                                buf, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
+                                                buf, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
+                                                buf, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign( &grp, &m, &m, &m,
+                                                NULL, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign( &grp, &m, &m, &m,
+                                                buf, sizeof( buf ),
+                                                NULL, NULL ) );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign_det( NULL, &m, &m, &m,
+                                                buf, sizeof( buf ),
+                                                valid_md ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign_det( &grp, NULL, &m, &m,
+                                                buf, sizeof( buf ),
+                                                valid_md ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign_det( &grp, &m, NULL, &m,
+                                                buf, sizeof( buf ),
+                                                valid_md ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign_det( &grp, &m, &m, NULL,
+                                                buf, sizeof( buf ),
+                                                valid_md ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_sign_det( &grp, &m, &m, &m,
+                                                NULL, sizeof( buf ),
+                                                valid_md ) );
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_verify( NULL,
+                                                  buf, sizeof( buf ),
+                                                  &P, &m, &m ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_verify( &grp,
+                                                  NULL, sizeof( buf ),
+                                                  &P, &m, &m ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_verify( &grp,
+                                                  buf, sizeof( buf ),
+                                                  NULL, &m, &m ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_verify( &grp,
+                                                  buf, sizeof( buf ),
+                                                  &P, NULL, &m ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_verify( &grp,
+                                                  buf, sizeof( buf ),
+                                                  &P, &m, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature( NULL,
+                                                           valid_md,
+                                                           buf, sizeof( buf ),
+                                                           buf, &slen,
+                                                           rnd_std_rand,
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature( &ctx,
+                                                           valid_md,
+                                                           NULL, sizeof( buf ),
+                                                           buf, &slen,
+                                                           rnd_std_rand,
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature( &ctx,
+                                                           valid_md,
+                                                           buf, sizeof( buf ),
+                                                           NULL, &slen,
+                                                           rnd_std_rand,
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature( &ctx,
+                                                           valid_md,
+                                                           buf, sizeof( buf ),
+                                                           buf, NULL,
+                                                           rnd_std_rand,
+                                                           NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature_restartable( NULL,
+                                                           valid_md,
+                                                           buf, sizeof( buf ),
+                                                           buf, &slen,
+                                                           rnd_std_rand,
+                                                           NULL, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature_restartable( &ctx,
+                                                           valid_md,
+                                                           NULL, sizeof( buf ),
+                                                           buf, &slen,
+                                                           rnd_std_rand,
+                                                           NULL, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature_restartable( &ctx,
+                                                           valid_md,
+                                                           buf, sizeof( buf ),
+                                                           NULL, &slen,
+                                                           rnd_std_rand,
+                                                           NULL, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_write_signature_restartable( &ctx,
+                                                           valid_md,
+                                                           buf, sizeof( buf ),
+                                                           buf, NULL,
+                                                           rnd_std_rand,
+                                                           NULL, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_read_signature( NULL,
+                                                        buf, sizeof( buf ),
+                                                        buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_read_signature( &ctx,
+                                                        NULL, sizeof( buf ),
+                                                        buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_read_signature( &ctx,
+                                                        buf, sizeof( buf ),
+                                                        NULL, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_read_signature_restartable( NULL,
+                                                        buf, sizeof( buf ),
+                                                        buf, sizeof( buf ),
+                                                        NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_read_signature_restartable( &ctx,
+                                                        NULL, sizeof( buf ),
+                                                        buf, sizeof( buf ),
+                                                        NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_read_signature_restartable( &ctx,
+                                                        buf, sizeof( buf ),
+                                                        NULL, sizeof( buf ),
+                                                        NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_genkey( NULL, valid_group,
+                                                  rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_genkey( &ctx, valid_group,
+                                                  NULL, NULL ) );
+
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_from_keypair( NULL, &key ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                       mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void ecdsa_prim_random( int id )
 {
@@ -14,7 +209,7 @@
     mbedtls_ecp_point Q;
     mbedtls_mpi d, r, s;
     rnd_pseudo_info rnd_info;
-    unsigned char buf[66];
+    unsigned char buf[MBEDTLS_MD_MAX_SIZE];
 
     mbedtls_ecp_group_init( &grp );
     mbedtls_ecp_point_init( &Q );
diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data
index 1a772a9..84c99c9 100644
--- a/tests/suites/test_suite_ecjpake.data
+++ b/tests/suites/test_suite_ecjpake.data
@@ -1,3 +1,6 @@
+ECJPAKE parameter validation
+ecjpake_invalid_param:
+
 ECJPAKE selftest
 ecjpake_selftest:
 
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 9e4f7a3..d267295 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -98,6 +98,137 @@
  * END_DEPENDENCIES
  */
 
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecjpake_invalid_param( )
+{
+    mbedtls_ecjpake_context ctx;
+    unsigned char buf[42] = { 0 };
+    size_t olen;
+    size_t const len = sizeof( buf );
+    mbedtls_ecjpake_role valid_role = MBEDTLS_ECJPAKE_SERVER;
+    mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42;
+    mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
+    mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1;
+
+    TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_setup( NULL,
+                                                   valid_role,
+                                                   valid_md,
+                                                   valid_group,
+                                                   buf, len ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_setup( &ctx,
+                                                   invalid_role,
+                                                   valid_md,
+                                                   valid_group,
+                                                   buf, len ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_setup( &ctx,
+                                                   valid_role,
+                                                   valid_md,
+                                                   valid_group,
+                                                   NULL, len ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_check( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_one( NULL,
+                                                             buf, len,
+                                                             &olen,
+                                                             rnd_std_rand,
+                                                             NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_one( &ctx,
+                                                             NULL, len,
+                                                             &olen,
+                                                             rnd_std_rand,
+                                                             NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_one( &ctx,
+                                                             buf, len,
+                                                             NULL,
+                                                             rnd_std_rand,
+                                                             NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_one( &ctx,
+                                                             buf, len,
+                                                             &olen,
+                                                             NULL,
+                                                             NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_two( NULL,
+                                                             buf, len,
+                                                             &olen,
+                                                             rnd_std_rand,
+                                                             NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_two( &ctx,
+                                                             NULL, len,
+                                                             &olen,
+                                                             rnd_std_rand,
+                                                             NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_two( &ctx,
+                                                             buf, len,
+                                                             NULL,
+                                                             rnd_std_rand,
+                                                             NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_write_round_two( &ctx,
+                                                             buf, len,
+                                                             &olen,
+                                                             NULL,
+                                                             NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_read_round_one( NULL,
+                                                            buf, len ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_read_round_one( &ctx,
+                                                            NULL, len ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_read_round_two( NULL,
+                                                            buf, len ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_read_round_two( &ctx,
+                                                            NULL, len ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_derive_secret( NULL,
+                                                           buf, len,
+                                                           &olen,
+                                                           rnd_std_rand,
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_derive_secret( &ctx,
+                                                           NULL, len,
+                                                           &olen,
+                                                           rnd_std_rand,
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_derive_secret( &ctx,
+                                                           buf, len,
+                                                           NULL,
+                                                           rnd_std_rand,
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecjpake_derive_secret( &ctx,
+                                                           buf, len,
+                                                           &olen,
+                                                           NULL,
+                                                           NULL ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void ecjpake_selftest(  )
 {
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 321a1b4..8653366 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -1,3 +1,9 @@
+ECP valid params
+ecp_valid_param:
+
+ECP invalid params
+ecp_invalid_param:
+
 ECP curve info #1
 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
 mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_BP512R1:28:512:"brainpoolP512r1"
@@ -46,10 +52,6 @@
 depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
 ecp_check_pub:MBEDTLS_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":MBEDTLS_ERR_ECP_INVALID_KEY
 
-ECP write binary #0 (zero, bad format)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"01":"01":"00":ECP_PF_UNKNOWN:"00":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-
 ECP write binary #1 (zero, uncompressed, buffer just fits)
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"01":"01":"00":MBEDTLS_ECP_PF_UNCOMPRESSED:"00":1:0
@@ -86,6 +88,14 @@
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"93112b28345b7d1d7799611e49bea9d8290cb2d7afe1f9f3":"01":MBEDTLS_ECP_PF_COMPRESSED:"0348d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":25:0
 
+ECP write binary #10 (Montgomery, buffer just fits)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_binary:MBEDTLS_ECP_DP_CURVE25519:"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff":"0":"1":MBEDTLS_ECP_PF_COMPRESSED:"ffeeddccbbaa00998877665544332211ffeeddccbbaa00998877665544332211":32:0
+
+ECP write binary #11 (Montgomery, buffer too small)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_binary:MBEDTLS_ECP_DP_CURVE25519:"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff":"0":"1":MBEDTLS_ECP_PF_COMPRESSED:"ffeeddccbbaa00998877665544332211ffeeddccbbaa00998877665544332211":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+
 ECP read binary #1 (zero, invalid ilen)
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 ecp_read_binary:MBEDTLS_ECP_DP_SECP192R1:"0000":"01":"01":"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@@ -110,6 +120,30 @@
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 ecp_read_binary:MBEDTLS_ECP_DP_SECP192R1:"0448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":0
 
+ECP read binary #7 (Curve25519, OK)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":0
+
+ECP read binary #8 (Curve25519, masked first bit)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4efa":"7a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":0
+
+ECP read binary #9 (Curve25519, too short)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"20f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f020":"0":"1":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+
+ECP read binary #10 (Curve25519, non-canonical)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f":"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"0":"1":0
+
+ECP read binary #11 (Curve25519, masked non-canonical)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"0":"1":0
+
+ECP read binary #12 (Curve25519, too long)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a00":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+
 ECP tls read point #1 (zero, invalid length byte)
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 mbedtls_ecp_tls_read_point:MBEDTLS_ECP_DP_SECP192R1:"0200":"01":"01":"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@@ -242,6 +276,68 @@
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 mbedtls_ecp_gen_key:MBEDTLS_ECP_DP_SECP192R1
 
+ECP read key #1 (short weierstrass, too small)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #2 (short weierstrass, smallest)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"01":0
+
+ECP read key #3 (short weierstrass, biggest)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830":0
+
+ECP read key #4 (short weierstrass, too big)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #5 (Curve25519, most significant bit set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"000000000000000000000000000000000000000000000000000000000000000C":0
+
+ECP read key #6 (Curve25519, second most significant bit unset)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3":0
+
+ECP read key #7 (Curve25519, msb OK)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000004":0
+
+ECP read key #8 (Curve25519, bit 0 set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"1000000000000000000000000000000000000000000000000000000000000000":0
+
+ECP read key #9 (Curve25519, bit 1 set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"2000000000000000000000000000000000000000000000000000000000000004":0
+
+ECP read key #10 (Curve25519, bit 2 set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"4000000000000000000000000000000000000000000000000000000000000004":0
+
+ECP read key #11 (Curve25519, OK)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":0
+
+ECP read key #12 (Curve25519, too long)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"00000000000000000000000000000000000000000000000000000000000000000C":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #13 (Curve25519, not long enough)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #14 (Curve448, not supported)
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE448:"FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
+ECP read key #15 (Curve25519, not supported)
+depends_on:!MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
+ECP read key #15 (invalid curve)
+mbedtls_ecp_read_key:INT_MAX:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
 ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 65c487e..7eeea28 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -14,6 +14,351 @@
  */
 
 /* BEGIN_CASE */
+void ecp_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) );
+    TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) );
+    TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecp_invalid_param( )
+{
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_keypair kp;
+    mbedtls_ecp_point P;
+    mbedtls_mpi m;
+    const char *x = "deadbeef";
+    int valid_fmt   = MBEDTLS_ECP_PF_UNCOMPRESSED;
+    int invalid_fmt = 42;
+    size_t olen;
+    unsigned char buf[42] = { 0 };
+    const unsigned char *null_buf = NULL;
+    mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    mbedtls_ecp_restart_ctx restart_ctx;
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+    TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) );
+    TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) );
+    TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+    TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) );
+    TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_copy( NULL, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_copy( &P, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_group_copy( NULL, &grp ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_group_copy( &grp, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_privkey( NULL,
+                                                     &m,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_privkey( &grp,
+                                                     NULL,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_privkey( &grp,
+                                                     &m,
+                                                     NULL,
+                                                     NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_set_zero( NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_is_zero( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_cmp( NULL, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_cmp( &P, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_read_string( NULL, 2,
+                                                           x, x ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_read_string( &P, 2,
+                                                           NULL, x ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_read_string( &P, 2,
+                                                           x, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_write_binary( NULL, &P,
+                                                      valid_fmt,
+                                                      &olen,
+                                                      buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_write_binary( &grp, NULL,
+                                                      valid_fmt,
+                                                      &olen,
+                                                      buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_write_binary( &grp, &P,
+                                                      invalid_fmt,
+                                                      &olen,
+                                                      buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_write_binary( &grp, &P,
+                                                      valid_fmt,
+                                                      NULL,
+                                                      buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_write_binary( &grp, &P,
+                                                      valid_fmt,
+                                                      &olen,
+                                                      NULL, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_read_binary( NULL, &P, buf,
+                                                     sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_read_binary( &grp, NULL, buf,
+                                                     sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_point_read_binary( &grp, &P, NULL,
+                                                     sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_point( NULL, &P,
+                                                 (const unsigned char **) &buf,
+                                                 sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_point( &grp, NULL,
+                                                 (const unsigned char **) &buf,
+                                                 sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_point( &grp, &P, &null_buf,
+                                                        sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_point( &grp, &P, NULL,
+                                                    sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_point( NULL, &P,
+                                                     valid_fmt,
+                                                     &olen,
+                                                     buf,
+                                                     sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_point( &grp, NULL,
+                                                     valid_fmt,
+                                                     &olen,
+                                                     buf,
+                                                     sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_point( &grp, &P,
+                                                     invalid_fmt,
+                                                     &olen,
+                                                     buf,
+                                                     sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_point( &grp, &P,
+                                                     valid_fmt,
+                                                     NULL,
+                                                     buf,
+                                                     sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_point( &grp, &P,
+                                                     valid_fmt,
+                                                     &olen,
+                                                     NULL,
+                                                     sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_group_load( NULL, valid_group ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_group( NULL,
+                                                 (const unsigned char **) &buf,
+                                                 sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_group( &grp, NULL,
+                                                        sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_group( &grp, &null_buf,
+                                                        sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_group_id( NULL,
+                                                 (const unsigned char **) &buf,
+                                                 sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_group_id( &valid_group, NULL,
+                                                        sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_read_group_id( &valid_group,
+                                                           &null_buf,
+                                                           sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_group( NULL, &olen,
+                                                       buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_group( &grp, NULL,
+                                                       buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_tls_write_group( &grp, &olen,
+                                                       NULL, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul( NULL, &P, &m, &P,
+                                             rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul( &grp, NULL, &m, &P,
+                                             rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul( &grp, &P, NULL, &P,
+                                             rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul( &grp, &P, &m, NULL,
+                                             rnd_std_rand, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul_restartable( NULL, &P, &m, &P,
+                                                 rnd_std_rand, NULL , NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P,
+                                                 rnd_std_rand, NULL , NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P,
+                                                 rnd_std_rand, NULL , NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL,
+                                                 rnd_std_rand, NULL , NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd( NULL, &P, &m, &P,
+                                                &m, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd( &grp, NULL, &m, &P,
+                                                &m, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd( &grp, &P, NULL, &P,
+                                                &m, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd( &grp, &P, &m, NULL,
+                                                &m, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd( &grp, &P, &m, &P,
+                                                NULL, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd( &grp, &P, &m, &P,
+                                                &m, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P,
+                                                            &m, &P, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P,
+                                                            &m, &P, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P,
+                                                            &m, &P, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL,
+                                                            &m, &P, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
+                                                            NULL, &P, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
+                                                            &m, NULL, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_check_pubkey( NULL, &P ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_check_pubkey( &grp, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_check_pub_priv( NULL, &kp ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_check_pub_priv( &kp, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_check_privkey( NULL, &m ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_check_privkey( &grp, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair_base( NULL, &P,
+                                                          &m, &P,
+                                                          rnd_std_rand,
+                                                          NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair_base( &grp, NULL,
+                                                          &m, &P,
+                                                          rnd_std_rand,
+                                                          NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair_base( &grp, &P,
+                                                          NULL, &P,
+                                                          rnd_std_rand,
+                                                          NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair_base( &grp, &P,
+                                                          &m, NULL,
+                                                          rnd_std_rand,
+                                                          NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair_base( &grp, &P,
+                                                          &m, &P,
+                                                          NULL,
+                                                          NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair( NULL,
+                                                     &m, &P,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair( &grp,
+                                                     NULL, &P,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair( &grp,
+                                                     &m, NULL,
+                                                     rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_keypair( &grp,
+                                                     &m, &P,
+                                                     NULL,
+                                                     NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_key( valid_group, NULL,
+                                                 rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                            mbedtls_ecp_gen_key( valid_group, &kp,
+                                                 NULL, NULL ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name )
 {
     const mbedtls_ecp_curve_info *by_id, *by_tls, *by_name;
@@ -417,8 +762,18 @@
     if( ret == 0 )
     {
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
-        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
-        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
+        if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+        {
+            TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, 0 ) == 0 );
+            TEST_ASSERT( P.Y.p == NULL );
+            TEST_ASSERT( mbedtls_mpi_cmp_int( &Z, 1 ) == 0 );
+            TEST_ASSERT( mbedtls_mpi_cmp_int( &P.Z, 1 ) == 0 );
+        }
+        else
+        {
+            TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
+            TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
+        }
     }
 
 exit:
@@ -663,6 +1018,28 @@
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void mbedtls_ecp_read_key( int grp_id, data_t* in_key, int expected )
+{
+    int ret = 0;
+    mbedtls_ecp_keypair key;
+
+    mbedtls_ecp_keypair_init( &key );
+
+    ret = mbedtls_ecp_read_key( grp_id, &key, in_key->x, in_key->len );
+    TEST_ASSERT( ret == expected );
+
+    if( expected == 0 )
+    {
+        ret = mbedtls_ecp_check_privkey( &key.grp, &key.d );
+        TEST_ASSERT( ret == 0 );
+    }
+
+exit:
+    mbedtls_ecp_keypair_free( &key );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void ecp_selftest(  )
 {
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 4d3bba1..1fcb681 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -103,6 +103,175 @@
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void gcm_invalid_param( )
+{
+    mbedtls_gcm_context ctx;
+    unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+    mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
+    int valid_mode = MBEDTLS_GCM_ENCRYPT;
+    int valid_len = sizeof(valid_buffer);
+    int valid_bitlen = 128, invalid_bitlen = 1;
+
+    mbedtls_gcm_init( &ctx );
+
+    /* mbedtls_gcm_init() */
+    TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) );
+
+    /* mbedtls_gcm_setkey */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
+
+    /* mbedtls_gcm_crypt_and_tag() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, valid_buffer,
+                                   valid_len, valid_buffer ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+                                   NULL, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, valid_buffer,
+                                   valid_len, valid_buffer ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+                                   valid_buffer, valid_len,
+                                   NULL, valid_len,
+                                   valid_buffer, valid_buffer,
+                                   valid_len, valid_buffer ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, valid_len,
+                                   NULL, valid_buffer,
+                                   valid_len, valid_buffer ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, NULL,
+                                   valid_len, valid_buffer ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, valid_len,
+                                   valid_buffer, valid_buffer,
+                                   valid_len, NULL ) );
+
+    /* mbedtls_gcm_auth_decrypt() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_auth_decrypt( NULL, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_buffer) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+                                  NULL, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_buffer) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  NULL, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_buffer) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  NULL, valid_len,
+                                  valid_buffer, valid_buffer) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  NULL, valid_buffer) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, valid_len,
+                                  valid_buffer, NULL) );
+
+    /* mbedtls_gcm_starts() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_starts( NULL, valid_mode,
+                            valid_buffer, valid_len,
+                            valid_buffer, valid_len ) );
+
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_starts( &ctx, valid_mode,
+                            NULL, valid_len,
+                            valid_buffer, valid_len ) );
+
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_starts( &ctx, valid_mode,
+                            valid_buffer, valid_len,
+                            NULL, valid_len ) );
+
+    /* mbedtls_gcm_update() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_update( NULL, valid_len,
+                            valid_buffer, valid_buffer ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_update( &ctx, valid_len,
+                            NULL, valid_buffer ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_update( &ctx, valid_len,
+                            valid_buffer, NULL ) );
+
+    /* mbedtls_gcm_finish() */
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_finish( NULL, valid_buffer, valid_len ) );
+    TEST_INVALID_PARAM_RET(
+        MBEDTLS_ERR_GCM_BAD_INPUT,
+        mbedtls_gcm_finish( &ctx, NULL, valid_len ) );
+
+exit:
+    mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_gcm_free( NULL ) );
+exit:
+    return;
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void gcm_selftest(  )
 {
diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data
new file mode 100644
index 0000000..cf01526
--- /dev/null
+++ b/tests/suites/test_suite_gcm.misc.data
@@ -0,0 +1,5 @@
+GCM - Invalid parameters
+gcm_invalid_param:
+
+GCM - Valid parameters
+gcm_valid_param:
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 6ea3b29..f2be148 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -1,3 +1,9 @@
+MPI - Valid parameters
+mpi_valid_param:
+
+MPI - Invalid parameters
+mpi_invalid_param:
+
 Arguments with no value
 mpi_null:
 
@@ -52,6 +58,9 @@
 Base test mbedtls_mpi_read_binary #1
 mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924"
 
+Base test mbedtls_mpi_read_binary_le #1
+mbedtls_mpi_read_binary_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"219946662473865722255717126709915431768051735954189829340600976826409773245337023925691629251672268961177825243440202069039100741562168093042339401187848509859789949044607421190014088260008793380554914226244485299326152319899746569"
+
 Base test mbedtls_mpi_write_binary #1
 mbedtls_mpi_write_binary:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0
 
@@ -61,6 +70,15 @@
 Test mbedtls_mpi_write_binary #2 (Buffer too small)
 mbedtls_mpi_write_binary:16:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
 
+Base test mbedtls_mpi_write_binary_le #1
+mbedtls_mpi_write_binary_le:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d374109":200:0
+
+Test mbedtls_mpi_write_binary_le #1 (Buffer just fits)
+mbedtls_mpi_write_binary_le:16:"123123123123123123123123123":"2331122331122331122331122301":14:0
+
+Test mbedtls_mpi_write_binary_le #2 (Buffer too small)
+mbedtls_mpi_write_binary_le:16:"123123123123123123123123123":"23311223311223311223311223":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
 Base test mbedtls_mpi_read_file #1
 mbedtls_mpi_read_file:10:"data_files/mpi_10":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0
 
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 9c1d78f..67894e6 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -51,6 +51,220 @@
  */
 
 /* BEGIN_CASE */
+void mpi_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void mpi_invalid_param( )
+{
+    mbedtls_mpi X;
+    const char *s_in = "00101000101010";
+    char s_out[16] = { 0 };
+    unsigned char u_out[16] = { 0 };
+    unsigned char u_in[16] = { 0 };
+    size_t olen;
+    mbedtls_mpi_uint mpi_uint;
+
+    TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_grow( NULL, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_copy( NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_copy( &X, NULL ) );
+
+    TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) );
+    TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_lset( NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_get_bit( NULL, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_set_bit( NULL, 42, 0 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_read_string( NULL, 2, s_in ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_read_string( &X, 2, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_write_string( NULL, 2,
+                                                      s_out, sizeof( s_out ),
+                                                      &olen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_write_string( &X, 2,
+                                                      NULL, sizeof( s_out ),
+                                                      &olen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_write_string( &X, 2,
+                                                      s_out, sizeof( s_out ),
+                                                      NULL ) );
+
+#if defined(MBEDTLS_FS_IO)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_read_file( NULL, 2, stdin ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_read_file( &X, 2, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_write_file( "", NULL, 2, NULL ) );
+#endif /* MBEDTLS_FS_IO */
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_read_binary( NULL, u_in,
+                                                     sizeof( u_in ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_read_binary( &X, NULL,
+                                                     sizeof( u_in ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_write_binary( NULL, u_out,
+                                                      sizeof( u_out ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_write_binary( &X, NULL,
+                                                      sizeof( u_out ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_shift_l( NULL, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_shift_r( NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_cmp_abs( NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_cmp_abs( &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_cmp_mpi( NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_cmp_mpi( &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_cmp_int( NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_abs( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_abs( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_abs( &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_abs( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_abs( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_abs( &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_mpi( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_mpi( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_mpi( &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_mpi( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_mpi( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_mpi( &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_int( NULL, &X, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_add_int( &X, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_int( NULL, &X, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_sub_int( &X, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mul_mpi( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mul_mpi( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mul_mpi( &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mul_int( NULL, &X, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mul_int( &X, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_div_int( &X, &X, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mod_mpi( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mod_mpi( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mod_mpi( &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mod_int( NULL, &X, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_fill_random( NULL, 42, rnd_std_rand,
+                                                     NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_gcd( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_gcd( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_gcd( &X, &X, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_inv_mod( NULL, &X, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_inv_mod( &X, NULL, &X ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+                            mbedtls_mpi_inv_mod( &X, &X, NULL ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void mpi_null(  )
 {
     mbedtls_mpi X, Y, Z;
@@ -99,14 +313,33 @@
 void mbedtls_mpi_read_binary( data_t * buf, int radix_A, char * input_A )
 {
     mbedtls_mpi X;
-    unsigned char str[1000];
+    char str[1000];
     size_t len;
 
     mbedtls_mpi_init( &X );
 
 
     TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
-    TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, (char *) str, sizeof( str ), &len ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
+    TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
+
+exit:
+    mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_mpi_read_binary_le( data_t * buf, int radix_A, char * input_A )
+{
+    mbedtls_mpi X;
+    char str[1000];
+    size_t len;
+
+    mbedtls_mpi_init( &X );
+
+
+    TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
     TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
 
 exit:
@@ -145,6 +378,37 @@
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void mbedtls_mpi_write_binary_le( int radix_X, char * input_X,
+                                  data_t * input_A, int output_size,
+                                  int result )
+{
+    mbedtls_mpi X;
+    unsigned char buf[1000];
+    size_t buflen;
+
+    memset( buf, 0x00, 1000 );
+
+    mbedtls_mpi_init( &X );
+
+    TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+
+    buflen = mbedtls_mpi_size( &X );
+    if( buflen > (size_t) output_size )
+        buflen = (size_t) output_size;
+
+    TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result );
+    if( result == 0)
+    {
+
+        TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
+    }
+
+exit:
+    mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
 void mbedtls_mpi_read_file( int radix_X, char * input_file,
                             data_t * input_A, int result )
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index ae3ef80..f1acde9 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -30,7 +30,7 @@
     memset( key, 0, sizeof( key ) );
 
     /*
-     * 1. Check wrap and unwrap with two seperate contexts
+     * 1. Check wrap and unwrap with two separate contexts
      */
     mbedtls_nist_kw_init( &ctx1 );
     mbedtls_nist_kw_init( &ctx2 );
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
new file mode 100644
index 0000000..759a010
--- /dev/null
+++ b/tests/suites/test_suite_oid.data
@@ -0,0 +1,8 @@
+OID get Any Policy certificate policy
+oid_get_certificate_policies:"551D2000":"Any Policy"
+
+OID get certificate policy invalid oid
+oid_get_certificate_policies:"5533445566":""
+
+OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
+oid_get_certificate_policies:"551D23":""
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
new file mode 100644
index 0000000..e95e48d
--- /dev/null
+++ b/tests/suites/test_suite_oid.function
@@ -0,0 +1,34 @@
+/* BEGIN_HEADER */
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "string.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_OID_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C*/
+void oid_get_certificate_policies( data_t * oid, char * result_str )
+{
+    mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
+    int ret;
+    const char *desc;
+
+    asn1_buf.tag = MBEDTLS_ASN1_OID;
+    asn1_buf.p = oid->x;
+    asn1_buf.len = oid->len;
+
+    ret = mbedtls_oid_get_certificate_policies( &asn1_buf, &desc );
+    if( strlen( result_str ) == 0 )
+    {
+        TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+    }
+    else
+    {
+        TEST_ASSERT( strcmp( ( char* )desc, result_str ) == 0 );
+    }
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index a6a0089..ea5fc4f 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -1,3 +1,13 @@
+PK invalid parameters
+invalid_parameters:
+
+PK valid parameters
+valid_parameters:
+
+PK write valid parameters
+depends_on:MBEDTLS_RSA_C
+valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12"
+
 PK utils: RSA
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
 pk_utils:MBEDTLS_PK_RSA:512:64:"RSA"
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 9168b1d..de90b47 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -2,6 +2,8 @@
 #include "mbedtls/pk.h"
 
 /* For error codes */
+#include "mbedtls/asn1.h"
+#include "mbedtls/base64.h"
 #include "mbedtls/ecp.h"
 #include "mbedtls/rsa.h"
 
@@ -74,28 +76,28 @@
  * or PK_PSA_INVALID_SLOT if no slot was available.
  * The key uses NIST P-256 and is usable for signing with SHA-256.
  */
-psa_key_slot_t pk_psa_genkey( void )
+psa_key_handle_t pk_psa_genkey( void )
 {
-    psa_key_slot_t key;
+    psa_key_handle_t key;
 
     const int curve = PSA_ECC_CURVE_SECP256R1;
-    const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEYPAIR(curve);
+    const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve);
     const size_t bits = 256;
     psa_key_policy_t policy;
 
-    /* find a free key slot */
-    if( PSA_SUCCESS != mbedtls_psa_get_free_key_slot( &key ) )
+    /* Allocate a key slot */
+    if( PSA_SUCCESS != psa_allocate_key( &key ) )
         return( PK_PSA_INVALID_SLOT );
 
     /* set up policy on key slot */
-    psa_key_policy_init( &policy );
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
                                       PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
     if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
         return( PK_PSA_INVALID_SLOT );
 
     /* generate key */
-    if( PSA_SUCCESS != psa_generate_key( key, type, bits, NULL, 0 ) )
+    if( PSA_SUCCESS != psa_generate_key_to_handle( key, type, bits, NULL, 0 ) )
         return( PK_PSA_INVALID_SLOT );
 
     return( key );
@@ -112,7 +114,7 @@
 void pk_psa_utils(  )
 {
     mbedtls_pk_context pk, pk2;
-    psa_key_slot_t key;
+    psa_key_handle_t key;
 
     const char * const name = "Opaque";
     const size_t bitlen = 256; /* harcoded in genkey() */
@@ -122,6 +124,8 @@
     size_t len;
     mbedtls_pk_debug_item dbg;
 
+    TEST_ASSERT( psa_crypto_init() == 0 );
+
     mbedtls_pk_init( &pk );
     mbedtls_pk_init( &pk2 );
 
@@ -180,6 +184,426 @@
 
 
 /* BEGIN_CASE */
+void valid_parameters( )
+{
+    mbedtls_pk_context pk;
+    unsigned char buf[1];
+    size_t len;
+    void *options = NULL;
+
+    mbedtls_pk_init( &pk );
+
+    TEST_VALID_PARAM( mbedtls_pk_free( NULL ) );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+    TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) );
+#endif
+
+    TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    /* In informational functions, we accept NULL where a context pointer
+     * is expected because that's what the library has done forever.
+     * We do not document that NULL is accepted, so we may wish to change
+     * the behavior in a future version. */
+    TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 );
+    TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 );
+    TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 );
+
+    TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
+                                              MBEDTLS_MD_NONE,
+                                              NULL, 0,
+                                              buf, &len,
+                                              rnd_std_rand, NULL,
+                                              NULL ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
+                                              MBEDTLS_MD_NONE,
+                                              NULL, 0,
+                                              buf, &len,
+                                              rnd_std_rand, NULL,
+                                              NULL ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_pk_sign( &pk,
+                                  MBEDTLS_MD_NONE,
+                                  NULL, 0,
+                                  buf, &len,
+                                  rnd_std_rand, NULL ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_pk_verify_restartable( &pk,
+                                                MBEDTLS_MD_NONE,
+                                                NULL, 0,
+                                                buf, sizeof( buf ),
+                                                NULL ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_pk_verify( &pk,
+                                    MBEDTLS_MD_NONE,
+                                    NULL, 0,
+                                    buf, sizeof( buf ) ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+                                        &pk,
+                                        MBEDTLS_MD_NONE,
+                                        NULL, 0,
+                                        buf, sizeof( buf ) ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_pk_encrypt( &pk,
+                                     NULL, 0,
+                                     NULL, &len, 0,
+                                     rnd_std_rand, NULL ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_pk_decrypt( &pk,
+                                     NULL, 0,
+                                     NULL, &len, 0,
+                                     rnd_std_rand, NULL ) ==
+                 MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+    TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) ==
+                 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+
+    TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
+                 MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+#endif /* MBEDTLS_PK_PARSE_C */
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */
+void valid_parameters_pkwrite( data_t *key_data )
+{
+    mbedtls_pk_context pk;
+
+    /* For the write tests to be effective, we need a valid key pair. */
+    mbedtls_pk_init( &pk );
+    TEST_ASSERT( mbedtls_pk_parse_key( &pk,
+                                       key_data->x, key_data->len,
+                                       NULL, 0 ) == 0 );
+
+    TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
+                 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) ==
+                 MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+    TEST_ASSERT( mbedtls_pk_write_key_pem( &pk, NULL, 0 ) ==
+                 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+
+    TEST_ASSERT( mbedtls_pk_write_pubkey_pem( &pk, NULL, 0 ) ==
+                 MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+exit:
+    mbedtls_pk_free( &pk );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void invalid_parameters( )
+{
+    size_t len;
+    unsigned char *null_buf = NULL;
+    unsigned char buf[1];
+    unsigned char *p = buf;
+    char str[1] = {0};
+    mbedtls_pk_context pk;
+    mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
+    void *options = buf;
+
+    (void) null_buf;
+    (void) p;
+    (void) str;
+
+    mbedtls_pk_init( &pk );
+
+    TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+    TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) );
+#endif
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_setup( NULL, NULL ) );
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_setup_rsa_alt( NULL, buf,
+                                                      NULL, NULL, NULL ) );
+#endif
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_restartable( NULL,
+                                                           MBEDTLS_MD_NONE,
+                                                           buf, sizeof( buf ),
+                                                           buf, sizeof( buf ),
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_restartable( &pk,
+                                                           MBEDTLS_MD_NONE,
+                                                           NULL, sizeof( buf ),
+                                                           buf, sizeof( buf ),
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_restartable( &pk,
+                                                           valid_md,
+                                                           NULL, 0,
+                                                           buf, sizeof( buf ),
+                                                           NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_restartable( &pk,
+                                                           MBEDTLS_MD_NONE,
+                                                           buf, sizeof( buf ),
+                                                           NULL, sizeof( buf ),
+                                                           NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify( NULL,
+                                               MBEDTLS_MD_NONE,
+                                               buf, sizeof( buf ),
+                                               buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify( &pk,
+                                               MBEDTLS_MD_NONE,
+                                               NULL, sizeof( buf ),
+                                               buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify( &pk,
+                                               valid_md,
+                                               NULL, 0,
+                                               buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify( &pk,
+                                               MBEDTLS_MD_NONE,
+                                               buf, sizeof( buf ),
+                                               NULL, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+                                                   NULL,
+                                                   MBEDTLS_MD_NONE,
+                                                   buf, sizeof( buf ),
+                                                   buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+                                                   &pk,
+                                                   MBEDTLS_MD_NONE,
+                                                   NULL, sizeof( buf ),
+                                                   buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+                                                   &pk,
+                                                   valid_md,
+                                                   NULL, 0,
+                                                   buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+                                                   &pk,
+                                                   MBEDTLS_MD_NONE,
+                                                   buf, sizeof( buf ),
+                                                   NULL, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign_restartable( NULL,
+                                                         MBEDTLS_MD_NONE,
+                                                         buf, sizeof( buf ),
+                                                         buf, &len,
+                                                         rnd_std_rand, NULL,
+                                                         NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign_restartable( &pk,
+                                                         MBEDTLS_MD_NONE,
+                                                         NULL, sizeof( buf ),
+                                                         buf, &len,
+                                                         rnd_std_rand, NULL,
+                                                         NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign_restartable( &pk,
+                                                         valid_md,
+                                                         NULL, 0,
+                                                         buf, &len,
+                                                         rnd_std_rand, NULL,
+                                                         NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign_restartable( &pk,
+                                                         MBEDTLS_MD_NONE,
+                                                         buf, sizeof( buf ),
+                                                         NULL, &len,
+                                                         rnd_std_rand, NULL,
+                                                         NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign( NULL,
+                                             MBEDTLS_MD_NONE,
+                                             buf, sizeof( buf ),
+                                             buf, &len,
+                                             rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign( &pk,
+                                             MBEDTLS_MD_NONE,
+                                             NULL, sizeof( buf ),
+                                             buf, &len,
+                                             rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign( &pk,
+                                             valid_md,
+                                             NULL, 0,
+                                             buf, &len,
+                                             rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_sign( &pk,
+                                             MBEDTLS_MD_NONE,
+                                             buf, sizeof( buf ),
+                                             NULL, &len,
+                                             rnd_std_rand, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_decrypt( NULL,
+                                                buf, sizeof( buf ),
+                                                buf, &len, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_decrypt( &pk,
+                                                NULL, sizeof( buf ),
+                                                buf, &len, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_decrypt( &pk,
+                                                buf, sizeof( buf ),
+                                                NULL, &len, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_decrypt( &pk,
+                                                buf, sizeof( buf ),
+                                                buf, NULL, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_encrypt( NULL,
+                                                buf, sizeof( buf ),
+                                                buf, &len, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_encrypt( &pk,
+                                                NULL, sizeof( buf ),
+                                                buf, &len, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_encrypt( &pk,
+                                                buf, sizeof( buf ),
+                                                NULL, &len, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_encrypt( &pk,
+                                                buf, sizeof( buf ),
+                                                buf, NULL, sizeof( buf ),
+                                                rnd_std_rand, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_check_pair( NULL, &pk ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_check_pair( &pk, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_debug( NULL, NULL ) );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+#if defined(MBEDTLS_FS_IO)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_load_file( NULL, &p, &len ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_load_file( str, NULL, &len ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_load_file( str, &p, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_keyfile( NULL, str, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_public_keyfile( NULL, str ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_public_keyfile( &pk, NULL ) );
+#endif
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_subpubkey( &p, buf, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_key( NULL,
+                                                  buf, sizeof( buf ),
+                                                  buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_key( &pk,
+                                                  NULL, sizeof( buf ),
+                                                  buf, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_public_key( NULL,
+                                                         buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_parse_public_key( &pk,
+                                                         NULL, sizeof( buf ) ) );
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey( NULL, p, &pk ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey( &null_buf, p, &pk ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey( &p, NULL, &pk ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey( &p, p, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey_der( NULL,
+                                                         buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey_der( &pk,
+                                                         NULL, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_key_der( NULL,
+                                                      buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_key_der( &pk,
+                                                      NULL, sizeof( buf ) ) );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey_pem( NULL,
+                                                         buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_pubkey_pem( &pk,
+                                                         NULL, sizeof( buf ) ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_key_pem( NULL,
+                                                      buf, sizeof( buf ) ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+                            mbedtls_pk_write_key_pem( &pk,
+                                                      NULL, sizeof( buf ) ) );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#endif /* MBEDTLS_PK_WRITE_C */
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void pk_utils( int type, int size, int len, char * name )
 {
     mbedtls_pk_context pk;
@@ -778,44 +1202,65 @@
 void pk_psa_sign(  )
 {
     mbedtls_pk_context pk;
-    psa_key_slot_t key;
-    unsigned char hash[50], sig[100], pkey[100];
-    size_t sig_len, klen = 0;
+    unsigned char hash[50], sig[100], pkey_legacy[100], pkey_psa[100];
+    unsigned char *pkey_legacy_start, *pkey_psa_start;
+    size_t sig_len, klen_legacy, klen_psa;
+    int ret;
+    psa_key_handle_t handle;
 
     /*
      * This tests making signatures with a wrapped PSA key:
-     * - generate a fresh PSA key
+     * - generate a fresh ECP legacy PK context
      * - wrap it in a PK context and make a signature this way
      * - extract the public key
      * - parse it to a PK context and verify the signature this way
      */
 
+    /* Create legacy EC public/private key in PK context. */
     mbedtls_pk_init( &pk );
+    TEST_ASSERT( mbedtls_pk_setup( &pk,
+                      mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+    TEST_ASSERT( mbedtls_ecp_gen_key( MBEDTLS_ECP_DP_SECP256R1,
+                                      (mbedtls_ecp_keypair*) pk.pk_ctx,
+                                      rnd_std_rand, NULL ) == 0 );
+
+    /* Export underlying public key for re-importing in a legacy context. */
+    ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
+                                       sizeof( pkey_legacy ) );
+    TEST_ASSERT( ret >= 0 );
+    klen_legacy = (size_t) ret;
+    /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
+    pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
+
+    /* Turn PK context into an opaque one. */
+    TEST_ASSERT( psa_allocate_key( &handle ) == PSA_SUCCESS );
+    TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle,
+                                            PSA_ALG_SHA_256 ) == 0 );
 
     memset( hash, 0x2a, sizeof hash );
     memset( sig, 0, sizeof sig );
-    memset( pkey, 0, sizeof pkey );
-
-    key = pk_psa_genkey();
-    TEST_ASSERT( key != 0 );
-
-    TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
 
     TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256,
                  hash, sizeof hash, sig, &sig_len,
                  NULL, NULL ) == 0 );
 
-    mbedtls_pk_free( &pk );
+    /* Export underlying public key for re-importing in a psa context. */
+    ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa,
+                                       sizeof( pkey_psa ) );
+    TEST_ASSERT( ret >= 0 );
+    klen_psa = (size_t) ret;
+    /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
+    pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa;
 
-    TEST_ASSERT( PSA_SUCCESS == psa_export_public_key(
-                                key, pkey, sizeof( pkey ), &klen ) );
-    TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
+    TEST_ASSERT( klen_psa == klen_legacy );
+    TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 );
+
+    mbedtls_pk_free( &pk );
+    TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) );
 
     mbedtls_pk_init( &pk );
-
-    TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey, klen ) == 0 );
-
-
+    TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start,
+                                              klen_legacy ) == 0 );
     TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
                             hash, sizeof hash, sig, sig_len ) == 0 );
 
diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data
index 0309400..b4cf09a 100644
--- a/tests/suites/test_suite_pkcs1_v15.data
+++ b/tests/suites/test_suite_pkcs1_v15.data
@@ -1,3 +1,9 @@
+RSAES-V15 Encryption input=NULL with length=0
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_NONE:"":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb3267c6697351ff4aec29cdbaabf2fbe34676cac0":"42c6fce63a3b858ba89fe83004cac3651d1497c15090bf0086b9a4b9ff3bd451502838a413095aefe231832ba10bb467ae3f95c889cd8e9a6e32b4df633b2170d07a2168c086745f0017cf1d9facff2eee55af2fcb03730209173b2a0bbfb2d4c34d7ea93b3b0cb84a8a7b6371670e14482e6dcedbdd9efe66d906e0238586fe":0
+
+RSAES-V15 Decryption empty output with NULL buffer
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_NONE:"":"aafd12f659cae63489b479e5076ddec2f06cb58f":"42c6fce63a3b858ba89fe83004cac3651d1497c15090bf0086b9a4b9ff3bd451502838a413095aefe231832ba10bb467ae3f95c889cd8e9a6e32b4df633b2170d07a2168c086745f0017cf1d9facff2eee55af2fcb03730209173b2a0bbfb2d4c34d7ea93b3b0cb84a8a7b6371670e14482e6dcedbdd9efe66d906e0238586fe":0
+
 RSAES-V15 Encryption Test Vector Int
 pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb32":"6c5ebca6116b1e91316613fbb5e93197270a849122d549122d05815e2626f80d20f7f3f038c98295203c0f7f6bb8c3568455c67dec82bca86be86eff43b56b7ba2d15375f9a42454c2a2c709953a6e4a977462e35fd21a9c2fb3c0ad2a370f7655267bf6f04814784982988e663b869fc8588475af860d499e5a6ffdfc2c6bfd":0
 
@@ -33,3 +39,93 @@
 
 RSASSA-V15 Verification Test Vector Int
 pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0
+
+RSAES-V15 decoding: good, payload=max, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:117:0
+
+RSAES-V15 decoding: good, payload=max, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:128:0
+
+RSAES-V15 decoding: good, payload=max-1, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:116:0
+
+RSAES-V15 decoding: good, payload=max-1, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:117:0
+
+RSAES-V15 decoding: good, payload=1
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"00025050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":1:1:0
+
+RSAES-V15 decoding: good, empty payload
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":0:0:0
+
+RSAES-V15 decoding: payload=max, output too large
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:116:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+
+RSAES-V15 decoding: payload=max-1, output too large
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:115:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+
+RSAES-V15 decoding: bad first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0102505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: bad second byte (0 instead of 2)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0000505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: bad second byte (1 instead of 2)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0001505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: padding too short (0)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000200":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: padding too short (7)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050500000ffffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: unfinished padding
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: good, payload=max, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:117:0
+
+EMSA-V15 decoding: good, payload=max, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:128:0
+
+EMSA-V15 decoding: good, payload=max-1, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:116:0
+
+EMSA-V15 decoding: good, payload=max-1, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:117:0
+
+EMSA-V15 decoding: good, payload=1
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":1:1:0
+
+EMSA-V15 decoding: good, empty payload
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":0:0:0
+
+EMSA-V15 decoding: bad first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0101ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: bad second byte (0 instead of 1)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: bad second byte (2 instead of 1)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0002ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: padding too short (0)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"000100":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: padding too short (7)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffff0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: invalid padding at first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffe00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: invalid padding at last byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: unfinished padding
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: unfinished padding with invalid first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: unfinished padding with invalid last byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 83f417c..3ef4e2c 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -32,11 +32,11 @@
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-
+    if( message_str->len == 0 )
+        message_str->x = NULL;
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
     if( result == 0 )
     {
-
         TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
@@ -78,12 +78,17 @@
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-
-    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
-    if( result == 0 )
+    if( result_hex_str->len == 0 )
     {
-
-        TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 );
+        TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result );
+    }
+    else
+    {
+        TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
+        if( result == 0 )
+        {
+            TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 );
+        }
     }
 
 exit:
@@ -94,6 +99,154 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
+void pkcs1_v15_decode( int mode,
+                       data_t *input,
+                       int expected_plaintext_length_arg,
+                       int output_size_arg,
+                       int expected_result )
+{
+    size_t expected_plaintext_length = expected_plaintext_length_arg;
+    size_t output_size = output_size_arg;
+    rnd_pseudo_info rnd_info;
+    mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
+    mbedtls_rsa_context ctx;
+    static unsigned char N[128] = {
+        0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
+        0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
+        0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
+        0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
+        0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
+        0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
+        0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
+        0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
+        0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
+        0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
+        0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
+        0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
+        0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
+        0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
+        0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
+        0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
+    };
+    static unsigned char E[1] = { 0x03 };
+    static unsigned char P[64] = {
+        0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
+        0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
+        0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
+        0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
+        0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
+        0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
+        0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
+        0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
+    };
+    static unsigned char Q[64] = {
+        0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
+        0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
+        0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
+        0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
+        0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
+        0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
+        0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
+        0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
+    };
+    unsigned char original[128];
+    unsigned char intermediate[128];
+    static unsigned char default_content[128] = {
+        /* A randomly generated pattern. */
+        0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
+        0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
+        0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
+        0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
+        0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
+        0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
+        0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
+        0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
+        0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
+        0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
+        0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
+        0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
+        0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
+        0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
+        0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
+        0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
+    };
+    unsigned char final[128];
+    size_t output_length = 0x7EA0;
+
+    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+    mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
+    mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
+    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+
+    TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
+
+    TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
+                                     NULL, &Empi ) == 0 );
+    TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
+
+    TEST_ASSERT( input->len <= sizeof( N ) );
+    memcpy( original, input->x, input->len );
+    memset( original + input->len, 'd', sizeof( original ) - input->len );
+    if( mode == MBEDTLS_RSA_PRIVATE )
+        TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
+    else
+        TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info,
+                                          original, intermediate ) == 0 );
+
+    memcpy( final, default_content, sizeof( final ) );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
+                                            &rnd_pseudo_rand, &rnd_info,
+                                            mode,
+                                            &output_length,
+                                            intermediate,
+                                            final,
+                                            output_size ) == expected_result );
+    if( expected_result == 0 )
+    {
+        TEST_ASSERT( output_length == expected_plaintext_length );
+        TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
+                             final,
+                             output_length ) == 0 );
+    }
+    else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
+             expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
+    {
+        size_t max_payload_length =
+            output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
+        size_t i;
+        size_t count = 0;
+
+#if !defined(MBEDTLS_RSA_ALT)
+        /* Check that the output in invalid cases is what the default
+         * implementation currently does. Alternative implementations
+         * may produce different output, so we only perform these precise
+         * checks when using the default implementation. */
+        TEST_ASSERT( output_length == max_payload_length );
+        for( i = 0; i < max_payload_length; i++ )
+            TEST_ASSERT( final[i] == 0 );
+#endif
+        /* Even in alternative implementations, the outputs must have
+         * changed, otherwise it indicates at least a timing vulnerability
+         * because no write to the outputs is performed in the bad case. */
+        TEST_ASSERT( output_length != 0x7EA0 );
+        for( i = 0; i < max_payload_length; i++ )
+            count += ( final[i] == default_content[i] );
+        /* If more than 16 bytes are unchanged in final, that's evidence
+         * that final wasn't overwritten. */
+        TEST_ASSERT( count < 16 );
+    }
+
+exit:
+    mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
+    mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
+    mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
                             char * input_Q, int radix_N, char * input_N,
                             int radix_E, char * input_E, int digest, int hash,
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index 291c305..012867c 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -187,6 +187,10 @@
 RSAES-OAEP Encryption Example 10_6
 pkcs1_rsaes_oaep_encrypt:2048:16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46":0
 
+RSAES-OAEP Encryption input=NULL with length=0
+depends_on:MBEDTLS_SHA1_C
+pkcs1_rsaes_oaep_encrypt:2048:16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"32b75304e631e94d4b02819642c7ffa66116af504cb3c4687420cc4b7f069fc6cc3b1a254611995ce2914a9e88152d38bbf87ccedcad9b9890341284e56e802a1b1f8f6bd3d5c991bd92eb8a8ea0a1d8bae141088ff8dceaebdb73515cf06ce33baa37c53093f1d1edc3502818cc70edcfddb41646374beb5b4f67f7f773e43778d4d31012e5a207c474e762ac3251ea6ede9018ad6e8e9ea65a3528a62b694eb9d8becff220a7c6c70d33eaafa52cf67a8090f67b6f9c43c6fe0b0f2375cbb9e611c0fcfef5312feb5e53d4a89d3d7e06c966e0c92ab9e5838239f390bcfd918d94c224df8e8ccb57ee364389908b6a0e550133f7565016804fbd6cb338314a":0
+
 RSAES-OAEP Decryption Test Vector Int
 pkcs1_rsaes_oaep_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":0
 
@@ -370,6 +374,10 @@
 RSAES-OAEP Decryption Example 10_6
 pkcs1_rsaes_oaep_decrypt:2048:16:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":16:"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46":0
 
+RSAES-OAEP Decryption empty output with NULL buffer
+depends_on:MBEDTLS_SHA1_C
+pkcs1_rsaes_oaep_decrypt:2048:16:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":16:"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"32b75304e631e94d4b02819642c7ffa66116af504cb3c4687420cc4b7f069fc6cc3b1a254611995ce2914a9e88152d38bbf87ccedcad9b9890341284e56e802a1b1f8f6bd3d5c991bd92eb8a8ea0a1d8bae141088ff8dceaebdb73515cf06ce33baa37c53093f1d1edc3502818cc70edcfddb41646374beb5b4f67f7f773e43778d4d31012e5a207c474e762ac3251ea6ede9018ad6e8e9ea65a3528a62b694eb9d8becff220a7c6c70d33eaafa52cf67a8090f67b6f9c43c6fe0b0f2375cbb9e611c0fcfef5312feb5e53d4a89d3d7e06c966e0c92ab9e5838239f390bcfd918d94c224df8e8ccb57ee364389908b6a0e550133f7565016804fbd6cb338314a":0
+
 RSASSA-PSS Signing Test Vector Int
 pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
 
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 99be08a..180bc4a 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -32,11 +32,11 @@
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-
+    if( message_str->len == 0 )
+        message_str->x = NULL;
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
     if( result == 0 )
     {
-
         TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
@@ -79,12 +79,17 @@
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-
-    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
-    if( result == 0 )
+    if( result_hex_str->len == 0 )
     {
-
-        TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
+        TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result );
+    }
+    else
+    {
+        TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
+        if( result == 0 )
+        {
+            TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
+        }
     }
 
 exit:
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 3ad782d..43c275e 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -5,7 +5,7 @@
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
+ * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
  * END_DEPENDENCIES
  */
 
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 62d2ad9..066bb39 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -88,7 +88,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
 void poly1305_bad_params()
 {
     unsigned char src[1];
@@ -97,38 +97,33 @@
     size_t src_len = sizeof( src );
     mbedtls_poly1305_context ctx;
 
-    mbedtls_poly1305_init( NULL );
-    mbedtls_poly1305_free( NULL );
+    TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) );
+    TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) );
 
-    mbedtls_poly1305_init( &ctx );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_starts( NULL, key ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_starts( &ctx, NULL ) );
 
-    TEST_ASSERT( mbedtls_poly1305_starts( NULL, key )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_poly1305_starts( &ctx, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_update( NULL, src, 0 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_update( &ctx, NULL, src_len ) );
 
-    TEST_ASSERT( mbedtls_poly1305_update( NULL, src, 0 )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, src_len )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, 0 )
-                 == 0 );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_finish( NULL, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_finish( &ctx, NULL ) );
 
-    TEST_ASSERT( mbedtls_poly1305_finish( NULL, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_poly1305_finish( &ctx, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_mac( NULL, src, 0, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_mac( key, NULL, src_len, mac ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+                 mbedtls_poly1305_mac( key, src, 0, NULL ) );
 
-    TEST_ASSERT( mbedtls_poly1305_mac( NULL, src, 0, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, src_len, mac )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_poly1305_mac( key, src, 0, NULL )
-                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, 0, mac )
-                 == 0 );
-
-    mbedtls_poly1305_free( &ctx );
+exit:
+    return;
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index f660809..f4dc19d 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1,6 +1,24 @@
 PSA compile-time sanity checks
 static_checks:
 
+PSA key attributes structure
+attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128
+
+PSA key attributes: id only
+persistence_attributes:0x1234:-1:-1:0x1234:PSA_KEY_LIFETIME_PERSISTENT
+
+PSA key attributes: lifetime=3 only
+persistence_attributes:-1:3:-1:0:3
+
+PSA key attributes: id then back to volatile
+persistence_attributes:0x1234:PSA_KEY_LIFETIME_VOLATILE:-1:0:PSA_KEY_LIFETIME_VOLATILE
+
+PSA key attributes: id then lifetime
+persistence_attributes:0x1234:3:-1:0x1234:3
+
+PSA key attributes: lifetime then id
+persistence_attributes:0x1234:3:0x1235:0x1235:3
+
 PSA import/export raw: 0 bytes
 import_export:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_SUCCESS:1
 
@@ -25,56 +43,18 @@
 depends_on:MBEDTLS_AES_C
 import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
 
-PSA import to non empty key slot
-depends_on:MBEDTLS_AES_C
-import_key_nonempty_slot
+PSA invalid handle (0)
+invalid_handle:0
 
-PSA export invalid handle (0)
-export_invalid_handle:0:PSA_ERROR_INVALID_HANDLE
+PSA invalid handle (smallest plausible handle)
+invalid_handle:1
 
-PSA export invalid handle (smallest plausible handle)
-export_invalid_handle:1:PSA_ERROR_INVALID_HANDLE
-
-PSA export invalid handle (largest plausible handle)
-export_invalid_handle:-1:PSA_ERROR_INVALID_HANDLE
-
-PSA export a slot where there was some activity but no key material creation
-export_with_no_key_activity
-
-PSA setup cipher where there was some activity on key but no key material creation
-cipher_with_no_key_activity
-
-PSA export a slot after a failed import of a AES key
-depends_on:MBEDTLS_AES_C
-export_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
-
-PSA export a slot after a failed import of a RSA key
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_PARSE_C
-export_after_import_failure:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
-
-PSA export a slot after a failed import of an EC keypair
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-export_after_import_failure:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
-
-PSA setup cipher after a failed import of a AES key
-depends_on:MBEDTLS_AES_C
-cipher_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
-
-PSA export RSA public key from a slot where there was an import followed by destroy.
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-export_after_destroy_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY
-
-PSA export AES key from a slot where there was an import followed by destroy.
-depends_on:MBEDTLS_AES_C
-export_after_destroy_key:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES
-
-PSA export EC key from a slot where there was an import followed by destroy.
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-export_after_destroy_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1)
+PSA invalid handle (largest plausible handle)
+invalid_handle:-1
 
 PSA import AES: bad key size
 depends_on:MBEDTLS_AES_C
-import:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
+import:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export RSA public key: good, 1024-bit
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -102,47 +82,47 @@
 
 PSA import/export RSA keypair: good, 1024-bit
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (+1 byte)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2-1)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:609:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:609:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:610:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:610:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: good, larger buffer (*2+1)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:611:PSA_SUCCESS:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:611:PSA_SUCCESS:1
 
 PSA import/export RSA keypair: export buffer too small
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export RSA keypair: trailing garbage ignored
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0
 
 PSA import RSA keypair: truncated
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import RSA keypair: public key
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+import:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import RSA public key: key pair
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_INVALID_ARGUMENT
+import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import RSA keypair: valid key but EC
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export-public RSA public key: good, 1024-bit
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -150,7 +130,7 @@
 
 PSA import/export-public RSA keypair: good, 1024-bit
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export-public RSA public key: buffer too small
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -158,7 +138,7 @@
 
 PSA import/export-public RSA keypair: buffer too small
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
 
 PSA import/export RSA public key: 1016-bit (good)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -166,79 +146,79 @@
 
 PSA import/export RSA keypair: 1016-bit (good)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1016:0:PSA_SUCCESS:1
+import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1016:0:PSA_SUCCESS:1
 
 PSA import RSA public key: 1022-bit (not supported)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED
+import:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED
 
 PSA import RSA keypair: 1022-bit (not supported)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED
+import:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED
 
 PSA import RSA public key: 1023-bit (not supported)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ERROR_NOT_SUPPORTED
+import:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED
 
 PSA import RSA keypair: 1023-bit (not supported)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_NOT_SUPPORTED
+import:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED
 
 PSA import/export EC secp224r1 key pair: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
-import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:224:0:PSA_SUCCESS:1
+import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:224:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp224r1: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
-import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
+import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7"
 
 PSA import/export EC secp256r1 key pair: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
+import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp256r1: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
+import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
 
 PSA import/export EC secp384r1 key pair: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
+import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp384r1: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
+import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
 
 PSA import/export EC secp521r1 key pair: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:521:0:PSA_SUCCESS:1
+import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:521:0:PSA_SUCCESS:1
 
 PSA import/export-public EC secp521r1: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
+import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP521R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
 
 PSA import/export EC brainpool256r1 key pair: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
-import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
+import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool256r1: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
-import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
+import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
 
 PSA import/export EC brainpool384r1 key pair: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
-import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
+import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:384:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool384r1: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
-import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
+import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
 
 PSA import/export EC brainpool512r1 key pair: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:512:0:PSA_SUCCESS:1
+import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_EXPORT:512:0:PSA_SUCCESS:1
 
 PSA import/export-public EC brainpool512r1: good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
+import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
 
 PSA import/export-public: cannot export-public a symmetric key
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
@@ -258,11 +238,11 @@
 
 PSA import/export RSA keypair: policy forbids export (crypt)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export RSA keypair: policy forbids export (sign)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:1024:0:PSA_ERROR_NOT_PERMITTED:1
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:1024:0:PSA_ERROR_NOT_PERMITTED:1
 
 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS
 # extension which we may drop in the future.
@@ -272,31 +252,35 @@
 
 PSA import/export RSA keypair: import PEM
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:0
+import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:0
 
 PSA import EC keypair: DER format
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import EC keypair: too short
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import EC keypair: public key
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import EC keypair: secp256r1, all-bits-zero (bad)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import EC keypair: secp256r1, d == n - 1 (good)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_SUCCESS
+import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_SUCCESS
 
 PSA import EC keypair: secp256r1, d == n (bad)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import EC keypair: secp256r1, d > n (bad)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
+import:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import EC public key: key pair
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -304,15 +288,31 @@
 # one would expect the status to be PSA_ERROR_INVALID_ARGUMENT. But the
 # Mbed TLS pkparse module returns MBEDTLS_ERR_PK_INVALID_ALG, I think because
 # it's looking for an OID where there is no OID.
-import:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_NOT_SUPPORTED
+import:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_NOT_SUPPORTED
 
 PSA import EC keypair: valid key but RSA
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C
-import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ERROR_INVALID_ARGUMENT
+import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):0:PSA_ERROR_INVALID_ARGUMENT
 
-PSA import failure preserves policy
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_twice:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_SUCCESS
+PSA import AES: bits=0 ok
+depends_on:MBEDTLS_AES_C
+import:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:0:PSA_SUCCESS
+
+PSA import AES: bits=128 ok
+depends_on:MBEDTLS_AES_C
+import:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_SUCCESS
+
+PSA import AES: bits=256 wrong
+depends_on:MBEDTLS_AES_C
+import:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:256:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import AES: bits=256 ok
+depends_on:MBEDTLS_AES_C
+import:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:256:PSA_SUCCESS
+
+PSA import AES: bits=128 wrong
+depends_on:MBEDTLS_AES_C
+import:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import RSA key pair: maximum size exceeded
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
@@ -325,8 +325,8 @@
 PSA key policy set and get
 key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING
 
-Key policy initializers zero properly
-key_policy_init:
+Key attributes initializers zero properly
+key_attributes_init:
 
 PSA key policy: MAC, sign | verify
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -390,63 +390,71 @@
 
 PSA key policy: asymmetric encryption, encrypt | decrypt
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
 
-PSA key policy: asymmetric encryption, wrong algorithm
+PSA key policy: asymmetric encryption, wrong algorithm (v1.5/OAEP)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA key policy: asymmetric encryption, wrong algorithm (OAEP with different hash)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA key policy: asymmetric encryption, ANY_HASH in policy is not meaningful
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
 
 PSA key policy: asymmetric encryption, encrypt but not decrypt
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
 
 PSA key policy: asymmetric encryption, decrypt but not encrypt
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
 
 PSA key policy: asymmetric encryption, neither encrypt nor decrypt
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
+asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
 
 PSA key policy: asymmetric signature, sign | verify
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
 
 PSA key policy: asymmetric signature, wrong algorithm family
 depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
 
 PSA key policy: asymmetric signature, wildcard in policy, wrong algorithm family
 depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
 
 PSA key policy: asymmetric signature, wildcard in policy, ECDSA SHA-256
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32
 
 PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32
 
 PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 raw
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
 
 PSA key policy: asymmetric signature, wrong hash algorithm
 depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
 
 PSA key policy: asymmetric signature, sign but not verify
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
 
 PSA key policy: asymmetric signature, verify but not sign
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
 
 PSA key policy: asymmetric signature, neither sign nor verify
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
 
 PSA key policy: derive via HKDF, permitted
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -472,17 +480,141 @@
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
 
-PSA key policy: agreement, permitted
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+PSA key policy: agreement + KDF, permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
 
-PSA key policy: agreement, not permitted
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+PSA key policy: agreement + KDF, not permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
 
-PSA key policy: agreement, wrong algorithm
+PSA key policy: agreement + KDF, wrong agreement algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+
+PSA key policy: agreement + KDF, wrong KDF algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224))
+
+PSA key policy: agreement + KDF, key only permits raw agreement
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+
+PSA key policy: raw agreement, permitted
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+
+PSA key policy: raw agreement, not permitted
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+
+PSA key policy: raw agreement, wrong algorithm
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH
+
+PSA key policy: raw agreement, key only permits a KDF
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+
+Copy key: raw, 0 bytes
+copy_success:PSA_KEY_USAGE_COPY:0:PSA_KEY_TYPE_RAW_DATA:"":1:-1:-1:PSA_KEY_USAGE_COPY:0
+
+Copy key: AES, copy attributes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
+
+Copy key: AES, same usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
+
+Copy key: AES, fewer usage flags (-EXPORT)
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, fewer usage flags (-COPY)
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
+
+Copy key: AES, 1 more usage flag
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, 2 more usage flags
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, intersect usage flags #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: AES, intersect usage flags #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+Copy key: RSA key pair, same usage flags
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, fewer usage flags
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, more usage flags
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, intersect usage flags #0
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, intersect usage flags #1
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, wildcard algorithm in source
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, wildcard algorithm in target
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
+
+Copy key: RSA key pair, wildcard algorithm in source and target
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+Copy fail: raw data, no COPY flag
+copy_fail:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_PERMITTED
+
+Copy key: AES, no COPY flag
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+copy_fail:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ERROR_NOT_PERMITTED
+
+Copy fail: AES, incompatible target policy
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible target policy (source wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible target policy (target wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, incompatible target policy (source and target wildcard)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: RSA, ANY_HASH is not meaningful with OAEP
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: incorrect type in attributes
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
+
+Copy fail: incorrect size in attributes
+copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:42:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
 
 Hash operation object initializers zero properly
 hash_operation_init:
@@ -536,6 +668,7 @@
 hash_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
 
 PSA hash: bad order function calls
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 hash_bad_order:
 
 PSA hash verify: bad arguments
@@ -586,6 +719,10 @@
 # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
 mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
 
+PSA MAC: bad order function calls
+depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+mac_bad_order:
+
 PSA MAC sign: RFC4231 Test case 1 - HMAC-SHA-224
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
@@ -803,77 +940,81 @@
 # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
 cipher_setup:PSA_KEY_TYPE_ARC4:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
 
+PSA cipher: bad order function calls
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_bad_order:
+
 PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
 
 PSA symmetric encrypt: AES-CBC-PKCS#7, 16 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS
 
 PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS
 
 PSA symmetric encrypt: AES-CBC-nopad, input too short
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
 
 PSA symmetric encrypt: AES-CTR, 16 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
 
 PSA symmetric encrypt: AES-CTR, 15 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
 
 PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS
 
 PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS
 
 PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
+cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
 
 PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
 
 PSA symmetric decrypt: AES-CBC-PKCS#7, 16 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
 
 PSA symmetric decrypt: AES-CBC-PKCS#7, 15 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS
 
 PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE
 
 PSA symmetric decrypt: AES-CTR, 16 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
-cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
 
 PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
 
 PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS
 
 PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS
 
 PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
 
 PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
@@ -893,31 +1034,127 @@
 
 PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":7:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b"
 
 PSA symmetric encryption multipart: AES-CBC-nopad, 3+13 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":3:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b"
 
 PSA symmetric encryption multipart: AES-CBC-nopad, 4+12 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":4:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b"
 
 PSA symmetric encryption multipart: AES-CBC-nopad, 11+5 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+
+PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+
+PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+
+PSA symmetric encryption multipart: AES-CTR, 0+15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric encryption multipart: AES-CTR, 15+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric encryption multipart: AES-CTR, 0+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric encryption multipart: AES-CTR, 16+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
 
 PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":7:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a"
 
 PSA symmetric decryption multipart: AES-CBC-nopad, 3+13 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":3:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a"
 
 PSA symmetric decryption multipart: AES-CBC-nopad, 11+5 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":11:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+
+PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+
+PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+
+PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+
+PSA symmetric decryption multipart: AES-CTR, 0+15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric decryption multipart: AES-CTR, 15+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+
+PSA symmetric decryption multipart: AES-CTR, 0+16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+
+PSA symmetric decryption multipart: AES-CTR, 16+0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
 
 PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 11+5 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
@@ -927,6 +1164,26 @@
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":4
 
+PSA symmetric encrypt: ChaCha20, K=0 N=0
+depends_on:MBEDTLS_CHACHA20_C
+cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":PSA_SUCCESS
+
+PSA symmetric encrypt: ChaCha20, K=rand N=rand
+depends_on:MBEDTLS_CHACHA20_C
+cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
+
+PSA symmetric encryption multipart: ChaCha20, 14+50 bytes
+depends_on:MBEDTLS_CHACHA20_C
+cipher_encrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4"
+
+PSA symmetric decrypt: ChaCha20, K=rand N=rand
+depends_on:MBEDTLS_CHACHA20_C
+cipher_decrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
+
+PSA symmetric decryption multipart: ChaCha20, 14+50 bytes
+depends_on:MBEDTLS_CHACHA20_C
+cipher_decrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4"
+
 PSA AEAD encrypt/decrypt: AES-CCM, 19 bytes #1
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
 aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS
@@ -1107,35 +1364,51 @@
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
 aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT
 
+PSA AEAD encrypt: ChaCha20-Poly1305 (RFC7539)
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691"
+
+PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag)
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS
+
+PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag)
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE
+
 PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
+depends_on:MBEDTLS_CHACHA20_C
+aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20:"":"":"":PSA_ERROR_NOT_SUPPORTED
 
 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
 
 PSA signature size: RSA public key, 1024 bits, PKCS#1 v1.5 raw
 signature_size:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
 
 PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 SHA-256
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):128
 
 PSA signature size: RSA keypair, 1024 bits, PSS
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128
 
 PSA signature size: RSA keypair, 1023 bits, PKCS#1 v1.5 raw
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
 
 PSA signature size: RSA keypair, 1025 bits, PKCS#1 v1.5 raw
-signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1025:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:129
+signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1025:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:129
 
 PSA import/exercise RSA keypair, PKCS#1 v1.5 raw
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW
 
 PSA import/exercise RSA keypair, PSS-SHA-256
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
+import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
 
 PSA import/exercise RSA public key, PKCS#1 v1.5 raw
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -1147,57 +1420,57 @@
 
 PSA import/exercise: ECP SECP256R1 keypair, ECDSA
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDSA_ANY
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDSA_ANY
 
 PSA import/exercise: ECP SECP256R1 keypair, deterministic ECDSA
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C
-import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 )
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 )
 
 PSA import/exercise: ECP SECP256R1 keypair, ECDH
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH
+import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH
 
 PSA sign: RSA PKCS#1 v1.5, raw
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-sign_deterministic:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a"
+sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a"
 
 PSA sign: RSA PKCS#1 v1.5 SHA-256
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_deterministic:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
 
 PSA sign: deterministic ECDSA SECP256R1 SHA-256
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-sign_deterministic:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
 
 PSA sign: RSA PKCS#1 v1.5 SHA-256, wrong hash size
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
 
-PSA sign: RSA PKCS#1 v1.5 raw, invalid hash (wildcard)
+PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
 # Arguably the error should be INVALID_ARGUMENT, but NOT_SUPPORTED is simpler
 # to implement.
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_NOT_SUPPORTED
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_NOT_SUPPORTED
 
 PSA sign: RSA PKCS#1 v1.5 raw, input too large
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
 
 PSA sign: RSA PKCS#1 v1.5 SHA-256, output buffer too small
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
+sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
 
 PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
 
 PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
 
 PSA sign: invalid key type, signing with a public key
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
@@ -1205,35 +1478,35 @@
 
 PSA sign: invalid algorithm for ECC key
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
-sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
 
 PSA sign/verify: RSA PKCS#1 v1.5, raw
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
 
 PSA sign/verify: RSA PKCS#1 v1.5 SHA-256
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
 
 PSA sign/verify: RSA PSS SHA-256, 0 bytes
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
 
 PSA sign/verify: RSA PSS SHA-256, 32 bytes (hash size)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
 
 PSA sign/verify: RSA PSS SHA-256, 129 bytes
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-sign_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 PSA sign/verify: randomized ECDSA SECP256R1 SHA-256
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-sign_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
 
 PSA sign/verify: deterministic ECDSA SECP256R1 SHA-256
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-sign_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
 
 PSA verify: RSA PKCS#1 v1.5 SHA-256, good signature
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
@@ -1241,7 +1514,7 @@
 
 PSA verify with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-asymmetric_verify:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+asymmetric_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
 
 PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
@@ -1269,7 +1542,7 @@
 
 PSA verify with keypair: ECDSA SECP256R1, good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+asymmetric_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
 
 PSA verify: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
@@ -1281,7 +1554,7 @@
 
 PSA verify: invalid algorithm for ECC key
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
 
 PSA encrypt: RSA PKCS#1 v1.5, good
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -1305,11 +1578,11 @@
 
 PSA encrypt: RSA PKCS#1 v1.5, key pair
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
 
 PSA encrypt: RSA OAEP-SHA-256, key pair
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
+asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS
 
 PSA encrypt: RSA PKCS#1 v1.5, input too large
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -1333,110 +1606,118 @@
 
 PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #1
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
 
 PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #2
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff":""
 
 PSA encrypt-decrypt: RSA OAEP-SHA-256
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":""
 
 PSA encrypt-decrypt: RSA OAEP-SHA-256, with label
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00"
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00"
 
 PSA encrypt-decrypt: RSA OAEP-SHA-384
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
-asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
+asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
 
 PSA decrypt: RSA PKCS#1 v1.5: good #1
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
 
 PSA decrypt: RSA PKCS#1 v1.5: good #2
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff"
+
+PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, output too small
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":0:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:"1b4c1d06439b99f886048b8544607b5e8e5ac6828ad9d0b7ad4ec0b314a4d8052f8bbeab6c85dbddff0b90cc76395a7a0c4f9cc29cd7be20be0b38ff611800d6":"":""
 
 PSA decrypt: RSA OAEP-SHA-256, 0 bytes
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3d3146b1c982004273a9ebb9b063e6ae53b1a85bfc802324bcdd04faa0f7211fb2bdeea40358095554df9c250866c7361e738f0d270eaa27738e87928c5e31815506346727900ff03cef0be6f9dd6bba63ce89074e8194fe68b5a5739422d4f138bbbb61f49b76cf1f18def2c993e3113b08c191ea1da0feb94f8fd9b30109a1":"":""
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3d3146b1c982004273a9ebb9b063e6ae53b1a85bfc802324bcdd04faa0f7211fb2bdeea40358095554df9c250866c7361e738f0d270eaa27738e87928c5e31815506346727900ff03cef0be6f9dd6bba63ce89074e8194fe68b5a5739422d4f138bbbb61f49b76cf1f18def2c993e3113b08c191ea1da0feb94f8fd9b30109a1":"":""
 
 PSA decrypt: RSA OAEP-SHA-256, 0 bytes, with label
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"14e57648fbbd3c2c195d71fcb9b6c332e2ad9e3402aa701e7270b05775e9ddd025e2330d7b84e67866524c67f9c38b11e4679e28a38574b47f8d218a1a04a7466754d6ea7f959ab1f5b85d066d3f90076e8219f66653f7b78a9789d76213505b4e75ec28081608ed2f1ea1238e3eeab011ce4ec147327cd0ca029c2818133cb6":"746869730069730061006c6162656c00":""
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"14e57648fbbd3c2c195d71fcb9b6c332e2ad9e3402aa701e7270b05775e9ddd025e2330d7b84e67866524c67f9c38b11e4679e28a38574b47f8d218a1a04a7466754d6ea7f959ab1f5b85d066d3f90076e8219f66653f7b78a9789d76213505b4e75ec28081608ed2f1ea1238e3eeab011ce4ec147327cd0ca029c2818133cb6":"746869730069730061006c6162656c00":""
 
 PSA decrypt: RSA OAEP-SHA-256, 30 bytes
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
 
 PSA decrypt: RSA OAEP-SHA-256, 30 bytes, with label
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765"
 
 PSA decrypt: RSA OAEP-SHA-384, 30 bytes
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C
-asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
+asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
 
 PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (should be empty)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"00":PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"00":128:PSA_ERROR_INVALID_PADDING
 
 PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (empty)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"":PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"":128:PSA_ERROR_INVALID_PADDING
 
 PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (same length)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c01":PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c01":128:PSA_ERROR_INVALID_PADDING
 
 PSA decrypt: RSA PKCS#1 v1.5, invalid padding
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46873":"":PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46873":"":128:PSA_ERROR_INVALID_PADDING
 
 PSA decrypt: RSA PKCS#1 v1.5: salt not allowed
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":128:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA OAEP-SHA-256, invalid padding
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75428":"":PSA_ERROR_INVALID_PADDING
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75428":"":128:PSA_ERROR_INVALID_PADDING
 
 PSA decrypt: invalid algorithm
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA PKCS#1 v1.5, invalid key type (RSA public key)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA OAEP, invalid key type (RSA public key)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA PKCS#1 v1.5: invalid key type (AES)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396e":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396e":"":16:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA PKCS#1 v1.5, input too small
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA PKCS#1 v1.5, input too large
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA OAEP-SHA-256, input too small
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT
 
 PSA decrypt: RSA OAEP-SHA-256, input too large
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":PSA_ERROR_INVALID_ARGUMENT
+asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
 
-Crypto generator initializers zero properly
-crypto_generator_init:
+Crypto derivation operation object initializers zero properly
+key_derivation_init:
 
 PSA key derivation: HKDF-SHA-256, good case
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -1474,13 +1755,13 @@
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_CATEGORY_KEY_DERIVATION:"":"":42:PSA_ERROR_NOT_SUPPORTED
 
-PSA key derivation: invalid generator state ( double generate + read past capacity )
+PSA key derivation: invalid state (double generate + read past capacity)
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-test_derive_invalid_generator_state:
+test_derive_invalid_key_derivation_state:
 
-PSA key derivation:  invalid generator state ( call read/get_capacity after init and abort )
+PSA key derivation: invalid state (call read/get_capacity after init and abort)
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-test_derive_invalid_generator_tests:
+test_derive_invalid_key_derivation_tests:
 
 PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -1678,93 +1959,85 @@
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
 
-PSA key agreement setup: ECDH, raw: good
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
+PSA key agreement setup: ECDH + HKDF-SHA-256: good
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
 
-PSA key agreement setup: ECDH, raw: public key on different curve
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
+PSA key agreement setup: ECDH + HKDF-SHA-256: public key on different curve
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
 
-PSA key agreement setup: ECDH, raw: public key instead of private key
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+PSA key agreement setup: ECDH + HKDF-SHA-256: public key instead of private key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_MD_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
 
 PSA key agreement setup: ECDH, unknown KDF
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, 0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
 
-PSA key agreement setup: not a key agreement algorithm
+PSA key agreement setup: bad key agreement algorithm
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
 
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: capacity=32
+PSA key agreement setup: KDF instead of a key agreement algorithm
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32
+key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
 
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 32 (full)
+PSA raw key agreement: ECDH SECP256R1 (RFC 5903)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
 
-PSA key agreement: ECDH SECP256R1 with ECDH-only public key
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3057301106052b8104010c06082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 0+32
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 20+12
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de"
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 7+15
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d"
-
-PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: capacity=48
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48
-
-PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":""
-
-PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: capacity=66
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66
-
-PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":""
-
-PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: capacity=32
+PSA raw key agreement: ECDH brainpoolP256r1 (RFC 7027)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b"
 
-PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: read
+PSA raw key agreement: ECDH SECP384R1 (RFC 5903)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746"
+
+PSA raw key agreement: ECDH SECP521R1 (RFC 5903)
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea"
+
+PSA raw key agreement: ECDH brainpoolP256r1 (RFC 7027)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":""
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b"
 
-PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: capacity=48
+PSA raw key agreement: ECDH brainpoolP384r1 (RFC 7027)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42"
 
-PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":""
-
-PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: capacity=64
+PSA raw key agreement: ECDH brainpoolP512r1 (RFC 7027)
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f"
 
-PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: read
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
-
-PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
-key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4":"41"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3b":"f511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441"
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
 
 PSA generate random: 0 bytes
 generate_random:0
@@ -1825,72 +2098,98 @@
 
 PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
 
 PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS
 
 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS
 
 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS
 
 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS
 
 PSA generate key: RSA, 1022 bits: not supported
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
 
 PSA generate key: RSA, 1023 bits: not supported
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
 
 PSA generate key: RSA, maximum size exceeded
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
 
 PSA generate key: ECC, SECP256R1, good
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_SUCCESS
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_SUCCESS
 
 PSA generate key: ECC, SECP256R1, incorrect bit size
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
-generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
 
-persistent key can be accessed after in-memory deletion: AES, 128 bits, CTR
+PSA generate key: RSA, default e
+generate_key_rsa:512:"":PSA_SUCCESS
+
+PSA generate key: RSA, e=3
+generate_key_rsa:512:"03":PSA_SUCCESS
+
+PSA generate key: RSA, e=65537
+generate_key_rsa:512:"010001":PSA_SUCCESS
+
+PSA generate key: RSA, e=513
+generate_key_rsa:512:"0201":PSA_SUCCESS
+
+PSA generate key: RSA, e=1
+generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
+
+PSA generate key: RSA, e=2
+generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
+
+PSA import persistent key: raw data, 0 bits
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
 
-PSA generate persistent key: raw data, 8 bits
+PSA import persistent key: AES, 128 bits, exportable
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY
+
+PSA import persistent key: AES, 128 bits, non-exportable
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY
+
+PSA generate persistent key: raw data, 8 bits, exportable
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY
 
-PSA generate persistent key: AES, 128 bits, CTR
+PSA generate persistent key: AES, 128 bits, exportable
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
 
-PSA generate persistent key: DES, 64 bits, CBC-nopad
+PSA generate persistent key: AES, 128 bits, non-exportable
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
+
+PSA generate persistent key: DES, 64 bits, exportable
 depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
 
-PSA generate persistent key: RSA, 1024 bits, good, sign (PSS SHA-256)
+PSA generate persistent key: RSA, 1024 bits, exportable
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
 
-PSA generate persistent key: ECC, SECP256R1, good
+PSA generate persistent key: ECC, SECP256R1, exportable
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY:PSA_SUCCESS
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY
 
-PSA derive persistent key: HKDF SHA-256
+PSA derive persistent key: HKDF SHA-256, exportable
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY:PSA_SUCCESS
-
-PSA generate persistent key: AES, 128 bits, CTR
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_ERROR_NOT_PERMITTED
+persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 28761bd..4aa4026 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -14,6 +14,89 @@
 /** An invalid export length that will never be set by psa_export_key(). */
 static const size_t INVALID_EXPORT_LENGTH = ~0U;
 
+/* A hash algorithm that is known to be supported.
+ *
+ * This is used in some smoke tests.
+ */
+#if defined(MBEDTLS_MD2_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2
+#elif defined(MBEDTLS_MD4_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4
+#elif defined(MBEDTLS_MD5_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
+/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of
+ * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
+ * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
+ * implausible anyway. */
+#elif defined(MBEDTLS_SHA1_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
+#elif defined(MBEDTLS_SHA256_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
+#elif defined(MBEDTLS_SHA512_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384
+#elif defined(MBEDTLS_SHA3_C)
+#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256
+#else
+#undef KNOWN_SUPPORTED_HASH_ALG
+#endif
+
+/* A block cipher that is known to be supported.
+ *
+ * For simplicity's sake, stick to block ciphers with 16-byte blocks.
+ */
+#if defined(MBEDTLS_AES_C)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES
+#elif defined(MBEDTLS_ARIA_C)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA
+#elif defined(MBEDTLS_CAMELLIA_C)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA
+#undef KNOWN_SUPPORTED_BLOCK_CIPHER
+#endif
+
+/* A MAC mode that is known to be supported.
+ *
+ * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or
+ * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER.
+ *
+ * This is used in some smoke tests.
+ */
+#if defined(KNOWN_SUPPORTED_HASH_ALG)
+#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) )
+#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C)
+#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC
+#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
+#else
+#undef KNOWN_SUPPORTED_MAC_ALG
+#undef KNOWN_SUPPORTED_MAC_KEY_TYPE
+#endif
+
+/* A cipher algorithm and key type that are known to be supported.
+ *
+ * This is used in some smoke tests.
+ */
+#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB)
+#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB
+#else
+#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
+#endif
+#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
+#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
+#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
+#elif defined(MBEDTLS_RC4_C)
+#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4
+#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4
+#else
+#undef KNOWN_SUPPORTED_CIPHER_ALG
+#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE
+#endif
+
 /** Test if a buffer contains a constant byte value.
  *
  * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
@@ -120,6 +203,76 @@
     return( len );
 }
 
+int exercise_mac_setup( psa_key_type_t key_type,
+                        const unsigned char *key_bytes,
+                        size_t key_length,
+                        psa_algorithm_t alg,
+                        psa_mac_operation_t *operation,
+                        psa_status_t *status )
+{
+    psa_key_handle_t handle = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+    PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
+                                &handle ) );
+
+    *status = psa_mac_sign_setup( operation, handle, alg );
+    /* Whether setup succeeded or failed, abort must succeed. */
+    PSA_ASSERT( psa_mac_abort( operation ) );
+    /* If setup failed, reproduce the failure, so that the caller can
+     * test the resulting state of the operation object. */
+    if( *status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( psa_mac_sign_setup( operation, handle, alg ),
+                    *status );
+    }
+
+    psa_destroy_key( handle );
+    return( 1 );
+
+exit:
+    psa_destroy_key( handle );
+    return( 0 );
+}
+
+int exercise_cipher_setup( psa_key_type_t key_type,
+                           const unsigned char *key_bytes,
+                           size_t key_length,
+                           psa_algorithm_t alg,
+                           psa_cipher_operation_t *operation,
+                           psa_status_t *status )
+{
+    psa_key_handle_t handle = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+    PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
+                                &handle ) );
+
+    *status = psa_cipher_encrypt_setup( operation, handle, alg );
+    /* Whether setup succeeded or failed, abort must succeed. */
+    PSA_ASSERT( psa_cipher_abort( operation ) );
+    /* If setup failed, reproduce the failure, so that the caller can
+     * test the resulting state of the operation object. */
+    if( *status != PSA_SUCCESS )
+    {
+        TEST_EQUAL( psa_cipher_encrypt_setup( operation, handle, alg ),
+                    *status );
+    }
+
+    psa_destroy_key( handle );
+    return( 1 );
+
+exit:
+    psa_destroy_key( handle );
+    return( 0 );
+}
+
 static int exercise_mac_key( psa_key_handle_t handle,
                              psa_key_usage_t usage,
                              psa_algorithm_t alg )
@@ -195,12 +348,16 @@
     if( usage & PSA_KEY_USAGE_DECRYPT )
     {
         psa_status_t status;
-        psa_key_type_t type = PSA_KEY_TYPE_NONE;
+        int maybe_invalid_padding = 0;
         if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
         {
-            size_t bits;
-            TEST_ASSERT( psa_get_key_information( handle, &type, &bits ) );
-            iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
+            psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+            PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+            /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't
+             * have this macro yet. */
+            iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE(
+                psa_get_key_type( &attributes ) );
+            maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
         }
         PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
                                               handle, alg ) );
@@ -217,12 +374,11 @@
         /* For a stream cipher, all inputs are valid. For a block cipher,
          * if the input is some aribtrary data rather than an actual
          ciphertext, a padding error is likely.  */
-        if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
-            PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
-            PSA_ASSERT( status );
-        else
+        if( maybe_invalid_padding )
             TEST_ASSERT( status == PSA_SUCCESS ||
                          status == PSA_ERROR_INVALID_PADDING );
+        else
+            PSA_ASSERT( status );
     }
 
     return( 1 );
@@ -282,13 +438,25 @@
     size_t payload_length = 16;
     unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
     size_t signature_length = sizeof( signature );
+    psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+
+    /* If the policy allows signing with any hash, just pick one. */
+    if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH )
+    {
+#if defined(KNOWN_SUPPORTED_HASH_ALG)
+        hash_alg = KNOWN_SUPPORTED_HASH_ALG;
+        alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
+#else
+        test_fail( "No hash algorithm for hash-and-sign testing", __LINE__, __FILE__ );
+        return( 1 );
+#endif
+    }
 
     if( usage & PSA_KEY_USAGE_SIGN )
     {
         /* Some algorithms require the payload to have the size of
          * the hash encoded in the algorithm. Use this input size
          * even for algorithms that allow other input sizes. */
-        psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
         if( hash_alg != 0 )
             payload_length = PSA_HASH_SIZE( hash_alg );
         PSA_ASSERT( psa_asymmetric_sign( handle, alg,
@@ -357,7 +525,7 @@
                                         psa_key_usage_t usage,
                                         psa_algorithm_t alg )
 {
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char label[16] = "This is a label.";
     size_t label_length = sizeof( label );
     unsigned char seed[16] = "abcdefghijklmnop";
@@ -368,32 +536,32 @@
     {
         if( PSA_ALG_IS_HKDF( alg ) )
         {
-            PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-            PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
-                                                        PSA_KDF_STEP_SALT,
+            PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+            PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                        PSA_KEY_DERIVATION_INPUT_SALT,
                                                         label,
                                                         label_length ) );
-            PSA_ASSERT( psa_key_derivation_input_key( &generator,
-                                                      PSA_KDF_STEP_SECRET,
+            PSA_ASSERT( psa_key_derivation_input_key( &operation,
+                                                      PSA_KEY_DERIVATION_INPUT_SECRET,
                                                       handle ) );
-            PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
-                                                        PSA_KDF_STEP_INFO,
+            PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                        PSA_KEY_DERIVATION_INPUT_INFO,
                                                         seed,
                                                         seed_length ) );
         }
         else
         {
             // legacy
-            PSA_ASSERT( psa_key_derivation( &generator,
+            PSA_ASSERT( psa_key_derivation( &operation,
                                             handle, alg,
                                             label, label_length,
                                             seed, seed_length,
                                             sizeof( output ) ) );
         }
-        PSA_ASSERT( psa_generator_read( &generator,
-                                        output,
-                                        sizeof( output ) ) );
-        PSA_ASSERT( psa_generator_abort( &generator ) );
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                     output,
+                                                     sizeof( output ) ) );
+        PSA_ASSERT( psa_key_derivation_abort( &operation ) );
     }
 
     return( 1 );
@@ -404,41 +572,100 @@
 
 /* We need two keys to exercise key agreement. Exercise the
  * private key against its own public key. */
-static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
-                                             psa_key_handle_t handle )
+static psa_status_t key_agreement_with_self(
+    psa_key_derivation_operation_t *operation,
+    psa_key_handle_t handle )
 {
     psa_key_type_t private_key_type;
     psa_key_type_t public_key_type;
     size_t key_bits;
     uint8_t *public_key = NULL;
     size_t public_key_length;
-    /* Return UNKNOWN_ERROR if something other than the final call to
-     * psa_key_agreement fails. This isn't fully satisfactory, but it's
-     * good enough: callers will report it as a failed test anyway. */
-    psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
+    /* Return GENERIC_ERROR if something other than the final call to
+     * psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
+     * but it's good enough: callers will report it as a failed test anyway. */
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         &private_key_type,
-                                         &key_bits ) );
-    public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( private_key_type );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    private_key_type = psa_get_key_type( &attributes );
+    key_bits = psa_get_key_bits( &attributes );
+    public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
     public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
     ASSERT_ALLOC( public_key, public_key_length );
     PSA_ASSERT( psa_export_public_key( handle,
                                        public_key, public_key_length,
                                        &public_key_length ) );
 
-    status = psa_key_agreement( generator, PSA_KDF_STEP_SECRET, handle,
-                                public_key, public_key_length );
+    status = psa_key_derivation_key_agreement(
+        operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
+        public_key, public_key_length );
 exit:
     mbedtls_free( public_key );
+    psa_reset_key_attributes( &attributes );
     return( status );
 }
 
+/* We need two keys to exercise key agreement. Exercise the
+ * private key against its own public key. */
+static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
+                                                 psa_key_handle_t handle )
+{
+    psa_key_type_t private_key_type;
+    psa_key_type_t public_key_type;
+    size_t key_bits;
+    uint8_t *public_key = NULL;
+    size_t public_key_length;
+    uint8_t output[1024];
+    size_t output_length;
+    /* Return GENERIC_ERROR if something other than the final call to
+     * psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
+     * but it's good enough: callers will report it as a failed test anyway. */
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    private_key_type = psa_get_key_type( &attributes );
+    key_bits = psa_get_key_bits( &attributes );
+    public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
+    public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
+    ASSERT_ALLOC( public_key, public_key_length );
+    PSA_ASSERT( psa_export_public_key( handle,
+                                       public_key, public_key_length,
+                                       &public_key_length ) );
+
+    status = psa_raw_key_agreement( alg, handle,
+                                    public_key, public_key_length,
+                                    output, sizeof( output ), &output_length );
+exit:
+    mbedtls_free( public_key );
+    psa_reset_key_attributes( &attributes );
+    return( status );
+}
+
+static int exercise_raw_key_agreement_key( psa_key_handle_t handle,
+                                           psa_key_usage_t usage,
+                                           psa_algorithm_t alg )
+{
+    int ok = 0;
+
+    if( usage & PSA_KEY_USAGE_DERIVE )
+    {
+        /* We need two keys to exercise key agreement. Exercise the
+         * private key against its own public key. */
+        PSA_ASSERT( raw_key_agreement_with_self( alg, handle ) );
+    }
+    ok = 1;
+
+exit:
+    return( ok );
+}
+
 static int exercise_key_agreement_key( psa_key_handle_t handle,
                                        psa_key_usage_t usage,
                                        psa_algorithm_t alg )
 {
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char output[1];
     int ok = 0;
 
@@ -446,12 +673,12 @@
     {
         /* We need two keys to exercise key agreement. Exercise the
          * private key against its own public key. */
-        PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-        PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
-        PSA_ASSERT( psa_generator_read( &generator,
-                                        output,
-                                        sizeof( output ) ) );
-        PSA_ASSERT( psa_generator_abort( &generator ) );
+        PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+        PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                     output,
+                                                     sizeof( output ) ) );
+        PSA_ASSERT( psa_key_derivation_abort( &operation ) );
     }
     ok = 1;
 
@@ -583,7 +810,7 @@
 #endif
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
-    if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
+    if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
     {
         uint8_t *p = exported;
         uint8_t *end = exported + exported_length;
@@ -630,7 +857,7 @@
 #endif /* MBEDTLS_RSA_C */
 
 #if defined(MBEDTLS_ECP_C)
-    if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
+    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
     {
         /* Just the secret value */
         TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
@@ -701,69 +928,103 @@
 static int exercise_export_key( psa_key_handle_t handle,
                                 psa_key_usage_t usage )
 {
-    psa_key_type_t type;
-    size_t bits;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     uint8_t *exported = NULL;
     size_t exported_size = 0;
     size_t exported_length = 0;
     int ok = 0;
 
-    PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
 
     if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
-        ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
+        ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
     {
         TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ),
                     PSA_ERROR_NOT_PERMITTED );
-        return( 1 );
+        ok = 1;
+        goto exit;
     }
 
-    exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
+    exported_size = PSA_KEY_EXPORT_MAX_SIZE( psa_get_key_type( &attributes ),
+                                             psa_get_key_bits( &attributes ) );
     ASSERT_ALLOC( exported, exported_size );
 
     PSA_ASSERT( psa_export_key( handle,
                                 exported, exported_size,
                                 &exported_length ) );
-    ok = exported_key_sanity_check( type, bits, exported, exported_length );
+    ok = exported_key_sanity_check( psa_get_key_type( &attributes ),
+                                    psa_get_key_bits( &attributes ),
+                                    exported, exported_length );
 
 exit:
     mbedtls_free( exported );
+    psa_reset_key_attributes( &attributes );
     return( ok );
 }
 
 static int exercise_export_public_key( psa_key_handle_t handle )
 {
-    psa_key_type_t type;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t public_type;
-    size_t bits;
     uint8_t *exported = NULL;
     size_t exported_size = 0;
     size_t exported_length = 0;
     int ok = 0;
 
-    PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
-    if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
     {
         TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ),
                     PSA_ERROR_INVALID_ARGUMENT );
         return( 1 );
     }
 
-    public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
-    exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
+    public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
+        psa_get_key_type( &attributes ) );
+    exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type,
+                                             psa_get_key_bits( &attributes ) );
     ASSERT_ALLOC( exported, exported_size );
 
     PSA_ASSERT( psa_export_public_key( handle,
                                        exported, exported_size,
                                        &exported_length ) );
-    ok = exported_key_sanity_check( public_type, bits,
+    ok = exported_key_sanity_check( public_type,
+                                    psa_get_key_bits( &attributes ),
                                     exported, exported_length );
 
 exit:
     mbedtls_free( exported );
+    psa_reset_key_attributes( &attributes );
     return( ok );
 }
 
+/** Do smoke tests on a key.
+ *
+ * Perform one of each operation indicated by \p alg (decrypt/encrypt,
+ * sign/verify, or derivation) that is permitted according to \p usage.
+ * \p usage and \p alg should correspond to the expected policy on the
+ * key.
+ *
+ * Export the key if permitted by \p usage, and check that the output
+ * looks sensible. If \p usage forbids export, check that
+ * \p psa_export_key correctly rejects the attempt. If the key is
+ * asymmetric, also check \p psa_export_public_key.
+ *
+ * If the key fails the tests, this function calls the test framework's
+ * `test_fail` function and returns false. Otherwise this function returns
+ * true. Therefore it should be used as follows:
+ * ```
+ * if( ! exercise_key( ... ) ) goto exit;
+ * ```
+ *
+ * \param handle    The key to exercise. It should be capable of performing
+ *                  \p alg.
+ * \param usage     The usage flags to assume.
+ * \param alg       The algorithm to exercise.
+ *
+ * \retval 0 The key failed the smoke tests.
+ * \retval 1 The key passed the smoke tests.
+ */
 static int exercise_key( psa_key_handle_t handle,
                          psa_key_usage_t usage,
                          psa_algorithm_t alg )
@@ -783,6 +1044,8 @@
         ok = exercise_asymmetric_encryption_key( handle, usage, alg );
     else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
         ok = exercise_key_derivation_key( handle, usage, alg );
+    else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
+        ok = exercise_raw_key_agreement_key( handle, usage, alg );
     else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
         ok = exercise_key_agreement_key( handle, usage, alg );
     else
@@ -829,6 +1092,43 @@
 
 }
 
+static int test_operations_on_invalid_handle( psa_key_handle_t handle )
+{
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    uint8_t buffer[1];
+    size_t length;
+    int ok = 0;
+
+    psa_set_key_id( &attributes, 0x6964 );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+    TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
+                PSA_ERROR_INVALID_HANDLE );
+    TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+
+    TEST_EQUAL( psa_export_key( handle,
+                                buffer, sizeof( buffer ), &length ),
+                PSA_ERROR_INVALID_HANDLE );
+    TEST_EQUAL( psa_export_public_key( handle,
+                                       buffer, sizeof( buffer ), &length ),
+                PSA_ERROR_INVALID_HANDLE );
+
+    TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
+    TEST_EQUAL( psa_destroy_key( handle ), PSA_ERROR_INVALID_HANDLE );
+
+    ok = 1;
+
+exit:
+    psa_reset_key_attributes( &attributes );
+    return( ok );
+}
+
 /* An overapproximation of the amount of storage needed for a key of the
  * given type and with the given content. The API doesn't make it easy
  * to find a good value for the size. The current implementation doesn't
@@ -863,60 +1163,106 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void import( data_t *data, int type, int expected_status_arg )
+void attributes_set_get( int id_arg, int lifetime_arg,
+                         int usage_flags_arg, int alg_arg,
+                         int type_arg, int bits_arg )
 {
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_id_t id = id_arg;
+    psa_key_lifetime_t lifetime = lifetime_arg;
+    psa_key_usage_t usage_flags = usage_flags_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_key_type_t type = type_arg;
+    size_t bits = bits_arg;
+
+    TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+
+    psa_set_key_id( &attributes, id );
+    psa_set_key_lifetime( &attributes, lifetime );
+    psa_set_key_usage_flags( &attributes, usage_flags );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_bits( &attributes, bits );
+
+    TEST_EQUAL( psa_get_key_id( &attributes ), id );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
+    TEST_EQUAL( psa_get_key_type( &attributes ), type );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+
+    psa_reset_key_attributes( &attributes );
+
+    TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg,
+                             int expected_id_arg, int expected_lifetime_arg )
+{
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_id_t id1 = id1_arg;
+    psa_key_lifetime_t lifetime = lifetime_arg;
+    psa_key_id_t id2 = id2_arg;
+    psa_key_id_t expected_id = expected_id_arg;
+    psa_key_lifetime_t expected_lifetime = expected_lifetime_arg;
+
+    if( id1_arg != -1 )
+        psa_set_key_id( &attributes, id1 );
+    if( lifetime_arg != -1 )
+        psa_set_key_lifetime( &attributes, lifetime );
+    if( id2_arg != -1 )
+        psa_set_key_id( &attributes, id2 );
+
+    TEST_EQUAL( psa_get_key_id( &attributes ), expected_id );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ), expected_lifetime );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void import( data_t *data, int type_arg,
+             int attr_bits_arg,
+             int expected_status_arg )
+{
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_handle_t handle = 0;
+    psa_key_type_t type = type_arg;
+    size_t attr_bits = attr_bits_arg;
     psa_status_t expected_status = expected_status_arg;
     psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    status = psa_import_key( handle, type, data->x, data->len );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_bits( &attributes, attr_bits );
+    status = psa_import_key( &attributes, data->x, data->len, &handle );
     TEST_EQUAL( status, expected_status );
-    if( status == PSA_SUCCESS )
-        PSA_ASSERT( psa_destroy_key( handle ) );
+    if( status != PSA_SUCCESS )
+        goto exit;
+
+    PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+    TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+    if( attr_bits != 0 )
+        TEST_EQUAL( attr_bits, got_attributes.bits );
+
+    PSA_ASSERT( psa_destroy_key( handle ) );
+    test_operations_on_invalid_handle( handle );
 
 exit:
-    mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void import_twice( int alg_arg, int usage_arg,
-                   int type1_arg, data_t *data1,
-                   int expected_import1_status_arg,
-                   int type2_arg, data_t *data2,
-                   int expected_import2_status_arg )
-{
-    psa_key_handle_t handle = 0;
-    psa_algorithm_t alg = alg_arg;
-    psa_key_usage_t usage = usage_arg;
-    psa_key_type_t type1 = type1_arg;
-    psa_status_t expected_import1_status = expected_import1_status_arg;
-    psa_key_type_t type2 = type2_arg;
-    psa_status_t expected_import2_status = expected_import2_status_arg;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_status_t status;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, usage, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
-    status = psa_import_key( handle, type1, data1->x, data1->len );
-    TEST_EQUAL( status, expected_import1_status );
-    status = psa_import_key( handle, type2, data2->x, data2->len );
-    TEST_EQUAL( status, expected_import2_status );
-
-    if( expected_import1_status == PSA_SUCCESS ||
-        expected_import2_status == PSA_SUCCESS )
-    {
-        TEST_ASSERT( exercise_key( handle, usage, alg ) );
-    }
-
-exit:
+    psa_destroy_key( handle );
+    psa_reset_key_attributes( &got_attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -929,13 +1275,14 @@
     psa_status_t expected_status = expected_status_arg;
     psa_status_t status;
     psa_key_type_t type =
-        keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
+        keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
     size_t buffer_size = /* Slight overapproximations */
         keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
     unsigned char *buffer = NULL;
     unsigned char *p;
     int ret;
     size_t length;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
     ASSERT_ALLOC( buffer, buffer_size );
@@ -945,8 +1292,8 @@
     length = ret;
 
     /* Try importing the key */
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    status = psa_import_key( handle, type, p, length );
+    psa_set_key_type( &attributes, type );
+    status = psa_import_key( &attributes, p, length, &handle );
     TEST_EQUAL( status, expected_status );
     if( status == PSA_SUCCESS )
         PSA_ASSERT( psa_destroy_key( handle ) );
@@ -977,9 +1324,8 @@
     size_t export_size;
     size_t exported_length = INVALID_EXPORT_LENGTH;
     size_t reexported_length;
-    psa_key_type_t got_type;
-    size_t got_bits;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     export_size = (ptrdiff_t) data->len + export_size_delta;
     ASSERT_ALLOC( exported, export_size );
@@ -987,23 +1333,17 @@
         ASSERT_ALLOC( reexported, export_size );
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, usage_arg, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
-    TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
-                PSA_ERROR_EMPTY_SLOT );
+    psa_set_key_usage_flags( &attributes, usage_arg );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, type );
 
     /* Import the key */
-    PSA_ASSERT( psa_import_key( handle, type,
-                                data->x, data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
 
     /* Test the key information */
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         &got_type,
-                                         &got_bits ) );
-    TEST_EQUAL( got_type, type );
-    TEST_EQUAL( got_bits, (size_t) expected_bits );
+    PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+    TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+    TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
 
     /* Export the key */
     status = psa_export_key( handle,
@@ -1033,12 +1373,8 @@
     else
     {
         psa_key_handle_t handle2;
-        PSA_ASSERT( psa_allocate_key( &handle2 ) );
-        PSA_ASSERT( psa_set_key_policy( handle2, &policy ) );
-
-        PSA_ASSERT( psa_import_key( handle2, type,
-                                    exported,
-                                    exported_length ) );
+        PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
+                                    &handle2 ) );
         PSA_ASSERT( psa_export_key( handle2,
                                     reexported,
                                     export_size,
@@ -1047,39 +1383,26 @@
                         reexported, reexported_length );
         PSA_ASSERT( psa_close_key( handle2 ) );
     }
-    TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, got_bits ) );
+    TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) );
 
 destroy:
     /* Destroy the key */
     PSA_ASSERT( psa_destroy_key( handle ) );
-    TEST_EQUAL( psa_get_key_information( handle, NULL, NULL ),
-                PSA_ERROR_INVALID_HANDLE );
+    test_operations_on_invalid_handle( handle );
 
 exit:
     mbedtls_free( exported );
     mbedtls_free( reexported );
+    psa_reset_key_attributes( &got_attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void import_key_nonempty_slot( )
+void invalid_handle( int handle )
 {
-    psa_key_handle_t handle = 0;
-    psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA;
-    psa_status_t status;
-    const uint8_t data[] = { 0x1, 0x2, 0x3, 0x4, 0x5 };
     PSA_ASSERT( psa_crypto_init( ) );
-
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-
-    /* Import the key */
-    PSA_ASSERT( psa_import_key( handle, type,
-                                data, sizeof( data ) ) );
-
-    /* Import the key again */
-    status = psa_import_key( handle, type, data, sizeof( data ) );
-    TEST_EQUAL( status, PSA_ERROR_OCCUPIED_SLOT );
+    test_operations_on_invalid_handle( handle );
 
 exit:
     mbedtls_psa_crypto_free( );
@@ -1087,182 +1410,6 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void export_invalid_handle( int handle, int expected_export_status_arg )
-{
-    psa_status_t status;
-    unsigned char *exported = NULL;
-    size_t export_size = 0;
-    size_t exported_length = INVALID_EXPORT_LENGTH;
-    psa_status_t expected_export_status = expected_export_status_arg;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    /* Export the key */
-    status = psa_export_key( (psa_key_handle_t) handle,
-                             exported, export_size,
-                             &exported_length );
-    TEST_EQUAL( status, expected_export_status );
-
-exit:
-    mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void export_with_no_key_activity( )
-{
-    psa_key_handle_t handle = 0;
-    psa_algorithm_t alg = PSA_ALG_CTR;
-    psa_status_t status;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    unsigned char *exported = NULL;
-    size_t export_size = 0;
-    size_t exported_length = INVALID_EXPORT_LENGTH;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
-    /* Export the key */
-    status = psa_export_key( handle,
-                             exported, export_size,
-                             &exported_length );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
-
-exit:
-    mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_with_no_key_activity( )
-{
-    psa_key_handle_t handle = 0;
-    psa_status_t status;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-    int exercise_alg = PSA_ALG_CTR;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, exercise_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
-    status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
-
-exit:
-    psa_cipher_abort( &operation );
-    mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void export_after_import_failure( data_t *data, int type_arg,
-                                  int expected_import_status_arg )
-{
-    psa_key_handle_t handle = 0;
-    psa_key_type_t type = type_arg;
-    psa_status_t status;
-    unsigned char *exported = NULL;
-    size_t export_size = 0;
-    psa_status_t expected_import_status = expected_import_status_arg;
-    size_t exported_length = INVALID_EXPORT_LENGTH;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-
-    /* Import the key - expect failure */
-    status = psa_import_key( handle, type,
-                             data->x, data->len );
-    TEST_EQUAL( status, expected_import_status );
-
-    /* Export the key */
-    status = psa_export_key( handle,
-                             exported, export_size,
-                             &exported_length );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
-
-exit:
-    mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_after_import_failure( data_t *data, int type_arg,
-                                  int expected_import_status_arg )
-{
-    psa_key_handle_t handle = 0;
-    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-    psa_key_type_t type = type_arg;
-    psa_status_t status;
-    psa_status_t expected_import_status = expected_import_status_arg;
-    int exercise_alg = PSA_ALG_CTR;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-
-    /* Import the key - expect failure */
-    status = psa_import_key( handle, type,
-                             data->x, data->len );
-    TEST_EQUAL( status, expected_import_status );
-
-    status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
-    TEST_EQUAL( status, PSA_ERROR_EMPTY_SLOT );
-
-exit:
-    psa_cipher_abort( &operation );
-    mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void export_after_destroy_key( data_t *data, int type_arg )
-{
-    psa_key_handle_t handle = 0;
-    psa_key_type_t type = type_arg;
-    psa_status_t status;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_algorithm_t alg = PSA_ALG_CTR;
-    unsigned char *exported = NULL;
-    size_t export_size = 0;
-    size_t exported_length = INVALID_EXPORT_LENGTH;
-
-    PSA_ASSERT( psa_crypto_init( ) );
-
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-    export_size = (ptrdiff_t) data->len;
-    ASSERT_ALLOC( exported, export_size );
-
-    /* Import the key */
-    PSA_ASSERT( psa_import_key( handle, type,
-                                data->x, data->len ) );
-
-    PSA_ASSERT( psa_export_key( handle, exported, export_size,
-                                &exported_length ) );
-
-    /* Destroy the key */
-    PSA_ASSERT( psa_destroy_key( handle ) );
-
-    /* Export the key */
-    status = psa_export_key( handle, exported, export_size,
-                             &exported_length );
-    TEST_EQUAL( status, PSA_ERROR_INVALID_HANDLE );
-
-exit:
-    mbedtls_free( exported );
-    mbedtls_psa_crypto_free( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
 void import_export_public_key( data_t *data,
                                int type_arg,
                                int alg_arg,
@@ -1278,17 +1425,16 @@
     unsigned char *exported = NULL;
     size_t export_size = expected_public_key->len + export_size_delta;
     size_t exported_length = INVALID_EXPORT_LENGTH;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, type );
 
     /* Import the key */
-    PSA_ASSERT( psa_import_key( handle, type,
-                                data->x, data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
 
     /* Export the public key */
     ASSERT_ALLOC( exported, export_size );
@@ -1298,9 +1444,10 @@
     TEST_EQUAL( status, expected_export_status );
     if( status == PSA_SUCCESS )
     {
-        psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
+        psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
         size_t bits;
-        PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
+        PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+        bits = psa_get_key_bits( &attributes );
         TEST_ASSERT( expected_public_key->len <=
                      PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
         ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
@@ -1310,6 +1457,7 @@
 exit:
     mbedtls_free( exported );
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -1325,34 +1473,33 @@
     size_t bits = bits_arg;
     psa_algorithm_t alg = alg_arg;
     psa_key_usage_t usage = usage_to_exercise( type, alg );
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_key_type_t got_type;
-    size_t got_bits;
-    psa_status_t status;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, usage, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, type );
 
     /* Import the key */
-    status = psa_import_key( handle, type, data->x, data->len );
-    PSA_ASSERT( status );
+    PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
 
     /* Test the key information */
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         &got_type,
-                                         &got_bits ) );
-    TEST_EQUAL( got_type, type );
-    TEST_EQUAL( got_bits, bits );
+    PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+    TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+    TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
 
     /* Do something with the key according to its type and permitted usage. */
     if( ! exercise_key( handle, usage, alg ) )
         goto exit;
 
+    PSA_ASSERT( psa_destroy_key( handle ) );
+    test_operations_on_invalid_handle( handle );
+
 exit:
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &got_attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -1365,56 +1512,62 @@
     psa_key_usage_t usage = usage_arg;
     psa_key_type_t key_type = PSA_KEY_TYPE_AES;
     unsigned char key[32] = {0};
-    psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
-    psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     memset( key, 0x2a, sizeof( key ) );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy_set, usage, alg );
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    TEST_EQUAL( psa_key_policy_get_usage( &policy_set ), usage );
-    TEST_EQUAL( psa_key_policy_get_algorithm( &policy_set ), alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
+    PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key, sizeof( key ) ) );
-
-    PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
-
-    TEST_EQUAL( policy_get.usage, policy_set.usage );
-    TEST_EQUAL( policy_get.alg, policy_set.alg );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    TEST_EQUAL( psa_get_key_type( &attributes ), key_type );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
 
 exit:
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &attributes );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void key_policy_init( )
+void key_attributes_init( )
 {
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
      * to supress the Clang warning for the test. */
-    psa_key_policy_t func = psa_key_policy_init( );
-    psa_key_policy_t init = PSA_KEY_POLICY_INIT;
-    psa_key_policy_t zero;
+    psa_key_attributes_t func = psa_key_attributes_init( );
+    psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t zero;
 
     memset( &zero, 0, sizeof( zero ) );
 
-    /* Although not technically guaranteed by the C standard nor the PSA Crypto
-     * specification, we test that all valid ways of initializing the object
-     * have the same bit pattern. This is a stronger requirement that may not
-     * be valid on all platforms or PSA Crypto implementations, but implies the
-     * weaker actual requirement is met: that a freshly initialized object, no
-     * matter how it was initialized, acts the same as any other valid
-     * initialization. */
-    TEST_EQUAL( memcmp( &func, &zero, sizeof( zero ) ), 0 );
-    TEST_EQUAL( memcmp( &init, &zero, sizeof( zero ) ), 0 );
+    TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE );
+    TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE );
+    TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE );
+
+    TEST_EQUAL( psa_get_key_type( &func ), 0 );
+    TEST_EQUAL( psa_get_key_type( &init ), 0 );
+    TEST_EQUAL( psa_get_key_type( &zero ), 0 );
+
+    TEST_EQUAL( psa_get_key_bits( &func ), 0 );
+    TEST_EQUAL( psa_get_key_bits( &init ), 0 );
+    TEST_EQUAL( psa_get_key_bits( &zero ), 0 );
+
+    TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 );
+    TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 );
+    TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 );
+
+    TEST_EQUAL( psa_get_key_algorithm( &func ), 0 );
+    TEST_EQUAL( psa_get_key_algorithm( &init ), 0 );
+    TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 );
 }
 /* END_CASE */
 
@@ -1426,19 +1579,19 @@
                      int exercise_alg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
     psa_status_t status;
     unsigned char mac[PSA_MAC_MAX_SIZE];
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     status = psa_mac_sign_setup( &operation, handle, exercise_alg );
     if( policy_alg == exercise_alg &&
@@ -1471,18 +1624,18 @@
                         int exercise_alg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
     psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
     if( policy_alg == exercise_alg &&
@@ -1516,7 +1669,7 @@
                       int exercise_alg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status;
     unsigned char nonce[16] = {0};
     size_t nonce_length = nonce_length_arg;
@@ -1529,12 +1682,12 @@
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     status = psa_aead_encrypt( handle, exercise_alg,
                                nonce, nonce_length,
@@ -1575,7 +1728,7 @@
                                        int exercise_alg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status;
     size_t key_bits;
     size_t buffer_length;
@@ -1584,16 +1737,15 @@
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         NULL,
-                                         &key_bits ) );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
     buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
                                                         exercise_alg );
     ASSERT_ALLOC( buffer, buffer_length );
@@ -1624,6 +1776,7 @@
 
 exit:
     psa_destroy_key( handle );
+    psa_reset_key_attributes( &attributes );
     mbedtls_psa_crypto_free( );
     mbedtls_free( buffer );
 }
@@ -1638,7 +1791,7 @@
                                       int payload_length_arg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status;
     unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
     /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
@@ -1652,12 +1805,12 @@
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     status = psa_asymmetric_sign( handle, exercise_alg,
                                   payload, payload_length,
@@ -1691,20 +1844,20 @@
                         int exercise_alg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
-    status = psa_key_derivation( &generator, handle,
+    status = psa_key_derivation( &operation, handle,
                                  exercise_alg,
                                  NULL, 0,
                                  NULL, 0,
@@ -1716,7 +1869,7 @@
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -1730,22 +1883,22 @@
                            int exercise_alg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t key_type = key_type_arg;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
-    PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
-    status = key_agreement_with_self( &generator, handle );
+    PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
+    status = key_agreement_with_self( &operation, handle );
 
     if( policy_alg == exercise_alg &&
         ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@@ -1754,15 +1907,163 @@
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
+void raw_agreement_key_policy( int policy_usage,
+                               int policy_alg,
+                               int key_type_arg,
+                               data_t *key_data,
+                               int exercise_alg )
+{
+    psa_key_handle_t handle = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_type_t key_type = key_type_arg;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_status_t status;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, policy_usage );
+    psa_set_key_algorithm( &attributes, policy_alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
+
+    status = raw_key_agreement_with_self( exercise_alg, handle );
+
+    if( policy_alg == exercise_alg &&
+        ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
+        PSA_ASSERT( status );
+    else
+        TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+exit:
+    psa_key_derivation_abort( &operation );
+    psa_destroy_key( handle );
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_success( int source_usage_arg, int source_alg_arg,
+                   int type_arg, data_t *material,
+                   int copy_attributes,
+                   int target_usage_arg, int target_alg_arg,
+                   int expected_usage_arg, int expected_alg_arg )
+{
+    psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_usage_t expected_usage = expected_usage_arg;
+    psa_algorithm_t expected_alg = expected_alg_arg;
+    psa_key_handle_t source_handle = 0;
+    psa_key_handle_t target_handle = 0;
+    uint8_t *export_buffer = NULL;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    /* Prepare the source key. */
+    psa_set_key_usage_flags( &source_attributes, source_usage_arg );
+    psa_set_key_algorithm( &source_attributes, source_alg_arg );
+    psa_set_key_type( &source_attributes, type_arg );
+    PSA_ASSERT( psa_import_key( &source_attributes,
+                                material->x, material->len,
+                                &source_handle ) );
+    PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
+
+    /* Prepare the target attributes. */
+    if( copy_attributes )
+        target_attributes = source_attributes;
+    if( target_usage_arg != -1 )
+        psa_set_key_usage_flags( &target_attributes, target_usage_arg );
+    if( target_alg_arg != -1 )
+        psa_set_key_algorithm( &target_attributes, target_alg_arg );
+
+    /* Copy the key. */
+    PSA_ASSERT( psa_copy_key( source_handle,
+                              &target_attributes, &target_handle ) );
+
+    /* Destroy the source to ensure that this doesn't affect the target. */
+    PSA_ASSERT( psa_destroy_key( source_handle ) );
+
+    /* Test that the target slot has the expected content and policy. */
+    PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
+    TEST_EQUAL( psa_get_key_type( &source_attributes ),
+                psa_get_key_type( &target_attributes ) );
+    TEST_EQUAL( psa_get_key_bits( &source_attributes ),
+                psa_get_key_bits( &target_attributes ) );
+    TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
+    TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
+    if( expected_usage & PSA_KEY_USAGE_EXPORT )
+    {
+        size_t length;
+        ASSERT_ALLOC( export_buffer, material->len );
+        PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+                                    material->len, &length ) );
+        ASSERT_COMPARE( material->x, material->len,
+                        export_buffer, length );
+    }
+    if( ! exercise_key( target_handle, expected_usage, expected_alg ) )
+        goto exit;
+
+    PSA_ASSERT( psa_close_key( target_handle ) );
+
+exit:
+    psa_reset_key_attributes( &source_attributes );
+    psa_reset_key_attributes( &target_attributes );
+    mbedtls_psa_crypto_free( );
+    mbedtls_free( export_buffer );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_fail( int source_usage_arg, int source_alg_arg,
+                int type_arg, data_t *material,
+                int target_type_arg, int target_bits_arg,
+                int target_usage_arg, int target_alg_arg,
+                int expected_status_arg )
+{
+    psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_handle_t source_handle = 0;
+    psa_key_handle_t target_handle = 0;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    /* Prepare the source key. */
+    psa_set_key_usage_flags( &source_attributes, source_usage_arg );
+    psa_set_key_algorithm( &source_attributes, source_alg_arg );
+    psa_set_key_type( &source_attributes, type_arg );
+    PSA_ASSERT( psa_import_key( &source_attributes,
+                                material->x, material->len,
+                                &source_handle ) );
+
+    /* Prepare the target attributes. */
+    psa_set_key_type( &target_attributes, target_type_arg );
+    psa_set_key_bits( &target_attributes, target_bits_arg );
+    psa_set_key_usage_flags( &target_attributes, target_usage_arg );
+    psa_set_key_algorithm( &target_attributes, target_alg_arg );
+
+    /* Try to copy the key. */
+    TEST_EQUAL( psa_copy_key( source_handle,
+                              &target_attributes, &target_handle ),
+                expected_status_arg );
+exit:
+    psa_reset_key_attributes( &source_attributes );
+    psa_reset_key_attributes( &target_attributes );
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void hash_operation_init( )
 {
+    const uint8_t input[1] = { 0 };
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
@@ -1773,15 +2074,18 @@
 
     memset( &zero, 0, sizeof( zero ) );
 
-    /* Although not technically guaranteed by the C standard nor the PSA Crypto
-     * specification, we test that all valid ways of initializing the object
-     * have the same bit pattern. This is a stronger requirement that may not
-     * be valid on all platforms or PSA Crypto implementations, but implies the
-     * weaker actual requirement is met: that a freshly initialized object, no
-     * matter how it was initialized, acts the same as any other valid
-     * initialization. */
-    TEST_EQUAL( memcmp( &func, &zero, sizeof( zero ) ), 0 );
-    TEST_EQUAL( memcmp( &init, &zero, sizeof( zero ) ), 0 );
+    /* A freshly-initialized hash operation should not be usable. */
+    TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+
+    /* A default hash operation should be abortable without error. */
+    PSA_ASSERT( psa_hash_abort( &func ) );
+    PSA_ASSERT( psa_hash_abort( &init ) );
+    PSA_ASSERT( psa_hash_abort( &zero ) );
 }
 /* END_CASE */
 
@@ -1797,9 +2101,22 @@
     PSA_ASSERT( psa_crypto_init( ) );
 
     status = psa_hash_setup( &operation, alg );
-    psa_hash_abort( &operation );
     TEST_EQUAL( status, expected_status );
 
+    /* Whether setup succeeded or failed, abort must succeed. */
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
+    /* If setup failed, reproduce the failure, so as to
+     * test the resulting state of the operation object. */
+    if( status != PSA_SUCCESS )
+        TEST_EQUAL( psa_hash_setup( &operation, alg ), status );
+
+    /* Now the operation object should be reusable. */
+#if defined(KNOWN_SUPPORTED_HASH_ALG)
+    PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+#endif
+
 exit:
     mbedtls_psa_crypto_free( );
 }
@@ -1808,32 +2125,85 @@
 /* BEGIN_CASE */
 void hash_bad_order( )
 {
+    psa_algorithm_t alg = PSA_ALG_SHA_256;
     unsigned char input[] = "";
     /* SHA-256 hash of an empty string */
-    unsigned char hash[] = {
+    const unsigned char valid_hash[] = {
         0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
         0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
         0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
+    unsigned char hash[sizeof(valid_hash)] = { 0 };
     size_t hash_len;
     psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    /* psa_hash_update without calling psa_hash_setup beforehand */
-    memset( &operation, 0, sizeof( operation ) );
+    /* Call setup twice in a row. */
+    PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+    TEST_EQUAL( psa_hash_setup( &operation, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
+    /* Call update without calling setup beforehand. */
     TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
-                PSA_ERROR_INVALID_ARGUMENT );
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
 
-    /* psa_hash_verify without calling psa_hash_setup beforehand */
-    memset( &operation, 0, sizeof( operation ) );
-    TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ),
-                PSA_ERROR_INVALID_ARGUMENT );
+    /* Call update after finish. */
+    PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+    PSA_ASSERT( psa_hash_finish( &operation,
+                                 hash, sizeof( hash ), &hash_len ) );
+    TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
 
-    /* psa_hash_finish without calling psa_hash_setup beforehand */
-    memset( &operation, 0, sizeof( operation ) );
+    /* Call verify without calling setup beforehand. */
+    TEST_EQUAL( psa_hash_verify( &operation,
+                                 valid_hash, sizeof( valid_hash ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
+    /* Call verify after finish. */
+    PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+    PSA_ASSERT( psa_hash_finish( &operation,
+                                 hash, sizeof( hash ), &hash_len ) );
+    TEST_EQUAL( psa_hash_verify( &operation,
+                                 valid_hash, sizeof( valid_hash ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
+    /* Call verify twice in a row. */
+    PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+    PSA_ASSERT( psa_hash_verify( &operation,
+                                 valid_hash, sizeof( valid_hash ) ) );
+    TEST_EQUAL( psa_hash_verify( &operation,
+                                 valid_hash, sizeof( valid_hash ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
+    /* Call finish without calling setup beforehand. */
     TEST_EQUAL( psa_hash_finish( &operation,
                                  hash, sizeof( hash ), &hash_len ),
-                PSA_ERROR_INVALID_ARGUMENT );
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
+    /* Call finish twice in a row. */
+    PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+    PSA_ASSERT( psa_hash_finish( &operation,
+                                 hash, sizeof( hash ), &hash_len ) );
+    TEST_EQUAL( psa_hash_finish( &operation,
+                                 hash, sizeof( hash ), &hash_len ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
+
+    /* Call finish after calling verify. */
+    PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+    PSA_ASSERT( psa_hash_verify( &operation,
+                                 valid_hash, sizeof( valid_hash ) ) );
+    TEST_EQUAL( psa_hash_finish( &operation,
+                                 hash, sizeof( hash ), &hash_len ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_hash_abort( &operation ) );
 
 exit:
     mbedtls_psa_crypto_free( );
@@ -1986,6 +2356,8 @@
 /* BEGIN_CASE */
 void mac_operation_init( )
 {
+    const uint8_t input[1] = { 0 };
+
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
@@ -1996,15 +2368,21 @@
 
     memset( &zero, 0, sizeof( zero ) );
 
-    /* Although not technically guaranteed by the C standard nor the PSA Crypto
-     * specification, we test that all valid ways of initializing the object
-     * have the same bit pattern. This is a stronger requirement that may not
-     * be valid on all platforms or PSA Crypto implementations, but implies the
-     * weaker actual requirement is met: that a freshly initialized object, no
-     * matter how it was initialized, acts the same as any other valid
-     * initialization. */
-    TEST_EQUAL( memcmp( &func, &zero, sizeof( zero ) ), 0 );
-    TEST_EQUAL( memcmp( &init, &zero, sizeof( zero ) ), 0 );
+    /* A freshly-initialized MAC operation should not be usable. */
+    TEST_EQUAL( psa_mac_update( &func,
+                                input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_mac_update( &init,
+                                input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_mac_update( &zero,
+                                input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+
+    /* A default MAC operation should be abortable without error. */
+    PSA_ASSERT( psa_mac_abort( &func ) );
+    PSA_ASSERT( psa_mac_abort( &init ) );
+    PSA_ASSERT( psa_mac_abort( &zero ) );
 }
 /* END_CASE */
 
@@ -2014,31 +2392,155 @@
                 int alg_arg,
                 int expected_status_arg )
 {
-    psa_key_handle_t handle = 0;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
     psa_status_t expected_status = expected_status_arg;
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_status_t status;
+    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+#if defined(KNOWN_SUPPORTED_MAC_ALG)
+    const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
+#endif
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
-                              alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
-
-    status = psa_mac_sign_setup( &operation, handle, alg );
-    psa_mac_abort( &operation );
+    if( ! exercise_mac_setup( key_type, key->x, key->len, alg,
+                              &operation, &status ) )
+        goto exit;
     TEST_EQUAL( status, expected_status );
 
+    /* The operation object should be reusable. */
+#if defined(KNOWN_SUPPORTED_MAC_ALG)
+    if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE,
+                              smoke_test_key_data,
+                              sizeof( smoke_test_key_data ),
+                              KNOWN_SUPPORTED_MAC_ALG,
+                              &operation, &status ) )
+        goto exit;
+    TEST_EQUAL( status, PSA_SUCCESS );
+#endif
+
 exit:
-    psa_destroy_key( handle );
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_bad_order( )
+{
+    psa_key_handle_t handle = 0;
+    psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
+    psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
+    const uint8_t key[] = {
+        0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+        0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+        0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+    uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
+    size_t sign_mac_length = 0;
+    const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb };
+    const uint8_t verify_mac[] = {
+        0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd,
+        0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a,
+        0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
+
+    PSA_ASSERT( psa_crypto_init( ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
+
+    /* Call update without calling setup beforehand. */
+    TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Call sign finish without calling setup beforehand. */
+    TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ),
+                                     &sign_mac_length),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Call verify finish without calling setup beforehand. */
+    TEST_EQUAL( psa_mac_verify_finish( &operation,
+                                       verify_mac, sizeof( verify_mac ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Call setup twice in a row. */
+    PSA_ASSERT( psa_mac_sign_setup( &operation,
+                                    handle, alg ) );
+    TEST_EQUAL( psa_mac_sign_setup( &operation,
+                                    handle, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Call update after sign finish. */
+    PSA_ASSERT( psa_mac_sign_setup( &operation,
+                                    handle, alg ) );
+    PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+    PSA_ASSERT( psa_mac_sign_finish( &operation,
+                                     sign_mac, sizeof( sign_mac ),
+                                     &sign_mac_length ) );
+    TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Call update after verify finish. */
+    PSA_ASSERT( psa_mac_verify_setup( &operation,
+                                      handle, alg ) );
+    PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+    PSA_ASSERT( psa_mac_verify_finish( &operation,
+                                       verify_mac, sizeof( verify_mac ) ) );
+    TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Call sign finish twice in a row. */
+    PSA_ASSERT( psa_mac_sign_setup( &operation,
+                                    handle, alg ) );
+    PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+    PSA_ASSERT( psa_mac_sign_finish( &operation,
+                                     sign_mac, sizeof( sign_mac ),
+                                     &sign_mac_length ) );
+    TEST_EQUAL( psa_mac_sign_finish( &operation,
+                                     sign_mac, sizeof( sign_mac ),
+                                     &sign_mac_length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Call verify finish twice in a row. */
+    PSA_ASSERT( psa_mac_verify_setup( &operation,
+                                      handle, alg ) );
+    PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+    PSA_ASSERT( psa_mac_verify_finish( &operation,
+                                       verify_mac, sizeof( verify_mac ) ) );
+    TEST_EQUAL( psa_mac_verify_finish( &operation,
+                                       verify_mac, sizeof( verify_mac ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Setup sign but try verify. */
+    PSA_ASSERT( psa_mac_sign_setup( &operation,
+                                    handle, alg ) );
+    PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+    TEST_EQUAL( psa_mac_verify_finish( &operation,
+                                       verify_mac, sizeof( verify_mac ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+    /* Setup verify but try sign. */
+    PSA_ASSERT( psa_mac_verify_setup( &operation,
+                                      handle, alg ) );
+    PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+    TEST_EQUAL( psa_mac_sign_finish( &operation,
+                                     sign_mac, sizeof( sign_mac ),
+                                     &sign_mac_length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_mac_abort( &operation ) );
+
+exit:
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -2054,7 +2556,7 @@
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     /* Leave a little extra room in the output buffer. At the end of the
      * test, we'll check that the implementation didn't overwrite onto
      * this extra room. */
@@ -2069,12 +2571,11 @@
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     /* Calculate the MAC. */
     PSA_ASSERT( psa_mac_sign_setup( &operation,
@@ -2110,18 +2611,17 @@
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     PSA_ASSERT( psa_mac_verify_setup( &operation,
                                       handle, alg ) );
@@ -2141,6 +2641,9 @@
 /* BEGIN_CASE */
 void cipher_operation_init( )
 {
+    const uint8_t input[1] = { 0 };
+    unsigned char output[1] = { 0 };
+    size_t output_length;
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
@@ -2151,15 +2654,27 @@
 
     memset( &zero, 0, sizeof( zero ) );
 
-    /* Although not technically guaranteed by the C standard nor the PSA Crypto
-     * specification, we test that all valid ways of initializing the object
-     * have the same bit pattern. This is a stronger requirement that may not
-     * be valid on all platforms or PSA Crypto implementations, but implies the
-     * weaker actual requirement is met: that a freshly initialized object, no
-     * matter how it was initialized, acts the same as any other valid
-     * initialization. */
-    TEST_EQUAL( memcmp( &func, &zero, sizeof( zero ) ), 0 );
-    TEST_EQUAL( memcmp( &init, &zero, sizeof( zero ) ), 0 );
+    /* A freshly-initialized cipher operation should not be usable. */
+    TEST_EQUAL( psa_cipher_update( &func,
+                                   input, sizeof( input ),
+                                   output, sizeof( output ),
+                                   &output_length ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_cipher_update( &init,
+                                   input, sizeof( input ),
+                                   output, sizeof( output ),
+                                   &output_length ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_cipher_update( &zero,
+                                   input, sizeof( input ),
+                                   output, sizeof( output ),
+                                   &output_length ),
+                PSA_ERROR_BAD_STATE );
+
+    /* A default cipher operation should be abortable without error. */
+    PSA_ASSERT( psa_cipher_abort( &func ) );
+    PSA_ASSERT( psa_cipher_abort( &init ) );
+    PSA_ASSERT( psa_cipher_abort( &zero ) );
 }
 /* END_CASE */
 
@@ -2169,36 +2684,191 @@
                    int alg_arg,
                    int expected_status_arg )
 {
-    psa_key_handle_t handle = 0;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
     psa_status_t expected_status = expected_status_arg;
     psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
     psa_status_t status;
+#if defined(KNOWN_SUPPORTED_MAC_ALG)
+    const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
+#endif
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
-
-    status = psa_cipher_encrypt_setup( &operation, handle, alg );
-    psa_cipher_abort( &operation );
+    if( ! exercise_cipher_setup( key_type, key->x, key->len, alg,
+                                 &operation, &status ) )
+        goto exit;
     TEST_EQUAL( status, expected_status );
 
+    /* The operation object should be reusable. */
+#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
+    if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE,
+                                 smoke_test_key_data,
+                                 sizeof( smoke_test_key_data ),
+                                 KNOWN_SUPPORTED_CIPHER_ALG,
+                                 &operation, &status ) )
+        goto exit;
+    TEST_EQUAL( status, PSA_SUCCESS );
+#endif
+
 exit:
-    psa_destroy_key( handle );
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_bad_order( )
+{
+    psa_key_handle_t handle = 0;
+    psa_key_type_t key_type = PSA_KEY_TYPE_AES;
+    psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+    unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 };
+    const uint8_t key[] = {
+        0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+        0xaa, 0xaa, 0xaa, 0xaa };
+    const uint8_t text[] = {
+        0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+        0xbb, 0xbb, 0xbb, 0xbb };
+    uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 };
+    size_t length = 0;
+
+    PSA_ASSERT( psa_crypto_init( ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+    PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
+
+
+    /* Call encrypt setup twice in a row. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call decrypt setup twice in a row. */
+    PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) );
+    TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Generate an IV without calling setup beforehand. */
+    TEST_EQUAL( psa_cipher_generate_iv( &operation,
+                                        buffer, sizeof( buffer ),
+                                        &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Generate an IV twice in a row. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    PSA_ASSERT( psa_cipher_generate_iv( &operation,
+                                        buffer, sizeof( buffer ),
+                                        &length ) );
+    TEST_EQUAL( psa_cipher_generate_iv( &operation,
+                                        buffer, sizeof( buffer ),
+                                        &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Generate an IV after it's already set. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation,
+                                   iv, sizeof( iv ) ) );
+    TEST_EQUAL( psa_cipher_generate_iv( &operation,
+                                        buffer, sizeof( buffer ),
+                                        &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Set an IV without calling setup beforehand. */
+    TEST_EQUAL( psa_cipher_set_iv( &operation,
+                                   iv, sizeof( iv ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Set an IV after it's already set. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation,
+                                   iv, sizeof( iv ) ) );
+    TEST_EQUAL( psa_cipher_set_iv( &operation,
+                                   iv, sizeof( iv ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Set an IV after it's already generated. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    PSA_ASSERT( psa_cipher_generate_iv( &operation,
+                                        buffer, sizeof( buffer ),
+                                        &length ) );
+    TEST_EQUAL( psa_cipher_set_iv( &operation,
+                                   iv, sizeof( iv ) ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call update without calling setup beforehand. */
+    TEST_EQUAL( psa_cipher_update( &operation,
+                                   text, sizeof( text ),
+                                   buffer, sizeof( buffer ),
+                                   &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call update without an IV where an IV is required. */
+    TEST_EQUAL( psa_cipher_update( &operation,
+                                   text, sizeof( text ),
+                                   buffer, sizeof( buffer ),
+                                   &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call update after finish. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation,
+                                   iv, sizeof( iv ) ) );
+    PSA_ASSERT( psa_cipher_finish( &operation,
+                                   buffer, sizeof( buffer ), &length ) );
+    TEST_EQUAL( psa_cipher_update( &operation,
+                                   text, sizeof( text ),
+                                   buffer, sizeof( buffer ),
+                                   &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call finish without calling setup beforehand. */
+    TEST_EQUAL( psa_cipher_finish( &operation,
+                                   buffer, sizeof( buffer ), &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call finish without an IV where an IV is required. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    /* Not calling update means we are encrypting an empty buffer, which is OK
+     * for cipher modes with padding. */
+    TEST_EQUAL( psa_cipher_finish( &operation,
+                                   buffer, sizeof( buffer ), &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+    /* Call finish twice in a row. */
+    PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation,
+                                   iv, sizeof( iv ) ) );
+    PSA_ASSERT( psa_cipher_finish( &operation,
+                                   buffer, sizeof( buffer ), &length ) );
+    TEST_EQUAL( psa_cipher_finish( &operation,
+                                   buffer, sizeof( buffer ), &length ),
+                PSA_ERROR_BAD_STATE );
+    PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+exit:
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
 void cipher_encrypt( int alg_arg, int key_type_arg,
-                     data_t *key,
+                     data_t *key, data_t *iv,
                      data_t *input, data_t *expected_output,
                      int expected_status_arg )
 {
@@ -2207,32 +2877,25 @@
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
     psa_status_t expected_status = expected_status_arg;
-    unsigned char iv[16] = {0};
-    size_t iv_size;
     unsigned char *output = NULL;
     size_t output_buffer_size = 0;
     size_t function_output_length = 0;
     size_t total_output_length = 0;
     psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
-    iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
-    memset( iv, 0x2a, iv_size );
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
                                           handle, alg ) );
 
-    PSA_ASSERT( psa_cipher_set_iv( &operation,
-                                   iv, iv_size ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
     output_buffer_size = ( (size_t) input->len +
                            PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
     ASSERT_ALLOC( output, output_buffer_size );
@@ -2243,8 +2906,8 @@
                                    &function_output_length ) );
     total_output_length += function_output_length;
     status = psa_cipher_finish( &operation,
-                                output + function_output_length,
-                                output_buffer_size,
+                                output + total_output_length,
+                                output_buffer_size - total_output_length,
                                 &function_output_length );
     total_output_length += function_output_length;
 
@@ -2265,58 +2928,58 @@
 
 /* BEGIN_CASE */
 void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
-                               data_t *key,
+                               data_t *key, data_t *iv,
                                data_t *input,
-                               int first_part_size,
+                               int first_part_size_arg,
+                               int output1_length_arg, int output2_length_arg,
                                data_t *expected_output )
 {
     psa_key_handle_t handle = 0;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    unsigned char iv[16] = {0};
-    size_t iv_size;
+    size_t first_part_size = first_part_size_arg;
+    size_t output1_length = output1_length_arg;
+    size_t output2_length = output2_length_arg;
     unsigned char *output = NULL;
     size_t output_buffer_size = 0;
     size_t function_output_length = 0;
     size_t total_output_length = 0;
     psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
-    iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
-    memset( iv, 0x2a, iv_size );
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
                                           handle, alg ) );
 
-    PSA_ASSERT( psa_cipher_set_iv( &operation,
-                                   iv, sizeof( iv ) ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
     output_buffer_size = ( (size_t) input->len +
                            PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
     ASSERT_ALLOC( output, output_buffer_size );
 
-    TEST_ASSERT( (unsigned int) first_part_size < input->len );
+    TEST_ASSERT( first_part_size <= input->len );
     PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
                                    output, output_buffer_size,
                                    &function_output_length ) );
+    TEST_ASSERT( function_output_length == output1_length );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_update( &operation,
                                    input->x + first_part_size,
                                    input->len - first_part_size,
-                                   output, output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
+    TEST_ASSERT( function_output_length == output2_length );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_finish( &operation,
-                                   output + function_output_length,
-                                   output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -2333,61 +2996,61 @@
 
 /* BEGIN_CASE */
 void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
-                               data_t *key,
+                               data_t *key, data_t *iv,
                                data_t *input,
-                               int first_part_size,
+                               int first_part_size_arg,
+                               int output1_length_arg, int output2_length_arg,
                                data_t *expected_output )
 {
     psa_key_handle_t handle = 0;
 
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    unsigned char iv[16] = {0};
-    size_t iv_size;
+    size_t first_part_size = first_part_size_arg;
+    size_t output1_length = output1_length_arg;
+    size_t output2_length = output2_length_arg;
     unsigned char *output = NULL;
     size_t output_buffer_size = 0;
     size_t function_output_length = 0;
     size_t total_output_length = 0;
     psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
-    iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
-    memset( iv, 0x2a, iv_size );
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
                                           handle, alg ) );
 
-    PSA_ASSERT( psa_cipher_set_iv( &operation,
-                                   iv, sizeof( iv ) ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
 
     output_buffer_size = ( (size_t) input->len +
                            PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
     ASSERT_ALLOC( output, output_buffer_size );
 
-    TEST_ASSERT( (unsigned int) first_part_size < input->len );
+    TEST_ASSERT( first_part_size <= input->len );
     PSA_ASSERT( psa_cipher_update( &operation,
                                    input->x, first_part_size,
                                    output, output_buffer_size,
                                    &function_output_length ) );
+    TEST_ASSERT( function_output_length == output1_length );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_update( &operation,
                                    input->x + first_part_size,
                                    input->len - first_part_size,
-                                   output, output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
+    TEST_ASSERT( function_output_length == output2_length );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_finish( &operation,
-                                   output + function_output_length,
-                                   output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -2404,7 +3067,7 @@
 
 /* BEGIN_CASE */
 void cipher_decrypt( int alg_arg, int key_type_arg,
-                     data_t *key,
+                     data_t *key, data_t *iv,
                      data_t *input, data_t *expected_output,
                      int expected_status_arg )
 {
@@ -2413,32 +3076,25 @@
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
     psa_status_t expected_status = expected_status_arg;
-    unsigned char iv[16] = {0};
-    size_t iv_size;
     unsigned char *output = NULL;
     size_t output_buffer_size = 0;
     size_t function_output_length = 0;
     size_t total_output_length = 0;
     psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
-    iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
-    memset( iv, 0x2a, iv_size );
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
                                           handle, alg ) );
 
-    PSA_ASSERT( psa_cipher_set_iv( &operation,
-                                   iv, iv_size ) );
+    PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
 
     output_buffer_size = ( (size_t) input->len +
                            PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
@@ -2450,8 +3106,8 @@
                                    &function_output_length ) );
     total_output_length += function_output_length;
     status = psa_cipher_finish( &operation,
-                                output + function_output_length,
-                                output_buffer_size,
+                                output + total_output_length,
+                                output_buffer_size - total_output_length,
                                 &function_output_length );
     total_output_length += function_output_length;
     TEST_EQUAL( status, expected_status );
@@ -2490,16 +3146,15 @@
     size_t function_output_length = 0;
     psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
     psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
                                           handle, alg ) );
@@ -2517,7 +3172,8 @@
                                    output1, output1_size,
                                    &output1_length ) );
     PSA_ASSERT( psa_cipher_finish( &operation1,
-                                   output1 + output1_length, output1_size,
+                                   output1 + output1_length,
+                                   output1_size - output1_length,
                                    &function_output_length ) );
 
     output1_length += function_output_length;
@@ -2535,7 +3191,7 @@
     function_output_length = 0;
     PSA_ASSERT( psa_cipher_finish( &operation2,
                                    output2 + output2_length,
-                                   output2_size,
+                                   output2_size - output2_length,
                                    &function_output_length ) );
 
     output2_length += function_output_length;
@@ -2557,11 +3213,12 @@
                                      int key_type_arg,
                                      data_t *key,
                                      data_t *input,
-                                     int first_part_size )
+                                     int first_part_size_arg )
 {
     psa_key_handle_t handle = 0;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
+    size_t first_part_size = first_part_size_arg;
     unsigned char iv[16] = {0};
     size_t iv_size = 16;
     size_t iv_length = 0;
@@ -2574,16 +3231,15 @@
     size_t function_output_length;
     psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
     psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key->x, key->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
 
     PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
                                           handle, alg ) );
@@ -2597,7 +3253,7 @@
                             PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
     ASSERT_ALLOC( output1, output1_buffer_size );
 
-    TEST_ASSERT( (unsigned int) first_part_size < input->len );
+    TEST_ASSERT( first_part_size <= input->len );
 
     PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
                                    output1, output1_buffer_size,
@@ -2671,23 +3327,26 @@
     size_t output_length = 0;
     unsigned char *output_data2 = NULL;
     size_t output_length2 = 0;
-    size_t tag_length = 16;
+    size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
     psa_status_t expected_result = expected_result_arg;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     output_size = input_data->len + tag_length;
+    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+     * should be exact. */
+    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+        TEST_EQUAL( output_size,
+                    PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
     ASSERT_ALLOC( output_data, output_size );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                              alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x, key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     TEST_EQUAL( psa_aead_encrypt( handle, alg,
                                   nonce->x, nonce->len,
@@ -2702,6 +3361,11 @@
     {
         ASSERT_ALLOC( output_data2, output_length );
 
+        /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+         * should be exact. */
+        TEST_EQUAL( input_data->len,
+                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
+
         TEST_EQUAL( psa_aead_decrypt( handle, alg,
                                       nonce->x, nonce->len,
                                       additional_data->x,
@@ -2737,21 +3401,24 @@
     unsigned char *output_data = NULL;
     size_t output_size = 0;
     size_t output_length = 0;
-    size_t tag_length = 16;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     output_size = input_data->len + tag_length;
+    /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+     * should be exact. */
+    TEST_EQUAL( output_size,
+                PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
     ASSERT_ALLOC( output_data, output_size );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     PSA_ASSERT( psa_aead_encrypt( handle, alg,
                                   nonce->x, nonce->len,
@@ -2785,22 +3452,26 @@
     unsigned char *output_data = NULL;
     size_t output_size = 0;
     size_t output_length = 0;
-    size_t tag_length = 16;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t expected_result = expected_result_arg;
 
-    output_size = input_data->len + tag_length;
+    output_size = input_data->len - tag_length;
+    /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+     * should be exact. */
+    if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+        TEST_EQUAL( output_size,
+                    PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) );
     ASSERT_ALLOC( output_data, output_size );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT  );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     TEST_EQUAL( psa_aead_decrypt( handle, alg,
                                   nonce->x, nonce->len,
@@ -2849,20 +3520,18 @@
     unsigned char *signature = NULL;
     size_t signature_size;
     size_t signature_length = 0xdeadbeef;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         NULL,
-                                         &key_bits ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
 
     /* Allocate a buffer which has the size advertized by the
      * library. */
@@ -2882,6 +3551,7 @@
                     signature, signature_length );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( signature );
     mbedtls_psa_crypto_free( );
@@ -2901,19 +3571,18 @@
     psa_status_t expected_status = expected_status_arg;
     unsigned char *signature = NULL;
     size_t signature_length = 0xdeadbeef;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     ASSERT_ALLOC( signature, signature_size );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     actual_status = psa_asymmetric_sign( handle, alg,
                                          input_data->x, input_data->len,
@@ -2927,6 +3596,7 @@
     TEST_ASSERT( signature_length <= signature_size );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( signature );
     mbedtls_psa_crypto_free( );
@@ -2944,22 +3614,18 @@
     unsigned char *signature = NULL;
     size_t signature_size;
     size_t signature_length = 0xdeadbeef;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
-                              alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         NULL,
-                                         &key_bits ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
 
     /* Allocate a buffer which has the size advertized by the
      * library. */
@@ -2997,6 +3663,7 @@
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( signature );
     mbedtls_psa_crypto_free( );
@@ -3011,25 +3678,25 @@
     psa_key_handle_t handle = 0;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     PSA_ASSERT( psa_asymmetric_verify( handle, alg,
                                        hash_data->x, hash_data->len,
                                        signature_data->x,
                                        signature_data->len ) );
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -3046,17 +3713,16 @@
     psa_algorithm_t alg = alg_arg;
     psa_status_t actual_status;
     psa_status_t expected_status = expected_status_arg;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     actual_status = psa_asymmetric_verify( handle, alg,
                                            hash_data->x, hash_data->len,
@@ -3066,6 +3732,7 @@
     TEST_EQUAL( actual_status, expected_status );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -3090,22 +3757,20 @@
     size_t output_length = ~0;
     psa_status_t actual_status;
     psa_status_t expected_status = expected_status_arg;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
     /* Import the key */
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     /* Determine the maximum output length */
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         NULL,
-                                         &key_bits ) );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
     output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
     ASSERT_ALLOC( output, output_size );
 
@@ -3135,6 +3800,7 @@
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_psa_crypto_free( );
@@ -3158,24 +3824,20 @@
     unsigned char *output2 = NULL;
     size_t output2_size;
     size_t output2_length = ~0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                              alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     /* Determine the maximum ciphertext length */
-    PSA_ASSERT( psa_get_key_information( handle,
-                                         NULL,
-                                         &key_bits ) );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    key_bits = psa_get_key_bits( &attributes );
     output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
     ASSERT_ALLOC( output, output_size );
     output2_size = input_data->len;
@@ -3202,6 +3864,7 @@
                     output2, output2_length );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_free( output2 );
@@ -3223,20 +3886,19 @@
     unsigned char *output = NULL;
     size_t output_size = 0;
     size_t output_length = ~0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-    output_size = key_data->len;
+    output_size = expected_data->len;
     ASSERT_ALLOC( output, output_size );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
                                         input_data->x, input_data->len,
@@ -3265,6 +3927,7 @@
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_psa_crypto_free( );
@@ -3277,30 +3940,29 @@
                               int alg_arg,
                               data_t *input_data,
                               data_t *label,
+                              int output_size_arg,
                               int expected_status_arg  )
 {
     psa_key_handle_t handle = 0;
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t alg = alg_arg;
     unsigned char *output = NULL;
-    size_t output_size = 0;
+    size_t output_size = output_size_arg;
     size_t output_length = ~0;
     psa_status_t actual_status;
     psa_status_t expected_status = expected_status_arg;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-    output_size = key_data->len;
     ASSERT_ALLOC( output, output_size );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     actual_status = psa_asymmetric_decrypt( handle, alg,
                                             input_data->x, input_data->len,
@@ -3327,6 +3989,7 @@
     }
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_key( handle );
     mbedtls_free( output );
     mbedtls_psa_crypto_free( );
@@ -3334,27 +3997,31 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void crypto_generator_init( )
+void key_derivation_init( )
 {
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
      * to supress the Clang warning for the test. */
-    psa_crypto_generator_t func = psa_crypto_generator_init( );
-    psa_crypto_generator_t init = PSA_CRYPTO_GENERATOR_INIT;
-    psa_crypto_generator_t zero;
+    size_t capacity;
+    psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
+    psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t zero;
 
     memset( &zero, 0, sizeof( zero ) );
 
-    /* Although not technically guaranteed by the C standard nor the PSA Crypto
-     * specification, we test that all valid ways of initializing the object
-     * have the same bit pattern. This is a stronger requirement that may not
-     * be valid on all platforms or PSA Crypto implementations, but implies the
-     * weaker actual requirement is met: that a freshly initialized object, no
-     * matter how it was initialized, acts the same as any other valid
-     * initialization. */
-    TEST_EQUAL( memcmp( &func, &zero, sizeof( zero ) ), 0 );
-    TEST_EQUAL( memcmp( &init, &zero, sizeof( zero ) ), 0 );
+    /* A default operation should not be able to report its capacity. */
+    TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
+                PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
+                PSA_ERROR_BAD_STATE );
+
+    /* A default operation should be abortable without error. */
+    PSA_ASSERT( psa_key_derivation_abort(&func) );
+    PSA_ASSERT( psa_key_derivation_abort(&init) );
+    PSA_ASSERT( psa_key_derivation_abort(&zero) );
 }
 /* END_CASE */
 
@@ -3372,105 +4039,106 @@
     psa_algorithm_t alg = alg_arg;
     size_t requested_capacity = requested_capacity_arg;
     psa_status_t expected_status = expected_status_arg;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
-    TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
+    TEST_EQUAL( psa_key_derivation( &operation, handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     requested_capacity ),
                 expected_status );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void test_derive_invalid_generator_state( )
+void test_derive_invalid_key_derivation_state( )
 {
     psa_key_handle_t handle = 0;
     size_t key_type = PSA_KEY_TYPE_DERIVE;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
     uint8_t buffer[42];
     size_t capacity = sizeof( buffer );
     const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
                                    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
                                    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, key_type );
 
-    PSA_ASSERT( psa_import_key( handle, key_type,
-                                key_data,
-                                sizeof( key_data ) ) );
+    PSA_ASSERT( psa_import_key( &attributes,
+                                key_data, sizeof( key_data ),
+                                &handle ) );
 
     /* valid key derivation */
-    PSA_ASSERT(  psa_key_derivation( &generator, handle, alg,
+    PSA_ASSERT(  psa_key_derivation( &operation, handle, alg,
                                      NULL, 0,
                                      NULL, 0,
                                      capacity ) );
 
-    /* state of generator shouldn't allow additional generation */
-    TEST_EQUAL(  psa_key_derivation( &generator, handle, alg,
+    /* state of operation shouldn't allow additional generation */
+    TEST_EQUAL(  psa_key_derivation( &operation, handle, alg,
                                      NULL, 0,
                                      NULL, 0,
                                      capacity ),
                  PSA_ERROR_BAD_STATE );
 
-    PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) );
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
 
-    TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ),
-                PSA_ERROR_INSUFFICIENT_CAPACITY );
+    TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
+                PSA_ERROR_INSUFFICIENT_DATA );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void test_derive_invalid_generator_tests( )
+void test_derive_invalid_key_derivation_tests( )
 {
     uint8_t output_buffer[16];
     size_t buffer_size = 16;
     size_t capacity = 0;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
 
-    TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
-                 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
+    TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                  output_buffer, buffer_size )
+                 == PSA_ERROR_BAD_STATE );
 
-    TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
-                 == PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183
+    TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
+                 == PSA_ERROR_BAD_STATE );
 
-    PSA_ASSERT( psa_generator_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
-    TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
-                 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
+    TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                  output_buffer, buffer_size )
+                 == PSA_ERROR_BAD_STATE );
 
-    TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
-                 == PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183
+    TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
+                 == PSA_ERROR_BAD_STATE );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
 }
 /* END_CASE */
 
@@ -3486,7 +4154,7 @@
     psa_key_handle_t handle = 0;
     psa_algorithm_t alg = alg_arg;
     size_t requested_capacity = requested_capacity_arg;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     uint8_t *expected_outputs[2] =
         {expected_output1->x, expected_output2->x};
     size_t output_sizes[2] =
@@ -3495,7 +4163,7 @@
     uint8_t *output_buffer = NULL;
     size_t expected_capacity;
     size_t current_capacity;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status;
     unsigned i;
 
@@ -3509,40 +4177,39 @@
     ASSERT_ALLOC( output_buffer, output_buffer_size );
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
 
-    PSA_ASSERT( psa_import_key( handle, PSA_KEY_TYPE_DERIVE,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     /* Extraction phase. */
     if( PSA_ALG_IS_HKDF( alg ) )
     {
-        PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-        PSA_ASSERT( psa_set_generator_capacity( &generator,
-                                                requested_capacity ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
-                                                    PSA_KDF_STEP_SALT,
+        PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+        PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
+                                                     requested_capacity ) );
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                    PSA_KEY_DERIVATION_INPUT_SALT,
                                                     salt->x, salt->len ) );
-        PSA_ASSERT( psa_key_derivation_input_key( &generator,
-                                                  PSA_KDF_STEP_SECRET,
+        PSA_ASSERT( psa_key_derivation_input_key( &operation,
+                                                  PSA_KEY_DERIVATION_INPUT_SECRET,
                                                   handle ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
-                                                    PSA_KDF_STEP_INFO,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                    PSA_KEY_DERIVATION_INPUT_INFO,
                                                     label->x, label->len ) );
     }
     else
     {
         // legacy
-        PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+        PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
                                         salt->x, salt->len,
                                         label->x, label->len,
                                         requested_capacity ) );
     }
-    PSA_ASSERT( psa_get_generator_capacity( &generator,
-                                            &current_capacity ) );
+    PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+                                                 &current_capacity ) );
     TEST_EQUAL( current_capacity, requested_capacity );
     expected_capacity = requested_capacity;
 
@@ -3550,20 +4217,20 @@
     for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
     {
         /* Read some bytes. */
-        status = psa_generator_read( &generator,
-                                     output_buffer, output_sizes[i] );
+        status = psa_key_derivation_output_bytes( &operation,
+                                                  output_buffer, output_sizes[i] );
         if( expected_capacity == 0 && output_sizes[i] == 0 )
         {
             /* Reading 0 bytes when 0 bytes are available can go either way. */
             TEST_ASSERT( status == PSA_SUCCESS ||
-                         status == PSA_ERROR_INSUFFICIENT_CAPACITY );
+                         status == PSA_ERROR_INSUFFICIENT_DATA );
             continue;
         }
         else if( expected_capacity == 0 ||
                  output_sizes[i] > expected_capacity )
         {
             /* Capacity exceeded. */
-            TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_CAPACITY );
+            TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
             expected_capacity = 0;
             continue;
         }
@@ -3572,17 +4239,17 @@
         if( output_sizes[i] != 0 )
             ASSERT_COMPARE( output_buffer, output_sizes[i],
                             expected_outputs[i], output_sizes[i] );
-        /* Check the generator status. */
+        /* Check the operation status. */
         expected_capacity -= output_sizes[i];
-        PSA_ASSERT( psa_get_generator_capacity( &generator,
-                                                &current_capacity ) );
+        PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+                                                     &current_capacity ) );
         TEST_EQUAL( expected_capacity, current_capacity );
     }
-    PSA_ASSERT( psa_generator_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
 exit:
     mbedtls_free( output_buffer );
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -3598,48 +4265,47 @@
     psa_key_handle_t handle = 0;
     psa_algorithm_t alg = alg_arg;
     size_t requested_capacity = requested_capacity_arg;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char output_buffer[16];
     size_t expected_capacity = requested_capacity;
     size_t current_capacity;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
 
-    PSA_ASSERT( psa_import_key( handle, PSA_KEY_TYPE_DERIVE,
-                                key_data->x,
-                                key_data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
 
     /* Extraction phase. */
     if( PSA_ALG_IS_HKDF( alg ) )
     {
-        PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-        PSA_ASSERT( psa_set_generator_capacity( &generator,
-                                                requested_capacity ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
-                                                    PSA_KDF_STEP_SALT,
+        PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+        PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
+                                                     requested_capacity ) );
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                    PSA_KEY_DERIVATION_INPUT_SALT,
                                                     salt->x, salt->len ) );
-        PSA_ASSERT( psa_key_derivation_input_key( &generator,
-                                                  PSA_KDF_STEP_SECRET,
+        PSA_ASSERT( psa_key_derivation_input_key( &operation,
+                                                  PSA_KEY_DERIVATION_INPUT_SECRET,
                                                   handle ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
-                                                    PSA_KDF_STEP_INFO,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                    PSA_KEY_DERIVATION_INPUT_INFO,
                                                     label->x, label->len ) );
     }
     else
     {
         // legacy
-        PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+        PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
                                         salt->x, salt->len,
                                         label->x, label->len,
                                         requested_capacity ) );
     }
-    PSA_ASSERT( psa_get_generator_capacity( &generator,
-                                            &current_capacity ) );
+    PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+                                                 &current_capacity ) );
     TEST_EQUAL( current_capacity, expected_capacity );
 
     /* Expansion phase. */
@@ -3648,23 +4314,23 @@
         size_t read_size = sizeof( output_buffer );
         if( read_size > current_capacity )
             read_size = current_capacity;
-        PSA_ASSERT( psa_generator_read( &generator,
-                                        output_buffer,
-                                        read_size ) );
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                     output_buffer,
+                                                     read_size ) );
         expected_capacity -= read_size;
-        PSA_ASSERT( psa_get_generator_capacity( &generator,
-                                                &current_capacity ) );
+        PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
+                                                     &current_capacity ) );
         TEST_EQUAL( current_capacity, expected_capacity );
     }
 
-    /* Check that the generator refuses to go over capacity. */
-    TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ),
-                PSA_ERROR_INSUFFICIENT_CAPACITY );
+    /* Check that the operation refuses to go over capacity. */
+    TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
+                PSA_ERROR_INSUFFICIENT_DATA );
 
-    PSA_ASSERT( psa_generator_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -3688,46 +4354,42 @@
     psa_key_usage_t derived_usage = derived_usage_arg;
     psa_algorithm_t derived_alg = derived_alg_arg;
     size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_key_type_t got_type;
-    size_t got_bits;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &base_handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) );
-    PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE,
-                                key_data->x,
-                                key_data->len ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &base_handle ) );
 
     /* Derive a key. */
-    PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+    PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     capacity ) );
-    PSA_ASSERT( psa_allocate_key( &derived_handle ) );
-    psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
-    PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
-    PSA_ASSERT( psa_generator_import_key( derived_handle,
-                                          derived_type,
-                                          derived_bits,
-                                          &generator ) );
+    psa_set_key_usage_flags( &attributes, derived_usage );
+    psa_set_key_algorithm( &attributes, derived_alg );
+    psa_set_key_type( &attributes, derived_type );
+    psa_set_key_bits( &attributes, derived_bits );
+    PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
+                                               &derived_handle ) );
 
     /* Test the key information */
-    PSA_ASSERT( psa_get_key_information( derived_handle,
-                                         &got_type,
-                                         &got_bits ) );
-    TEST_EQUAL( got_type, derived_type );
-    TEST_EQUAL( got_bits, derived_bits );
+    PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) );
+    TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
+    TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
 
     /* Exercise the derived key. */
     if( ! exercise_key( derived_handle, derived_usage, derived_alg ) )
         goto exit;
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
+    psa_reset_key_attributes( &got_attributes );
     psa_destroy_key( base_handle );
     psa_destroy_key( derived_handle );
     mbedtls_psa_crypto_free( );
@@ -3746,59 +4408,54 @@
     psa_key_handle_t derived_handle = 0;
     psa_algorithm_t alg = alg_arg;
     size_t bytes1 = bytes1_arg;
-    size_t derived_bits = PSA_BYTES_TO_BITS( bytes1 );
     size_t bytes2 = bytes2_arg;
     size_t capacity = bytes1 + bytes2;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     uint8_t *output_buffer = NULL;
     uint8_t *export_buffer = NULL;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
     size_t length;
 
     ASSERT_ALLOC( output_buffer, capacity );
     ASSERT_ALLOC( export_buffer, capacity );
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &base_handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) );
-    PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE,
-                                key_data->x,
-                                key_data->len ) );
+    psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &base_attributes, alg );
+    psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
+    PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
+                                &base_handle ) );
 
     /* Derive some material and output it. */
-    PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+    PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     capacity ) );
-    PSA_ASSERT( psa_generator_read( &generator,
-                                    output_buffer,
-                                    capacity ) );
-    PSA_ASSERT( psa_generator_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                 output_buffer,
+                                                 capacity ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
     /* Derive the same output again, but this time store it in key objects. */
-    PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+    PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     capacity ) );
-    PSA_ASSERT( psa_allocate_key( &derived_handle ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
-    PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
-    PSA_ASSERT( psa_generator_import_key( derived_handle,
-                                          PSA_KEY_TYPE_RAW_DATA,
-                                          derived_bits,
-                                          &generator ) );
+    psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &derived_attributes, 0 );
+    psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
+    psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
+    PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
+                                               &derived_handle ) );
     PSA_ASSERT( psa_export_key( derived_handle,
                                 export_buffer, bytes1,
                                 &length ) );
     TEST_EQUAL( length, bytes1 );
     PSA_ASSERT( psa_destroy_key( derived_handle ) );
-    PSA_ASSERT( psa_allocate_key( &derived_handle ) );
-    PSA_ASSERT( psa_set_key_policy( derived_handle, &policy ) );
-    PSA_ASSERT( psa_generator_import_key( derived_handle,
-                                          PSA_KEY_TYPE_RAW_DATA,
-                                          PSA_BYTES_TO_BITS( bytes2 ),
-                                          &generator ) );
+    psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
+    PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
+                                               &derived_handle ) );
     PSA_ASSERT( psa_export_key( derived_handle,
                                 export_buffer + bytes1, bytes2,
                                 &length ) );
@@ -3811,7 +4468,7 @@
 exit:
     mbedtls_free( output_buffer );
     mbedtls_free( export_buffer );
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( base_handle );
     psa_destroy_key( derived_handle );
     mbedtls_psa_crypto_free( );
@@ -3827,26 +4484,77 @@
     psa_key_handle_t our_key = 0;
     psa_algorithm_t alg = alg_arg;
     psa_key_type_t our_key_type = our_key_type_arg;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t expected_status = expected_status_arg;
+    psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &our_key ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
-    PSA_ASSERT( psa_import_key( our_key, our_key_type,
-                                our_key_data->x,
-                                our_key_data->len ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, our_key_type );
+    PSA_ASSERT( psa_import_key( &attributes,
+                                our_key_data->x, our_key_data->len,
+                                &our_key ) );
 
-    PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-    TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
-                                   our_key,
-                                   peer_key_data->x, peer_key_data->len ),
-                expected_status_arg );
+    /* The tests currently include inputs that should fail at either step.
+     * Test cases that fail at the setup step should be changed to call
+     * key_derivation_setup instead, and this function should be renamed
+     * to key_agreement_fail. */
+    status = psa_key_derivation_setup( &operation, alg );
+    if( status == PSA_SUCCESS )
+    {
+        TEST_EQUAL( psa_key_derivation_key_agreement(
+                        &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+                        our_key,
+                        peer_key_data->x, peer_key_data->len ),
+                    expected_status );
+    }
+    else
+    {
+        TEST_ASSERT( status == expected_status );
+    }
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
+    psa_destroy_key( our_key );
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void raw_key_agreement( int alg_arg,
+                        int our_key_type_arg, data_t *our_key_data,
+                        data_t *peer_key_data,
+                        data_t *expected_output )
+{
+    psa_key_handle_t our_key = 0;
+    psa_algorithm_t alg = alg_arg;
+    psa_key_type_t our_key_type = our_key_type_arg;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    unsigned char *output = NULL;
+    size_t output_length = ~0;
+
+    ASSERT_ALLOC( output, expected_output->len );
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, our_key_type );
+    PSA_ASSERT( psa_import_key( &attributes,
+                                our_key_data->x, our_key_data->len,
+                                &our_key ) );
+
+    PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
+                                       peer_key_data->x, peer_key_data->len,
+                                       output, expected_output->len,
+                                       &output_length ) );
+    ASSERT_COMPARE( output, output_length,
+                    expected_output->x, expected_output->len );
+
+exit:
+    mbedtls_free( output );
     psa_destroy_key( our_key );
     mbedtls_psa_crypto_free( );
 }
@@ -3861,44 +4569,52 @@
     psa_key_handle_t our_key = 0;
     psa_algorithm_t alg = alg_arg;
     psa_key_type_t our_key_type = our_key_type_arg;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     size_t actual_capacity;
     unsigned char output[16];
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &our_key ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
-    PSA_ASSERT( psa_import_key( our_key, our_key_type,
-                                our_key_data->x,
-                                our_key_data->len ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, our_key_type );
+    PSA_ASSERT( psa_import_key( &attributes,
+                                our_key_data->x, our_key_data->len,
+                                &our_key ) );
 
-    PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-    PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
-                                   our_key,
-                                   peer_key_data->x, peer_key_data->len ) );
+    PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+    PSA_ASSERT( psa_key_derivation_key_agreement(
+                    &operation,
+                    PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
+                    peer_key_data->x, peer_key_data->len ) );
+    if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
+    {
+        /* The test data is for info="" */
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                    PSA_KEY_DERIVATION_INPUT_INFO,
+                                                    NULL, 0 ) );
+    }
 
     /* Test the advertized capacity. */
-    PSA_ASSERT( psa_get_generator_capacity(
-                    &generator, &actual_capacity ) );
+    PSA_ASSERT( psa_key_derivation_get_capacity(
+                    &operation, &actual_capacity ) );
     TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
 
     /* Test the actual capacity by reading the output. */
     while( actual_capacity > sizeof( output ) )
     {
-        PSA_ASSERT( psa_generator_read( &generator,
-                                        output, sizeof( output ) ) );
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                     output, sizeof( output ) ) );
         actual_capacity -= sizeof( output );
     }
-    PSA_ASSERT( psa_generator_read( &generator,
-                                    output, actual_capacity ) );
-    TEST_EQUAL( psa_generator_read( &generator, output, 1 ),
-                PSA_ERROR_INSUFFICIENT_CAPACITY );
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                 output, actual_capacity ) );
+    TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
+                PSA_ERROR_INSUFFICIENT_DATA );
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( our_key );
     mbedtls_psa_crypto_free( );
 }
@@ -3913,8 +4629,8 @@
     psa_key_handle_t our_key = 0;
     psa_algorithm_t alg = alg_arg;
     psa_key_type_t our_key_type = our_key_type_arg;
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     uint8_t *actual_output = NULL;
 
     ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
@@ -3922,34 +4638,42 @@
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &our_key ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
-    PSA_ASSERT( psa_set_key_policy( our_key, &policy ) );
-    PSA_ASSERT( psa_import_key( our_key, our_key_type,
-                                our_key_data->x,
-                                our_key_data->len ) );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, our_key_type );
+    PSA_ASSERT( psa_import_key( &attributes,
+                                our_key_data->x, our_key_data->len,
+                                &our_key ) );
 
-    PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-    PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
-                                   our_key,
-                                   peer_key_data->x, peer_key_data->len ) );
+    PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+    PSA_ASSERT( psa_key_derivation_key_agreement(
+                    &operation,
+                    PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
+                    peer_key_data->x, peer_key_data->len ) );
+    if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
+    {
+        /* The test data is for info="" */
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
+                                                    PSA_KEY_DERIVATION_INPUT_INFO,
+                                                    NULL, 0 ) );
+    }
 
-    PSA_ASSERT( psa_generator_read( &generator,
-                                    actual_output,
-                                    expected_output1->len ) );
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                 actual_output,
+                                                 expected_output1->len ) );
     ASSERT_COMPARE( actual_output, expected_output1->len,
                     expected_output1->x, expected_output1->len );
     if( expected_output2->len != 0 )
     {
-        PSA_ASSERT( psa_generator_read( &generator,
-                                        actual_output,
-                                        expected_output2->len ) );
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
+                                                     actual_output,
+                                                     expected_output2->len ) );
         ASSERT_COMPARE( actual_output, expected_output2->len,
                         expected_output2->x, expected_output2->len );
     }
 
 exit:
-    psa_generator_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( our_key );
     mbedtls_psa_crypto_free( );
     mbedtls_free( actual_output );
@@ -4020,160 +4744,272 @@
     size_t bits = bits_arg;
     psa_algorithm_t alg = alg_arg;
     psa_status_t expected_status = expected_status_arg;
-    psa_key_type_t got_type;
-    size_t got_bits;
-    psa_status_t expected_info_status =
-        expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_allocate_key( &handle ) );
-    psa_key_policy_set_usage( &policy, usage, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_bits( &attributes, bits );
 
     /* Generate a key */
-    TEST_EQUAL( psa_generate_key( handle, type, bits, NULL, 0 ),
-                expected_status );
+    TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+    if( expected_status != PSA_SUCCESS )
+        goto exit;
 
     /* Test the key information */
-    TEST_EQUAL( psa_get_key_information( handle, &got_type, &got_bits ),
-                expected_info_status );
-    if( expected_info_status != PSA_SUCCESS )
-        goto exit;
-    TEST_EQUAL( got_type, type );
-    TEST_EQUAL( got_bits, bits );
+    PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+    TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
+    TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
 
     /* Do something with the key according to its type and permitted usage. */
     if( ! exercise_key( handle, usage, alg ) )
         goto exit;
 
 exit:
+    psa_reset_key_attributes( &got_attributes );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
-void persistent_key_load_key_from_storage( data_t *data, int type_arg,
-                                           int bits, int usage_arg,
-                                           int alg_arg, int generation_method,
-                                           int export_status )
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 */
+void generate_key_rsa( int bits_arg,
+                       data_t *e_arg,
+                       int expected_status_arg )
 {
     psa_key_handle_t handle = 0;
-    psa_key_handle_t base_key;
-    psa_key_type_t type = (psa_key_type_t) type_arg;
-    psa_key_type_t type_get;
-    size_t bits_get;
-    psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
-    psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
-    psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg;
-    psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg;
-    psa_key_policy_t base_policy_set = PSA_KEY_POLICY_INIT;
-    psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
-    psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+    psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+    size_t bits = bits_arg;
+    psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+    psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
+    psa_status_t expected_status = expected_status_arg;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    uint8_t *exported = NULL;
+    size_t exported_size =
+        PSA_KEY_EXPORT_MAX_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits );
+    size_t exported_length = SIZE_MAX;
+    uint8_t *e_read_buffer = NULL;
+    int is_default_public_exponent = 0;
+    size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits );
+    size_t e_read_length = SIZE_MAX;
+
+    if( e_arg->len == 0 ||
+        ( e_arg->len == 3 &&
+          e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) )
+    {
+        is_default_public_exponent = 1;
+        e_read_size = 0;
+    }
+    ASSERT_ALLOC( e_read_buffer, e_read_size );
+    ASSERT_ALLOC( exported, exported_size );
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, alg );
+    PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type,
+                                               e_arg->x, e_arg->len ) );
+    psa_set_key_bits( &attributes, bits );
+
+    /* Generate a key */
+    TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+    if( expected_status != PSA_SUCCESS )
+        goto exit;
+
+    /* Test the key information */
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    TEST_EQUAL( psa_get_key_type( &attributes ), type );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+    PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
+                                               e_read_buffer, e_read_size,
+                                               &e_read_length ) );
+    if( is_default_public_exponent )
+        TEST_EQUAL( e_read_length, 0 );
+    else
+        ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
+
+    /* Do something with the key according to its type and permitted usage. */
+    if( ! exercise_key( handle, usage, alg ) )
+        goto exit;
+
+    /* Export the key and check the public exponent. */
+    PSA_ASSERT( psa_export_public_key( handle,
+                                       exported, exported_size,
+                                       &exported_length ) );
+    {
+        uint8_t *p = exported;
+        uint8_t *end = exported + exported_length;
+        size_t len;
+        /*   RSAPublicKey ::= SEQUENCE {
+         *      modulus            INTEGER,    -- n
+         *      publicExponent     INTEGER  }  -- e
+         */
+        TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
+                                             MBEDTLS_ASN1_SEQUENCE |
+                                             MBEDTLS_ASN1_CONSTRUCTED ) );
+        TEST_ASSERT( asn1_skip_integer( &p, end, bits, bits, 1 ) );
+        TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
+                                             MBEDTLS_ASN1_INTEGER ) );
+        if( len >= 1 && p[0] == 0 )
+        {
+            ++p;
+            --len;
+        }
+        if( e_arg->len == 0 )
+        {
+            TEST_EQUAL( len, 3 );
+            TEST_EQUAL( p[0], 1 );
+            TEST_EQUAL( p[1], 0 );
+            TEST_EQUAL( p[2], 1 );
+        }
+        else
+            ASSERT_COMPARE( p, len, e_arg->x, e_arg->len );
+    }
+
+exit:
+    psa_reset_key_attributes( &attributes );
+    psa_destroy_key( handle );
+    mbedtls_psa_crypto_free( );
+    mbedtls_free( e_read_buffer );
+    mbedtls_free( exported );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+void persistent_key_load_key_from_storage( data_t *data,
+                                           int type_arg, int bits_arg,
+                                           int usage_flags_arg, int alg_arg,
+                                           int generation_method )
+{
+    psa_key_id_t key_id = 1;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_handle_t handle = 0;
+    psa_key_handle_t base_key = 0;
+    psa_key_type_t type = type_arg;
+    size_t bits = bits_arg;
+    psa_key_usage_t usage_flags = usage_flags_arg;
+    psa_algorithm_t alg = alg_arg;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char *first_export = NULL;
     unsigned char *second_export = NULL;
     size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
     size_t first_exported_length;
     size_t second_exported_length;
 
-    ASSERT_ALLOC( first_export, export_size );
-    ASSERT_ALLOC( second_export, export_size );
+    if( usage_flags & PSA_KEY_USAGE_EXPORT )
+    {
+        ASSERT_ALLOC( first_export, export_size );
+        ASSERT_ALLOC( second_export, export_size );
+    }
 
     PSA_ASSERT( psa_crypto_init() );
 
-    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
-                                &handle ) );
-    psa_key_policy_set_usage( &policy_set, policy_usage,
-                              policy_alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
+    psa_set_key_id( &attributes, key_id );
+    psa_set_key_usage_flags( &attributes, usage_flags );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_bits( &attributes, bits );
 
     switch( generation_method )
     {
         case IMPORT_KEY:
             /* Import the key */
-            PSA_ASSERT( psa_import_key( handle, type,
-                                        data->x, data->len ) );
+            PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
+                                        &handle ) );
             break;
 
         case GENERATE_KEY:
             /* Generate a key */
-            PSA_ASSERT( psa_generate_key( handle, type, bits,
-                                          NULL, 0 ) );
+            PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
             break;
 
         case DERIVE_KEY:
-            /* Create base key */
-            PSA_ASSERT( psa_allocate_key( &base_key ) );
-            psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE,
-                                      base_policy_alg );
-            PSA_ASSERT( psa_set_key_policy(
-                            base_key, &base_policy_set ) );
-            PSA_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
-                                        data->x, data->len ) );
-            /* Derive a key. */
-            PSA_ASSERT( psa_key_derivation( &generator, base_key,
-                                            base_policy_alg,
-                                            NULL, 0, NULL, 0,
-                                            export_size ) );
-            PSA_ASSERT( psa_generator_import_key(
-                            handle, PSA_KEY_TYPE_RAW_DATA,
-                            bits, &generator ) );
-            break;
+            {
+                /* Create base key */
+                psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
+                psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
+                psa_set_key_usage_flags( &base_attributes,
+                                         PSA_KEY_USAGE_DERIVE );
+                psa_set_key_algorithm( &base_attributes, derive_alg );
+                psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
+                PSA_ASSERT( psa_import_key( &base_attributes,
+                                            data->x, data->len,
+                                            &base_key ) );
+                /* Derive a key. */
+                PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
+                PSA_ASSERT( psa_key_derivation_input_key(
+                                &operation,
+                                PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) );
+                PSA_ASSERT( psa_key_derivation_input_bytes(
+                                &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+                                NULL, 0 ) );
+                PSA_ASSERT( psa_key_derivation_output_key( &attributes,
+                                                           &operation,
+                                                           &handle ) );
+                PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+                PSA_ASSERT( psa_destroy_key( base_key ) );
+                base_key = 0;
+            }
+        break;
     }
+    psa_reset_key_attributes( &attributes );
 
-    /* Export the key */
-    TEST_EQUAL( psa_export_key( handle,
-                                first_export, export_size,
-                                &first_exported_length ),
-                export_status );
+    /* Export the key if permitted by the key policy. */
+    if( usage_flags & PSA_KEY_USAGE_EXPORT )
+    {
+        PSA_ASSERT( psa_export_key( handle,
+                                    first_export, export_size,
+                                    &first_exported_length ) );
+        if( generation_method == IMPORT_KEY )
+            ASSERT_COMPARE( data->x, data->len,
+                            first_export, first_exported_length );
+    }
 
     /* Shutdown and restart */
     mbedtls_psa_crypto_free();
     PSA_ASSERT( psa_crypto_init() );
 
     /* Check key slot still contains key data */
-    PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
-                              &handle ) );
-    PSA_ASSERT( psa_get_key_information(
-                    handle, &type_get, &bits_get ) );
-    TEST_EQUAL( type_get, type );
-    TEST_EQUAL( bits_get, (size_t) bits );
+    PSA_ASSERT( psa_open_key( key_id, &handle ) );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+                PSA_KEY_LIFETIME_PERSISTENT );
+    TEST_EQUAL( psa_get_key_type( &attributes ), type );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
 
-    PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
-    TEST_EQUAL( psa_key_policy_get_usage( &policy_get ), policy_usage );
-    TEST_EQUAL( psa_key_policy_get_algorithm( &policy_get ), policy_alg );
-
-    /* Export the key again */
-    TEST_EQUAL( psa_export_key( handle,
-                                second_export, export_size,
-                                &second_exported_length ),
-                export_status );
-
-    if( export_status == PSA_SUCCESS )
+    /* Export the key again if permitted by the key policy. */
+    if( usage_flags & PSA_KEY_USAGE_EXPORT )
     {
+        PSA_ASSERT( psa_export_key( handle,
+                                    second_export, export_size,
+                                    &second_exported_length ) );
         ASSERT_COMPARE( first_export, first_exported_length,
                         second_export, second_exported_length );
-
-        switch( generation_method )
-        {
-            case IMPORT_KEY:
-                ASSERT_COMPARE( data->x, data->len,
-                                first_export, first_exported_length );
-                break;
-            default:
-                break;
-        }
     }
 
     /* Do something with the key according to its type and permitted usage. */
-    if( ! exercise_key( handle, policy_usage, policy_alg ) )
+    if( ! exercise_key( handle, usage_flags, alg ) )
         goto exit;
 
 exit:
+    psa_reset_key_attributes( &attributes );
     mbedtls_free( first_export );
     mbedtls_free( second_export );
+    psa_key_derivation_abort( &operation );
+    psa_destroy_key( base_key );
+    if( handle == 0 )
+    {
+        /* In case there was a test failure after creating the persistent key
+         * but while it was not open, try to re-open the persistent key
+         * to delete it. */
+        psa_open_key( key_id, &handle );
+    }
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free();
 }
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 727db43..91e210e 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -2,17 +2,38 @@
 #include <stdint.h>
 
 #include "psa/crypto.h"
-#include "psa_prot_internal_storage.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/entropy_poll.h"
 
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+#include <stdio.h>
+#else
+#include <psa/internal_trusted_storage.h>
+#endif
+
 /* Calculating the minimum allowed entropy size in bytes */
 #define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
 
+/* Remove the entropy seed file. Since the library does not expose a way
+ * to do this (it would be a security risk if such a function was ever
+ * accessible in production), implement this functionality in a white-box
+ * manner. */
+psa_status_t remove_seed_file( void )
+{
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+    if( remove( "00000000ffffff52.psa_its" ) == 0 )
+        return( PSA_SUCCESS );
+    else
+        return( PSA_ERROR_DOES_NOT_EXIST );
+#else
+    return( psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ) );
+#endif
+}
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PSA_HAS_ITS_IO:MBEDTLS_PSA_CRYPTO_C
+ * depends_on:MBEDTLS_PSA_INJECT_ENTROPY
  * END_DEPENDENCIES
  */
 
@@ -22,7 +43,6 @@
                                       int seed_length_b,
                                       int expected_status_b )
 {
-    psa_its_status_t its_status;
     psa_status_t status;
     uint8_t output[32] = { 0 };
     uint8_t zeros[32] = { 0 };
@@ -43,9 +63,9 @@
     {
         seed[i] = i;
     }
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
-                 ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
+    status =  remove_seed_file( );
+    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
+                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
     status = mbedtls_psa_inject_entropy( seed, seed_length_a );
     TEST_EQUAL( status, expected_status_a );
     status = mbedtls_psa_inject_entropy( seed, seed_length_b );
@@ -56,7 +76,7 @@
     TEST_ASSERT( memcmp( output, zeros, sizeof( output ) ) != 0 );
 exit:
     mbedtls_free( seed );
-    psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    remove_seed_file( );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
@@ -64,22 +84,21 @@
 /* BEGIN_CASE */
 void run_entropy_inject_with_crypto_init( )
 {
-    psa_its_status_t its_status;
     psa_status_t status;
-    int i;
+    size_t i;
     uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
     /* fill seed with some data */
     for( i = 0; i < sizeof( seed ); ++i )
     {
         seed[i] = i;
     }
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
-                 ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
+    status =  remove_seed_file( );
+    TEST_ASSERT( ( status == PSA_SUCCESS ) ||
+                 ( status == PSA_ERROR_DOES_NOT_EXIST ) );
     status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
     PSA_ASSERT( status );
-    its_status =  psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
-    TEST_EQUAL( its_status, PSA_ITS_SUCCESS );
+    status =  remove_seed_file( );
+    TEST_EQUAL( status, PSA_SUCCESS );
     status = psa_crypto_init( );
     TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_ENTROPY );
     status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
@@ -91,7 +110,7 @@
     status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
     TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
 exit:
-    psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID );
+    remove_seed_file( );
     mbedtls_psa_crypto_free( );
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index c8f6e1b..f10a4b2 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -182,15 +182,20 @@
 {
     psa_status_t status;
     uint8_t data[10] = { 0 };
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_handle_t handle = 0xdead;
     int i;
+
     for( i = 0; i < count; i++ )
     {
         status = psa_crypto_init( );
         PSA_ASSERT( status );
         mbedtls_psa_crypto_free( );
     }
-    status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+    status = psa_import_key( &attributes, data, sizeof( data ), &handle );
     TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
+    TEST_EQUAL( handle, 0 );
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index edb09a8..b011ad5 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -166,6 +166,10 @@
 depends_on:MBEDTLS_ARC4_C
 cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER
 
+Cipher: ChaCha20
+depends_on:MBEDTLS_CHACHA_C
+cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER
+
 Cipher: CTR
 depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CTR
 cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER
@@ -192,11 +196,15 @@
 
 AEAD: CCM
 depends_on:MBEDTLS_CCM_C
-aead_algorithm:PSA_ALG_CCM:0:16
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
 
 AEAD: GCM
 depends_on:MBEDTLS_GCM_C
-aead_algorithm:PSA_ALG_GCM:0:16
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
+
+AEAD: ChaCha20_Poly1305
+depends_on:MBEDTLS_CHACHAPOLY_C
+aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16
 
 Asymmetric signature: RSA PKCS#1 v1.5 raw
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -307,13 +315,17 @@
 depends_on:MBEDTLS_ARC4_C
 key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED
 
+Key type: ChaCha20
+depends_on:MBEDTLS_CHACHA20_C
+key_type:PSA_KEY_TYPE_CHACHA20:KEY_TYPE_IS_UNSTRUCTURED
+
 Key type: RSA public key
 depends_on:MBEDTLS_RSA_C
 key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA
 
 Key type: RSA key pair
 depends_on:MBEDTLS_RSA_C
-key_type:PSA_KEY_TYPE_RSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_RSA
+key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA
 
 Key type: DSA public key
 depends_on:MBEDTLS_DSA_C
@@ -321,7 +333,7 @@
 
 Key type: DSA key pair
 depends_on:MBEDTLS_DSA_C
-key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA
+key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA
 
 ECC key types: sect163k1
 depends_on:MBEDTLS_ECP_DP_SECT163K1_ENABLED
@@ -442,3 +454,19 @@
 ECC key types: Curve448
 depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
 ecc_key_types:PSA_ECC_CURVE_CURVE448:448
+
+DH group types: FFDHE2048
+dh_key_types:PSA_DH_GROUP_FFDHE2048:2048
+
+DH group types: FFDHE3072
+dh_key_types:PSA_DH_GROUP_FFDHE3072:2048
+
+DH group types: FFDHE4096
+dh_key_types:PSA_DH_GROUP_FFDHE4096:2048
+
+DH group types: FFDHE6144
+dh_key_types:PSA_DH_GROUP_FFDHE6144:2048
+
+DH group types: FFDHE8192
+dh_key_types:PSA_DH_GROUP_FFDHE8192:2048
+
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 1bc8d64..a9f1b39 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -36,6 +36,7 @@
 #define ALG_IS_ECDH                     ( 1u << 18 )
 #define ALG_IS_WILDCARD                 ( 1u << 19 )
 #define ALG_IS_RAW_KEY_AGREEMENT        ( 1u << 20 )
+#define ALG_IS_AEAD_ON_BLOCK_CIPHER     ( 1u << 21 )
 
 /* Flags for key type classification macros. There is a flag for every
  * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@@ -44,10 +45,11 @@
 #define KEY_TYPE_IS_VENDOR_DEFINED      ( 1u << 0 )
 #define KEY_TYPE_IS_UNSTRUCTURED        ( 1u << 1 )
 #define KEY_TYPE_IS_PUBLIC_KEY          ( 1u << 2 )
-#define KEY_TYPE_IS_KEYPAIR             ( 1u << 3 )
+#define KEY_TYPE_IS_KEY_PAIR             ( 1u << 3 )
 #define KEY_TYPE_IS_RSA                 ( 1u << 4 )
 #define KEY_TYPE_IS_DSA                 ( 1u << 5 )
 #define KEY_TYPE_IS_ECC                 ( 1u << 6 )
+#define KEY_TYPE_IS_DH                  ( 1u << 7 )
 
 #define TEST_CLASSIFICATION_MACRO( flag, alg, flags )           \
     TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) )
@@ -77,6 +79,7 @@
     TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags );
     TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
+    TEST_CLASSIFICATION_MACRO( ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
 exit: ;
 }
 
@@ -86,20 +89,27 @@
     TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
     TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags );
     TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags );
-    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags );
+    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEY_PAIR, type, flags );
     TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags );
     TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags );
+    TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_DH, type, flags );
 
     /* Macros with derived semantics */
     TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
                 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ||
-                  PSA_KEY_TYPE_IS_KEYPAIR( type ) ) );
-    TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ),
+                  PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
+    TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ),
                 ( PSA_KEY_TYPE_IS_ECC( type ) &&
-                  PSA_KEY_TYPE_IS_KEYPAIR( type ) ) );
+                  PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
     TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ),
                 ( PSA_KEY_TYPE_IS_ECC( type ) &&
                   PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
+    TEST_EQUAL( PSA_KEY_TYPE_IS_DH_KEY_PAIR( type ),
+                ( PSA_KEY_TYPE_IS_DH( type ) &&
+                  PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
+    TEST_EQUAL( PSA_KEY_TYPE_IS_DH_PUBLIC_KEY( type ),
+                ( PSA_KEY_TYPE_IS_DH( type ) &&
+                  PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
 
 exit: ;
 }
@@ -416,23 +426,23 @@
     /* For asymmetric types, check the corresponding pair/public type */
     if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY )
     {
-        psa_key_type_t pair_type = PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type );
-        TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( pair_type ), type );
+        psa_key_type_t pair_type = PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type );
+        TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( pair_type ), type );
         key_type_classification( pair_type,
                                  ( classification_flags
                                    & ~KEY_TYPE_IS_PUBLIC_KEY )
-                                 | KEY_TYPE_IS_KEYPAIR );
-        TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ), type );
+                                 | KEY_TYPE_IS_KEY_PAIR );
+        TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ), type );
     }
-    if( classification_flags & KEY_TYPE_IS_KEYPAIR )
+    if( classification_flags & KEY_TYPE_IS_KEY_PAIR )
     {
-        psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
-        TEST_EQUAL( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( public_type ), type );
+        psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
+        TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( public_type ), type );
         key_type_classification( public_type,
                                  ( classification_flags
-                                   & ~KEY_TYPE_IS_KEYPAIR )
+                                   & ~KEY_TYPE_IS_KEY_PAIR )
                                  | KEY_TYPE_IS_PUBLIC_KEY );
-        TEST_EQUAL( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ), type );
+        TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type ), type );
     }
 }
 /* END_CASE */
@@ -443,17 +453,34 @@
     psa_ecc_curve_t curve = curve_arg;
     size_t curve_bits = curve_bits_arg;
     psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
-    psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEYPAIR( curve );
+    psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve );
 
     test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY );
-    test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEYPAIR );
+    test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR );
 
     TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( public_type ), curve );
     TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( pair_type ), curve );
 
-    /* Validate that the bit size is less than the maximum ECC bit size
-     * in this implementation. There's no parameter that should be equal
-     * to curve_bits and can be validated without creating a key. */
+    TEST_EQUAL( curve_bits, PSA_ECC_CURVE_BITS( curve ) );
     TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
+void dh_key_types( int group_arg, int group_bits_arg )
+{
+    psa_dh_group_t group = group_arg;
+    size_t group_bits = group_bits_arg;
+    psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group );
+    psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group );
+
+    test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY );
+    test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR );
+
+    TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( public_type ), group );
+    TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( pair_type ), group );
+
+    /* We have nothing to validate about the group size yet. */
+    (void) group_bits;
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data
index 613968d..0e5f745 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.data
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.data
@@ -1,24 +1,24 @@
 PSA Storage format data for storage
-format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION
+format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION
 
 PSA Storage parse stored data
-parse_storage_data_check:"505341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_SUCCESS
+parse_storage_data_check:"505341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_SUCCESS
 
 PSA Storage parse stored data wrong version, should fail
-parse_storage_data_check:"505341004b455900ffffffff000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"505341004b455900ffffffff000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
 
 PSA Storage parse too big data, should fail
-parse_storage_data_check:"505341004b45590000000000000001700100000000000012ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"505341004b45590000000000000001700100000000000012ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
 
 PSA Storage parse bad magic, should fail
-parse_storage_data_check:"645341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"645341004b45590000000000000001700100000000000012620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
 
 PSA Storage parse not enough magic, should fail
-parse_storage_data_check:"505341004b4559":"":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
+parse_storage_data_check:"505341004b4559":"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ERROR_STORAGE_FAILURE
 
 # Not specific to files, but only run this test in an environment where the maximum size could be reached.
 Save maximum size persistent raw key
-depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+depends_on:MBEDTLS_PSA_ITS_FILE_C
 save_large_persistent_key:0:PSA_SUCCESS
 
 Save larger than maximum size persistent raw key, should fail
@@ -26,45 +26,78 @@
 
 Persistent key destroy
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
+persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
 
-Persistent key destroy missing key
+Persistent key destroy after restart
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
+persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
 
-Persistent key import
+Persistent key import (RSA)
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_SUCCESS
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS
+
+Persistent key import with restart (RSA)
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS
 
 Persistent key import garbage data, should fail
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"11111111":PSA_ERROR_INVALID_ARGUMENT
+persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
 
 import/export persistent raw key: 0 byte
-import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0
+import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0:0
 
 import/export persistent raw key: 1 byte
-import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0
 
 import/export persistent key RSA public key: good, 1024-bit
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:0
 
 import/export persistent key RSA keypair: good, 1024-bit
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:0
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:0
 
 import/export persistent raw key file not exist: 1 byte
-import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:1
 
 import/export persistent key RSA public key file not exist: 1024-bit
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:1
 
 import/export persistent key RSA keypair file not exist: 1024-bit
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:1
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:1
 
 PSA import/export-persistent symmetric key: 16 bytes
 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
-import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0
+import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0
+
+import/export persistent raw key with restart: 0 byte
+import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:1:0
+
+import/export persistent raw key with restart: 1 byte
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0
+
+import/export persistent key RSA public key with restart: good, 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:0
+
+import/export persistent key RSA keypair with restart: good, 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:0
+
+import/export persistent raw key file not exist with restart: 1 byte
+import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:1
+
+import/export persistent key RSA public key file not exist with restart: 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:1
+
+import/export persistent key RSA keypair file not exist with restart: 1024-bit
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:1
+
+PSA import/export-persistent symmetric key: 16 bytes
+depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index e19ef2b..636f260 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -2,7 +2,6 @@
 #include <stdint.h>
 #include "psa/crypto.h"
 #include "psa_crypto_storage.h"
-#include "psa_crypto_storage_backend.h"
 #include "mbedtls/md.h"
 
 #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
@@ -88,6 +87,7 @@
     psa_key_handle_t handle = 0;
     uint8_t *data = NULL;
     size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     if( data_too_large )
         data_length += 1;
@@ -96,11 +96,10 @@
 
     PSA_ASSERT( psa_crypto_init() );
 
-    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
-                                &handle ) );
+    psa_set_key_id( &attributes, key_id );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
 
-    TEST_EQUAL( psa_import_key( handle, PSA_KEY_TYPE_RAW_DATA,
-                                data, data_length ),
+    TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ),
                 expected_status );
 
 exit:
@@ -111,7 +110,7 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void persistent_key_destroy( int key_id_arg, int should_store,
+void persistent_key_destroy( int key_id_arg, int restart,
                              int first_type_arg, data_t *first_data,
                              int second_type_arg, data_t *second_data )
 {
@@ -119,26 +118,31 @@
     psa_key_handle_t handle = 0;
     psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
     psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init() );
 
-    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+    psa_set_key_id( &attributes, key_id );
+    psa_set_key_type( &attributes, first_type );
+
+    PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len,
                                 &handle ) );
 
-    if( should_store == 1 )
+    if( restart )
     {
-        PSA_ASSERT( psa_import_key(
-                        handle, first_type,
-                        first_data->x, first_data->len ) );
+        psa_close_key( handle );
+        mbedtls_psa_crypto_free();
+        PSA_ASSERT( psa_crypto_init() );
+        PSA_ASSERT( psa_open_key( key_id, &handle ) );
     }
+    TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
 
     /* Destroy the key */
     PSA_ASSERT( psa_destroy_key( handle ) );
 
     /* Check key slot storage is removed */
     TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
-    TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
-                PSA_ERROR_EMPTY_SLOT );
+    TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
     TEST_EQUAL( handle, 0 );
 
     /* Shutdown and restart */
@@ -146,11 +150,10 @@
     PSA_ASSERT( psa_crypto_init() );
 
     /* Create another key in the same slot */
-    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
+    psa_set_key_id( &attributes, key_id );
+    psa_set_key_type( &attributes, second_type );
+    PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len,
                                 &handle ) );
-    PSA_ASSERT( psa_import_key(
-                    handle, second_type,
-                    second_data->x, second_data->len ) );
 
 exit:
     mbedtls_psa_crypto_free();
@@ -160,18 +163,18 @@
 
 /* BEGIN_CASE */
 void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
-                            int expected_status )
+                            int restart, int expected_status )
 {
-    psa_key_lifetime_t lifetime;
     psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
     psa_key_type_t type = (psa_key_type_t) type_arg;
     psa_key_handle_t handle = 0;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init() );
 
-    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
-                                &handle ) );
-    TEST_EQUAL( psa_import_key( handle, type, data->x, data->len ),
+    psa_set_key_id( &attributes, key_id );
+    psa_set_key_type( &attributes, type );
+    TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ),
                 expected_status );
 
     if( expected_status != PSA_SUCCESS )
@@ -180,10 +183,25 @@
         goto exit;
     }
 
-    PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime ) );
-    TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT );
+    if( restart )
+    {
+        psa_close_key( handle );
+        mbedtls_psa_crypto_free();
+        PSA_ASSERT( psa_crypto_init() );
+        PSA_ASSERT( psa_open_key( key_id, &handle ) );
+    }
+
+    psa_reset_key_attributes( &attributes );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+                PSA_KEY_LIFETIME_PERSISTENT );
+    TEST_EQUAL( psa_get_key_type( &attributes ), type );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     psa_destroy_persistent_key( key_id );
     mbedtls_psa_crypto_free();
 }
@@ -191,7 +209,8 @@
 
 /* BEGIN_CASE */
 void import_export_persistent_key( data_t *data, int type_arg,
-                                   int expected_bits, int key_not_exist )
+                                   int expected_bits,
+                                   int restart, int key_not_exist )
 {
     psa_key_id_t key_id = 42;
     psa_key_type_t type = (psa_key_type_t) type_arg;
@@ -199,34 +218,38 @@
     unsigned char *exported = NULL;
     size_t export_size = data->len;
     size_t exported_length;
-    psa_key_type_t got_type;
-    size_t got_bits;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_key_lifetime_t lifetime_get;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     ASSERT_ALLOC( exported, export_size );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
-                                &handle ) );
-
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
-                              PSA_ALG_VENDOR_FLAG );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+    psa_set_key_id( &attributes, key_id );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
 
     /* Import the key */
-    PSA_ASSERT( psa_import_key( handle, type,
-                                data->x, data->len ) );
+    PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
 
-    PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime_get ) );
-    TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );
+
+    if( restart )
+    {
+        psa_close_key( handle );
+        mbedtls_psa_crypto_free();
+        PSA_ASSERT( psa_crypto_init() );
+        PSA_ASSERT( psa_open_key( key_id, &handle ) );
+    }
 
     /* Test the key information */
-    PSA_ASSERT( psa_get_key_information(
-                    handle, &got_type, &got_bits ) );
-    TEST_EQUAL( got_type, type );
-    TEST_EQUAL( got_bits, (size_t) expected_bits );
+    psa_reset_key_attributes( &attributes );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+                PSA_KEY_LIFETIME_PERSISTENT );
+    TEST_EQUAL( psa_get_key_type( &attributes ), type );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
 
     TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
 
@@ -245,6 +268,7 @@
     TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
 
 exit:
+    psa_reset_key_attributes( &attributes );
     mbedtls_free( exported );
     mbedtls_psa_crypto_free( );
     psa_destroy_persistent_key( key_id );
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 7295758..862919a 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -7,14 +7,23 @@
 Transient slot, check after restart
 transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
 
-Persistent slot, check after closing
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
+Persistent slot, check after closing, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
 
-Persistent slot, check after destroying
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+Persistent slot, check after destroying, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
 
-Persistent slot, check after restart
-persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
+Persistent slot, check after restart, id=min
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
+
+Persistent slot, check after closing, id=max
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
+
+Persistent slot, check after destroying, id=max
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
+
+Persistent slot, check after restart, id=max
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
 
 Attempt to overwrite: close before
 create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE
@@ -27,24 +36,23 @@
 
 Open failure: invalid identifier (0)
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_ARGUMENT
+open_fail:0:PSA_ERROR_INVALID_ARGUMENT
 
 Open failure: invalid identifier (random seed UID)
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
+open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
+
+Open failure: invalid identifier (reserved range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT
+
+Open failure: invalid identifier (implementation range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+open_fail:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_DOES_NOT_EXIST
 
 Open failure: non-existent identifier
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_EMPTY_SLOT
-
-Open failure: volatile lifetime
-open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
-
-Open failure: invalid lifetime
-open_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
-
-Create failure: volatile lifetime
-create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
+open_fail:1:PSA_ERROR_DOES_NOT_EXIST
 
 Create failure: invalid lifetime
 create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
@@ -57,25 +65,48 @@
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
 create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
 
+Create failure: invalid key id (reserved range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: invalid key id (implementation range)
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_ARGUMENT
+
 Open not supported
 depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
+open_fail:1:PSA_ERROR_NOT_SUPPORTED
 
 Create not supported
 depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
 create_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
 
 Copy volatile to volatile
-copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:-1:-1:PSA_KEY_USAGE_EXPORT:0
+copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
 
 Copy volatile to persistent
-copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:-1:-1:PSA_KEY_USAGE_EXPORT:0
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
 
 Copy persistent to volatile
-copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:-1:-1:PSA_KEY_USAGE_EXPORT:0
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
 
 Copy persistent to persistent
-copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:-1:-1:PSA_KEY_USAGE_EXPORT:0
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
+
+Copy volatile to occupied
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
+
+Copy persistent to occupied
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
+
+Copy persistent to same
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
 
 Close/destroy invalid handle
 invalid_handle:
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 8a6ef07..5e594c2 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -23,40 +23,49 @@
 } reopen_policy_t;
 
 /* All test functions that create persistent keys must call
- * `TEST_MAX_KEY_ID( key_id )` before creating a persistent key with this
+ * `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this
  * identifier, and must call psa_purge_key_storage() in their cleanup
  * code. */
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-/* There is no API to purge all keys. For this test suite, require that
- * all key IDs be less than a certain maximum, or a well-known value
- * which corresponds to a file that does not contain a key. */
-#define MAX_KEY_ID_FOR_TEST 32
-#define KEY_ID_IS_WELL_KNOWN( key_id )                  \
-    ( ( key_id ) == PSA_CRYPTO_ITS_RANDOM_SEED_UID )
-#define TEST_MAX_KEY_ID( key_id )                       \
-    TEST_ASSERT( ( key_id ) <= MAX_KEY_ID_FOR_TEST ||   \
-                 KEY_ID_IS_WELL_KNOWN( key_id ) )
-void psa_purge_key_storage( void )
+static psa_key_id_t key_ids_used_in_test[9];
+static size_t num_key_ids_used;
+
+/* Record a key id as potentially used in a test case. */
+static int test_uses_key_id( psa_key_id_t key_id )
 {
-    psa_key_id_t i;
-    /* The tests may have potentially created key ids from 1 to
-     * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
-     * 0, which file-based storage uses as a temporary file. */
-    for( i = 0; i <= MAX_KEY_ID_FOR_TEST; i++ )
-        psa_destroy_persistent_key( i );
+    size_t i;
+    if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
+    {
+        /* Don't touch key id values that designate non-key files. */
+        return( 1 );
+    }
+    for( i = 0; i < num_key_ids_used ; i++ )
+    {
+        if( key_id == key_ids_used_in_test[i] )
+            return( 1 );
+    }
+    if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) )
+        return( 0 );
+    key_ids_used_in_test[num_key_ids_used] = key_id;
+    ++num_key_ids_used;
+    return( 1 );
+}
+#define TEST_USES_KEY_ID( key_id )                       \
+    TEST_ASSERT( test_uses_key_id( key_id ) )
+
+/* Destroy all key ids that may have been created by the current test case. */
+static void psa_purge_key_storage( void )
+{
+    size_t i;
+    for( i = 0; i < num_key_ids_used; i++ )
+        psa_destroy_persistent_key( key_ids_used_in_test[i] );
+    num_key_ids_used = 0;
 }
 #else
-#define TEST_MAX_KEY_ID( key_id ) ( (void) ( key_id ) )
+#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) )
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
 
-static int psa_key_policy_equal( psa_key_policy_t *p1,
-                                 psa_key_policy_t *p2 )
-{
-    return( psa_key_policy_get_usage( p1 ) == psa_key_policy_get_usage( p2 ) &&
-            psa_key_policy_get_algorithm( p1 ) == psa_key_policy_get_algorithm( p2 ) );
-}
-
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -73,20 +82,20 @@
     psa_key_usage_t usage_flags = usage_arg;
     psa_key_type_t type = type_arg;
     close_method_t close_method = close_method_arg;
-    psa_key_type_t read_type;
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    /* Get a handle and import a key. */
-    PSA_ASSERT( psa_allocate_key( &handle ) );
+    /* Import a key. */
+    psa_set_key_usage_flags( &attributes, usage_flags );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, type );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
     TEST_ASSERT( handle != 0 );
-    psa_key_policy_set_usage( &policy, usage_flags, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-    PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
-    PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
-    TEST_EQUAL( read_type, type );
+    PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+    TEST_EQUAL( psa_get_key_type( &attributes ), type );
 
     /* Do something that invalidates the handle. */
     switch( close_method )
@@ -102,8 +111,9 @@
             PSA_ASSERT( psa_crypto_init( ) );
             break;
     }
+
     /* Test that the handle is now invalid. */
-    TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ),
+    TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
                 PSA_ERROR_INVALID_HANDLE );
     TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
 
@@ -126,24 +136,27 @@
     close_method_t close_method = close_method_arg;
     psa_key_type_t read_type;
     psa_key_handle_t handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-    TEST_MAX_KEY_ID( id );
+    TEST_USES_KEY_ID( id );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
     /* Get a handle and import a key. */
-    PSA_ASSERT( psa_create_key( lifetime, id, &handle ) );
+    psa_set_key_id( &attributes, id );
+    psa_set_key_lifetime( &attributes, lifetime );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_usage_flags( &attributes, usage_flags );
+    psa_set_key_algorithm( &attributes, alg );
+    PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+                                &handle ) );
     TEST_ASSERT( handle != 0 );
-    psa_key_policy_set_usage( &policy, usage_flags, alg );
-    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
-    PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
     PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
     TEST_EQUAL( read_type, type );
 
     /* Close the key and reopen it. */
     PSA_ASSERT( psa_close_key( handle ) );
-    PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
+    PSA_ASSERT( psa_open_key( id, &handle ) );
     PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
     TEST_EQUAL( read_type, type );
 
@@ -172,13 +185,13 @@
     {
         case CLOSE_BY_CLOSE:
         case CLOSE_BY_SHUTDOWN:
-            PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
+            PSA_ASSERT( psa_open_key( id, &handle ) );
             PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
             TEST_EQUAL( read_type, type );
             break;
         case CLOSE_BY_DESTROY:
-            TEST_EQUAL( psa_open_key( lifetime, id, &handle ),
-                        PSA_ERROR_EMPTY_SLOT );
+            TEST_EQUAL( psa_open_key( id, &handle ),
+                        PSA_ERROR_DOES_NOT_EXIST );
             break;
     }
 
@@ -195,48 +208,53 @@
     psa_key_lifetime_t lifetime = lifetime_arg;
     psa_key_id_t id = id_arg;
     psa_key_handle_t handle1 = 0, handle2 = 0;
-    psa_key_policy_t policy1 = PSA_KEY_POLICY_INIT;
-    psa_key_policy_t read_policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
-    psa_key_type_t read_type;
-    const uint8_t material1[16] = "test material #1";
+    const uint8_t material1[5] = "a key";
+    const uint8_t material2[5] = "b key";
     size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
-    size_t read_bits;
     uint8_t reexported[sizeof( material1 )];
     size_t reexported_length;
     reopen_policy_t reopen_policy = reopen_policy_arg;
 
-    TEST_MAX_KEY_ID( id );
+    TEST_USES_KEY_ID( id );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
     /* Create a key. */
-    PSA_ASSERT( psa_create_key( lifetime, id, &handle1 ) );
+    psa_set_key_id( &attributes, id );
+    psa_set_key_lifetime( &attributes, lifetime );
+    psa_set_key_type( &attributes, type1 );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &attributes, 0 );
+    PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ),
+                                &handle1 ) );
     TEST_ASSERT( handle1 != 0 );
-    psa_key_policy_set_usage( &policy1, PSA_KEY_USAGE_EXPORT, 0 );
-    PSA_ASSERT( psa_set_key_policy( handle1, &policy1 ) );
-    PSA_ASSERT( psa_import_key( handle1, type1,
-                                material1, sizeof( material1 ) ) );
 
     if( reopen_policy == CLOSE_BEFORE )
         PSA_ASSERT( psa_close_key( handle1 ) );
 
     /* Attempt to create a new key in the same slot. */
-    TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ),
-                PSA_ERROR_OCCUPIED_SLOT );
+    TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ),
+                                &handle2 ),
+                PSA_ERROR_ALREADY_EXISTS );
     TEST_EQUAL( handle2, 0 );
 
     if( reopen_policy == CLOSE_AFTER )
         PSA_ASSERT( psa_close_key( handle1 ) );
     if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER )
-        PSA_ASSERT( psa_open_key( lifetime, id, &handle1 ) );
+        PSA_ASSERT( psa_open_key( id, &handle1 ) );
 
     /* Check that the original key hasn't changed. */
-    PSA_ASSERT( psa_get_key_policy( handle1, &read_policy ) );
-    TEST_ASSERT( psa_key_policy_equal( &read_policy, &policy1 ) );
-    PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
-    TEST_EQUAL( read_type, type1 );
-    TEST_EQUAL( read_bits, bits1 );
+    psa_reset_key_attributes( &attributes );
+    PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
+    TEST_EQUAL( psa_get_key_id( &attributes ), id );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+    TEST_EQUAL( psa_get_key_type( &attributes ), type1 );
+    TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+
     PSA_ASSERT( psa_export_key( handle1,
                                 reexported, sizeof( reexported ),
                                 &reexported_length ) );
@@ -250,17 +268,16 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
-void open_fail( int lifetime_arg, int id_arg,
+void open_fail( int id_arg,
                 int expected_status_arg )
 {
-    psa_key_lifetime_t lifetime = lifetime_arg;
     psa_key_id_t id = id_arg;
     psa_status_t expected_status = expected_status_arg;
     psa_key_handle_t handle = 0xdead;
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    TEST_EQUAL( psa_open_key( lifetime, id, &handle ), expected_status );
+    TEST_EQUAL( psa_open_key( id, &handle ), expected_status );
     TEST_EQUAL( handle, 0 );
 
 exit:
@@ -274,14 +291,20 @@
 {
     psa_key_lifetime_t lifetime = lifetime_arg;
     psa_key_id_t id = id_arg;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t expected_status = expected_status_arg;
     psa_key_handle_t handle = 0xdead;
+    uint8_t material[1] = {'k'};
 
-    TEST_MAX_KEY_ID( id );
+    TEST_USES_KEY_ID( id );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
-    TEST_EQUAL( psa_create_key( lifetime, id, &handle ),
+    psa_set_key_id( &attributes, id );
+    psa_set_key_lifetime( &attributes, lifetime );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+    TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ),
+                                &handle ),
                 expected_status );
     TEST_EQUAL( handle, 0 );
 
@@ -299,7 +322,6 @@
                             int type_arg, data_t *material,
                             int target_lifetime_arg, int target_id_arg,
                             int target_usage_arg, int target_alg_arg,
-                            int constraint_usage_arg, int constraint_alg_arg,
                             int expected_usage_arg, int expected_alg_arg )
 {
     psa_key_lifetime_t source_lifetime = source_lifetime_arg;
@@ -307,60 +329,50 @@
     psa_key_usage_t source_usage = source_usage_arg;
     psa_algorithm_t source_alg = source_alg_arg;
     psa_key_handle_t source_handle = 0;
-    psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t source_type = type_arg;
-    size_t source_bits;
     psa_key_lifetime_t target_lifetime = target_lifetime_arg;
     psa_key_id_t target_id = target_id_arg;
     psa_key_usage_t target_usage = target_usage_arg;
     psa_algorithm_t target_alg = target_alg_arg;
     psa_key_handle_t target_handle = 0;
-    psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
-    psa_key_type_t target_type;
-    size_t target_bits;
-    psa_key_usage_t constraint_usage = constraint_usage_arg;
-    psa_algorithm_t constraint_alg = constraint_alg_arg;
-    psa_key_policy_t constraint = PSA_KEY_POLICY_INIT;
-    psa_key_policy_t *p_constraint = NULL;
+    psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_usage_t expected_usage = expected_usage_arg;
     psa_algorithm_t expected_alg = expected_alg_arg;
     uint8_t *export_buffer = NULL;
 
-    if( constraint_usage_arg != -1 )
-    {
-        p_constraint = &constraint;
-        psa_key_policy_set_usage( p_constraint,
-                                  constraint_usage, constraint_alg );
-    }
-    TEST_MAX_KEY_ID( source_id );
-    TEST_MAX_KEY_ID( target_id );
+    TEST_USES_KEY_ID( source_id );
+    TEST_USES_KEY_ID( target_id );
 
     PSA_ASSERT( psa_crypto_init( ) );
 
     /* Populate the source slot. */
-    if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
-        PSA_ASSERT( psa_allocate_key( &source_handle ) );
-    else
-        PSA_ASSERT( psa_create_key( source_lifetime, source_id,
-                                    &source_handle ) );
-    psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
-    PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
-    PSA_ASSERT( psa_import_key( source_handle, source_type,
-                                material->x, material->len ) );
-    PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
+    if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    {
+        psa_set_key_id( &source_attributes, source_id );
+        psa_set_key_lifetime( &source_attributes, source_lifetime );
+    }
+    psa_set_key_type( &source_attributes, source_type );
+    psa_set_key_usage_flags( &source_attributes, source_usage );
+    psa_set_key_algorithm( &source_attributes, source_alg );
+    PSA_ASSERT( psa_import_key( &source_attributes,
+                                material->x, material->len,
+                                &source_handle ) );
+    /* Update the attributes with the bit size. */
+    PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
 
     /* Prepare the target slot. */
-    if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
-        PSA_ASSERT( psa_allocate_key( &target_handle ) );
-    else
-        PSA_ASSERT( psa_create_key( target_lifetime, target_id,
-                                    &target_handle ) );
-    psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
-    PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
-    target_policy = psa_key_policy_init();
+    if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    {
+        psa_set_key_id( &target_attributes, target_id );
+        psa_set_key_lifetime( &target_attributes, target_lifetime );
+    }
+    psa_set_key_usage_flags( &target_attributes, target_usage );
+    psa_set_key_algorithm( &target_attributes, target_alg );
 
     /* Copy the key. */
-    PSA_ASSERT( psa_copy_key( source_handle, target_handle, p_constraint ) );
+    PSA_ASSERT( psa_copy_key( source_handle,
+                              &target_attributes, &target_handle ) );
 
     /* Destroy the source to ensure that this doesn't affect the target. */
     PSA_ASSERT( psa_destroy_key( source_handle ) );
@@ -371,18 +383,19 @@
     {
         mbedtls_psa_crypto_free( );
         PSA_ASSERT( psa_crypto_init( ) );
-        PSA_ASSERT( psa_open_key( target_lifetime, target_id,
-                                  &target_handle ) );
+        PSA_ASSERT( psa_open_key( target_id, &target_handle ) );
     }
 
     /* Test that the target slot has the expected content. */
-    PSA_ASSERT( psa_get_key_information( target_handle,
-                                         &target_type, &target_bits ) );
-    TEST_ASSERT( source_type == target_type );
-    TEST_ASSERT( source_bits == target_bits );
-    PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
-    TEST_ASSERT( expected_usage == psa_key_policy_get_usage( &target_policy ) );
-    TEST_ASSERT( expected_alg == psa_key_policy_get_algorithm( &target_policy ) );
+    psa_reset_key_attributes( &target_attributes );
+    PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
+    TEST_EQUAL( target_id, psa_get_key_id( &target_attributes ) );
+    TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
+    TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) );
+    TEST_EQUAL( psa_get_key_bits( &source_attributes ),
+                psa_get_key_bits( &target_attributes ) );
+    TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
+    TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
     if( expected_usage & PSA_KEY_USAGE_EXPORT )
     {
         size_t length;
@@ -392,6 +405,117 @@
         ASSERT_COMPARE( material->x, material->len,
                         export_buffer, length );
     }
+    else
+    {
+        size_t length;
+        /* Check that the key is actually non-exportable. */
+        TEST_EQUAL( psa_export_key( target_handle, export_buffer,
+                                    material->len, &length ),
+                    PSA_ERROR_NOT_PERMITTED );
+    }
+
+exit:
+    mbedtls_psa_crypto_free( );
+    mbedtls_free( export_buffer );
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+    psa_purge_key_storage( );
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
+                       int source_usage_arg, int source_alg_arg,
+                       int source_type_arg, data_t *source_material,
+                       int target_lifetime_arg, int target_id_arg,
+                       int target_usage_arg, int target_alg_arg,
+                       int target_type_arg, data_t *target_material )
+{
+    psa_key_lifetime_t source_lifetime = source_lifetime_arg;
+    psa_key_id_t source_id = source_id_arg;
+    psa_key_usage_t source_usage = source_usage_arg;
+    psa_algorithm_t source_alg = source_alg_arg;
+    psa_key_handle_t source_handle = 0;
+    psa_key_type_t source_type = source_type_arg;
+    psa_key_lifetime_t target_lifetime = target_lifetime_arg;
+    psa_key_id_t target_id = target_id_arg;
+    psa_key_usage_t target_usage = target_usage_arg;
+    psa_algorithm_t target_alg = target_alg_arg;
+    psa_key_handle_t target_handle = 0;
+    psa_key_type_t target_type = target_type_arg;
+    psa_key_handle_t new_handle = 0xdead;
+    uint8_t *export_buffer = NULL;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT;
+
+    TEST_USES_KEY_ID( source_id );
+    TEST_USES_KEY_ID( target_id );
+
+    PSA_ASSERT( psa_crypto_init( ) );
+
+    /* Populate the source slot. */
+    if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    {
+        psa_set_key_id( &attributes, source_id );
+        psa_set_key_lifetime( &attributes, source_lifetime );
+    }
+    psa_set_key_type( &attributes, source_type );
+    psa_set_key_usage_flags( &attributes, source_usage );
+    psa_set_key_algorithm( &attributes, source_alg );
+    PSA_ASSERT( psa_import_key( &attributes,
+                                source_material->x, source_material->len,
+                                &source_handle ) );
+
+    /* Populate the target slot. */
+    if( target_id == source_id )
+    {
+        target_handle = source_handle;
+    }
+    else
+    {
+        psa_set_key_id( &attributes1, target_id );
+        psa_set_key_lifetime( &attributes1, target_lifetime );
+        psa_set_key_type( &attributes1, target_type );
+        psa_set_key_usage_flags( &attributes1, target_usage );
+        psa_set_key_algorithm( &attributes1, target_alg );
+        PSA_ASSERT( psa_import_key( &attributes1,
+                                    target_material->x, target_material->len,
+                                    &target_handle ) );
+    }
+    PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
+
+    /* Make a copy attempt. */
+    psa_set_key_id( &attributes, target_id );
+    psa_set_key_lifetime( &attributes, target_lifetime );
+    TEST_EQUAL( psa_copy_key( source_handle,
+                              &attributes, &new_handle ),
+                PSA_ERROR_ALREADY_EXISTS );
+    TEST_EQUAL( new_handle , 0 );
+
+    /* Test that the target slot is unaffected. */
+    PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
+    TEST_EQUAL( psa_get_key_id( &attributes1 ),
+                psa_get_key_id( &attributes2 ) );
+    TEST_EQUAL( psa_get_key_lifetime( &attributes1 ),
+                psa_get_key_lifetime( &attributes2 ) );
+    TEST_EQUAL( psa_get_key_type( &attributes1 ),
+                psa_get_key_type( &attributes2 ) );
+    TEST_EQUAL( psa_get_key_bits( &attributes1 ),
+                psa_get_key_bits( &attributes2 ) );
+    TEST_EQUAL( psa_get_key_usage_flags( &attributes1 ),
+                psa_get_key_usage_flags( &attributes2 ) );
+    TEST_EQUAL( psa_get_key_algorithm( &attributes1 ),
+                psa_get_key_algorithm( &attributes2 ) );
+    if( target_usage & PSA_KEY_USAGE_EXPORT )
+    {
+        size_t length;
+        ASSERT_ALLOC( export_buffer, target_material->len );
+        PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+                                    target_material->len, &length ) );
+        ASSERT_COMPARE( target_material->x, target_material->len,
+                        export_buffer, length );
+    }
 
 exit:
     mbedtls_psa_crypto_free( );
@@ -406,7 +530,7 @@
 void invalid_handle( )
 {
     psa_key_handle_t handle1 = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t read_type;
     size_t read_bits;
     uint8_t material[1] = "a";
@@ -414,12 +538,13 @@
     PSA_ASSERT( psa_crypto_init( ) );
 
     /* Allocate a handle and store a key in it. */
-    PSA_ASSERT( psa_allocate_key( &handle1 ) );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
+    psa_set_key_usage_flags( &attributes, 0 );
+    psa_set_key_algorithm( &attributes, 0 );
+    PSA_ASSERT( psa_import_key( &attributes,
+                                material, sizeof( material ),
+                                &handle1 ) );
     TEST_ASSERT( handle1 != 0 );
-    psa_key_policy_set_usage( &policy, 0, 0 );
-    PSA_ASSERT( psa_set_key_policy( handle1, &policy ) );
-    PSA_ASSERT( psa_import_key( handle1, PSA_KEY_TYPE_RAW_DATA,
-                                material, sizeof( material ) ) );
 
     /* Attempt to close and destroy some invalid handles. */
     TEST_EQUAL( psa_close_key( 0 ), PSA_ERROR_INVALID_HANDLE );
@@ -447,26 +572,28 @@
     size_t max_handles = max_handles_arg;
     size_t i, j;
     psa_status_t status;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     uint8_t exported[sizeof( size_t )];
     size_t exported_length;
 
     ASSERT_ALLOC( handles, max_handles );
     PSA_ASSERT( psa_crypto_init( ) );
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &attributes, 0 );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
 
     for( i = 0; i < max_handles; i++ )
     {
-        status = psa_allocate_key( &handles[i] );
+        status = psa_import_key( &attributes,
+                                 (uint8_t *) &i, sizeof( i ),
+                                 &handles[i] );
         if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
             break;
         PSA_ASSERT( status );
         TEST_ASSERT( handles[i] != 0 );
         for( j = 0; j < i; j++ )
             TEST_ASSERT( handles[i] != handles[j] );
-        PSA_ASSERT( psa_set_key_policy( handles[i], &policy ) );
-        PSA_ASSERT( psa_import_key( handles[i], PSA_KEY_TYPE_RAW_DATA,
-                                    (uint8_t *) &i, sizeof( i ) ) );
     }
     max_handles = i;
 
diff --git a/tests/suites/test_suite_psa_crypto_storage_file.data b/tests/suites/test_suite_psa_crypto_storage_file.data
deleted file mode 100644
index 730e092..0000000
--- a/tests/suites/test_suite_psa_crypto_storage_file.data
+++ /dev/null
@@ -1,43 +0,0 @@
-PSA Storage Load verify loaded file
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"deadbeef":1:4:PSA_SUCCESS
-
-PSA Storage Load check slots dont share state
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:2:"deadbeef":1:4:PSA_ERROR_STORAGE_FAILURE
-
-PSA Storage Load zero length file
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"":1:1:PSA_SUCCESS
-
-PSA Storage Load less than capacity of data buffer
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"deadbeef":1:5:PSA_SUCCESS
-
-PSA Storage Load nonexistent file location, should fail
-depends_on:MBEDTLS_FS_IO
-load_data_from_file:1:"deadbeef":0:4:PSA_ERROR_STORAGE_FAILURE
-
-PSA Storage Store verify stored file
-depends_on:MBEDTLS_FS_IO
-write_data_to_file:"deadbeef":PSA_SUCCESS
-
-PSA Storage Store into preexisting location, should fail
-depends_on:MBEDTLS_FS_IO
-write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT
-
-PSA Storage Store, preexisting temp_location file, should succeed
-depends_on:MBEDTLS_FS_IO
-write_data_to_prexisting_file:"psa_key_slot_0":"deadbeef":PSA_SUCCESS
-
-PSA Storage Get data size verify data size
-depends_on:MBEDTLS_FS_IO
-get_file_size:"deadbeef":4:PSA_SUCCESS:1
-
-PSA Storage Get data size verify data size zero length file
-depends_on:MBEDTLS_FS_IO
-get_file_size:"":0:PSA_SUCCESS:1
-
-PSA Storage Get data size nonexistent file location, should fail
-depends_on:MBEDTLS_FS_IO
-get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0
diff --git a/tests/suites/test_suite_psa_crypto_storage_file.function b/tests/suites/test_suite_psa_crypto_storage_file.function
deleted file mode 100644
index e596be1..0000000
--- a/tests/suites/test_suite_psa_crypto_storage_file.function
+++ /dev/null
@@ -1,157 +0,0 @@
-/* BEGIN_HEADER */
-#include <stdint.h>
-#include "psa/crypto.h"
-#include "psa_crypto_storage_backend.h"
-
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void load_data_from_file( int id_to_load_arg,
-                          data_t *data, int should_make_file,
-                          int capacity_arg, int expected_status )
-{
-    psa_key_id_t id_to_load = id_to_load_arg;
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    size_t file_size = 0;
-    uint8_t *loaded_data = NULL;
-    size_t capacity = (size_t) capacity_arg;
-
-    if( should_make_file == 1 )
-    {
-        /* Create a file with data contents, with mask permissions. */
-        FILE *file;
-        file = fopen( slot_location, "wb+" );
-        TEST_ASSERT( file != NULL );
-        file_size = fwrite( data->x, 1, data->len, file );
-        TEST_EQUAL( file_size, data->len );
-        ret = fclose( file );
-        TEST_EQUAL( ret, 0 );
-    }
-
-    /* Read from the file with psa_crypto_storage_load. */
-    ASSERT_ALLOC( loaded_data, capacity );
-    status = psa_crypto_storage_load( id_to_load, loaded_data, file_size );
-
-    /* Check we get the expected status. */
-    TEST_EQUAL( status, expected_status );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Check that the file data and data length is what we expect. */
-    ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
-
-exit:
-    mbedtls_free( loaded_data );
-    remove( slot_location );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void write_data_to_file( data_t *data, int expected_status )
-{
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    FILE *file;
-    size_t file_size;
-    size_t num_read;
-    uint8_t *loaded_data = NULL;
-
-    /* Write data to file. */
-    status = psa_crypto_storage_store( 1, data->x, data->len );
-
-    /* Check that we got the expected status. */
-    TEST_EQUAL( status, expected_status );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Check that the file length is what we expect */
-    file = fopen( slot_location, "rb" );
-    TEST_ASSERT( file != NULL );
-    fseek( file, 0, SEEK_END );
-    file_size = (size_t) ftell( file );
-    fseek( file, 0, SEEK_SET );
-    TEST_EQUAL( file_size, data->len );
-
-    /* Check that the file contents are what we expect */
-    ASSERT_ALLOC( loaded_data, data->len );
-
-    num_read = fread( loaded_data, 1, file_size, file );
-    TEST_EQUAL( num_read, file_size );
-    ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
-    ret = fclose( file );
-    TEST_EQUAL( ret, 0 );
-
-exit:
-    mbedtls_free( loaded_data );
-    remove( slot_location );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void get_file_size( data_t *data, int expected_data_length,
-                    int expected_status, int should_make_file )
-{
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    size_t file_size;
-
-    if( should_make_file )
-    {
-        /* Create a file with data contents, with mask permissions. */
-        FILE *file;
-        file = fopen( slot_location, "wb+" );
-        TEST_ASSERT( file != NULL );
-        file_size = fwrite( data->x, 1, data->len, file );
-        TEST_EQUAL( file_size, data->len );
-        ret = fclose( file );
-        TEST_EQUAL( ret, 0 );
-    }
-
-    /* Check get data size is what we expect */
-    status = psa_crypto_storage_get_data_length( 1, &file_size );
-    TEST_EQUAL( status, expected_status );
-    if( expected_status == PSA_SUCCESS )
-        TEST_EQUAL( file_size, (size_t)expected_data_length );
-
-exit:
-    remove( slot_location );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void write_data_to_prexisting_file( char *preexist_file_location,
-                                    data_t *data, int expected_status )
-{
-    char slot_location[] = "psa_key_slot_1";
-    psa_status_t status;
-    int ret;
-    FILE *file;
-
-    /* Create file first */
-    file = fopen( preexist_file_location, "wb" );
-    TEST_ASSERT( file != NULL );
-    ret = fclose( file );
-    TEST_EQUAL( ret, 0 );
-
-    /* Write data to file. */
-    status = psa_crypto_storage_store( 1, data->x, data->len );
-
-    /* Check that we got the expected status. */
-    TEST_EQUAL( status, expected_status );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-exit:
-    remove( preexist_file_location );
-    remove( slot_location );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_psa_its.data b/tests/suites/test_suite_psa_its.data
new file mode 100644
index 0000000..63ca129
--- /dev/null
+++ b/tests/suites/test_suite_psa_its.data
@@ -0,0 +1,65 @@
+Set/get/remove 0 bytes
+set_get_remove:0:0:""
+
+Set/get/remove 42 bytes
+set_get_remove:0:0:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223242526272829"
+
+Set/get/remove 1000 bytes
+set_get_remove:0:0:"6a07ecfcc7c7bfe0129d56d2dcf2955a12845b9e6e0034b0ed7226764261c6222a07b9f654deb682130eb1cd07ed298324e60a46f9c76c8a5a0be000c69e93dd81054ca21fbc6190cef7745e9d5436f70e20e10cbf111d1d40c9ceb83be108775199d81abaf0fecfe30eaa08e7ed82517cba939de4449f7ac5c730fcbbf56e691640b0129db0e178045dd2034262de9138873d9bdca57685146a3d516ff13c29e6628a00097435a8e10fef7faff62d2963c303a93793e2211d8604556fec08cd59c0f5bd1f22eea64be13e88b3f454781e83fe6e771d3d81eb2fbe2021e276f42a93db5343d767d854115e74f5e129a8036b1e81aced9872709d515e00bcf2098ccdee23006b0e836b27dc8aaf30f53fe58a31a6408abb79b13098c22e262a98040f9b09809a3b43bd42eb01cf1d17bbc8b4dfe51fa6573d4d8741943e3ae71a649e194c1218f2e20556c7d8cfe8c64d8cc1aa94531fbf638768c7d19b3c079299cf4f26ed3f964efb8fd23d82b4157a51f46da11156c74e2d6e2fd788869ebb52429e12a82da2ba083e2e74565026162f29ca22582da72a2698e7c5d958b919bc2cdfe12f50364ccfed30efd5cd120a7d5f196b2bd7f911bb44d5871eb3dedcd70ece7faf464988f9fe361f23d7244b1e08bee921d0f28bdb4912675809d099876d4d15b7d13ece356e1f2a5dce64feb3d6749a07a4f2b7721190e17a9ab2966e48b6d25187070b81eb45b1c44608b2f0e175958ba57fcf1b2cd145eea5fd4de858d157ddac69dfbb5d5d6f0c1691b0fae5a143b6e58cdf5000f28d74b3322670ed11e740c828c7bfad4e2f392012da3ac931ea26ed15fd003e604071f5900c6e1329d021805d50da9f1e732a49bcc292d9f8e07737cfd59442e8d7aaa813b18183a68e22bf6b4519545dd7d2d519db3652be4131bad4f4b0625dbaa749e979f6ee8c1b97803cb50a2fa20dc883eac932a824b777b226e15294de6a80be3ddef41478fe18172d64407a004de6bae18bc60e90c902c1cbb0e1633395b42391f5011be0d480541987609b0cd8d902ea29f86f73e7362340119323eb0ea4f672b70d6e9a9df5235f9f1965f5cb0c2998c5a7f4754e83eeda5d95fefbbaaa0875fe37b7ca461e7281cc5479162627c5a709b45fd9ddcde4dfb40659e1d70fa7361d9fc7de24f9b8b13259423fdae4dbb98d691db687467a5a7eb027a4a0552a03e430ac8a32de0c30160ba60a036d6b9db2d6182193283337b92e7438dc5d6eb4fa00200d8efa9127f1c3a32ac8e202262773aaa5a965c6b8035b2e5706c32a55511560429ddf1df4ac34076b7eedd9cf94b6915a894fdd9084ffe3db0e7040f382c3cd04f0484595de95865c36b6bf20f46a78cdfb37228acbeb218de798b9586f6d99a0cbae47e80d"
+
+Set/get/remove with flags
+set_get_remove:0:0x12345678:"abcdef"
+
+Overwrite 0 -> 3
+set_overwrite:0:0x12345678:"":0x01020304:"abcdef"
+
+Overwrite 3 -> 0
+set_overwrite:0:0x12345678:"abcdef":0x01020304:""
+
+Overwrite 3 -> 3
+set_overwrite:0:0x12345678:"123456":0x01020304:"abcdef"
+
+Overwrite 3 -> 18
+set_overwrite:0:0x12345678:"abcdef":0x01020304:"404142434445464748494a4b4c4d4e4f5051"
+
+Overwrite 18 -> 3
+set_overwrite:0:0x12345678:"404142434445464748494a4b4c4d4e4f5051":0x01020304:"abcdef"
+
+Multiple files
+set_multiple:0:5
+
+Non-existent file
+nonexistent:0:0
+
+Removed file
+nonexistent:0:1
+
+Get 0 bytes of 10 at 10
+get_at:0:"40414243444546474849":10:0:PSA_SUCCESS
+
+Get 1 byte of 10 at 9
+get_at:0:"40414243444546474849":9:1:PSA_SUCCESS
+
+Get 0 bytes of 10 at 0
+get_at:0:"40414243444546474849":0:0:PSA_SUCCESS
+
+Get 1 byte of 10 at 0
+get_at:0:"40414243444546474849":0:1:PSA_SUCCESS
+
+Get 2 bytes of 10 at 1
+get_at:0:"40414243444546474849":1:2:PSA_SUCCESS
+
+Get 1 byte of 10 at 10: out of range
+get_at:0:"40414243444546474849":10:1:PSA_ERROR_INVALID_ARGUMENT
+
+Get 1 byte of 10 at 11: out of range
+get_at:0:"40414243444546474849":11:1:PSA_ERROR_INVALID_ARGUMENT
+
+Get 0 bytes of 10 at 11: out of range
+get_at:0:"40414243444546474849":11:0:PSA_ERROR_INVALID_ARGUMENT
+
+Get -1 byte of 10 at 10: out of range
+get_at:0:"40414243444546474849":10:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Get 1 byte of 10 at -1: out of range
+get_at:0:"40414243444546474849":-1:1:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
new file mode 100644
index 0000000..867f64f
--- /dev/null
+++ b/tests/suites/test_suite_psa_its.function
@@ -0,0 +1,213 @@
+/* BEGIN_HEADER */
+#include "../library/psa_crypto_its.h"
+
+/* Internal definitions of the implementation, copied for the sake of
+ * some of the tests and of the cleanup code. */
+#define PSA_ITS_STORAGE_PREFIX ""
+#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
+#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
+#define PSA_ITS_STORAGE_FILENAME_LENGTH         \
+    ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
+      16 + /*UID (64-bit number in hex)*/                               \
+      sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
+      1 /*terminating null byte*/ )
+#define PSA_ITS_STORAGE_TEMP \
+    PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
+static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+{
+    /* Break up the UID into two 32-bit pieces so as not to rely on
+     * long long support in snprintf. */
+    mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+                      "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+                      PSA_ITS_STORAGE_PREFIX,
+                      (unsigned long) ( uid >> 32 ),
+                      (unsigned long) ( uid & 0xffffffff ),
+                      PSA_ITS_STORAGE_SUFFIX );
+}
+
+/* Maximum uid used by the test, recorded so that cleanup() can delete
+ * all files. 0xffffffffffffffff is always cleaned up, so it does not
+ * need to and should not be taken into account for uid_max. */
+static psa_storage_uid_t uid_max = 0;
+
+static void cleanup( void )
+{
+    char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
+    psa_storage_uid_t uid;
+    for( uid = 0; uid < uid_max; uid++ )
+    {
+        psa_its_fill_filename( uid, filename );
+        remove( filename );
+    }
+    psa_its_fill_filename( (psa_storage_uid_t)( -1 ), filename );
+    remove( filename );
+    remove( PSA_ITS_STORAGE_TEMP );
+    uid_max = 0;
+}
+
+static psa_status_t psa_its_set_wrap( psa_storage_uid_t uid,
+                                      uint32_t data_length,
+                                      const void *p_data,
+                                      psa_storage_create_flags_t create_flags )
+{
+    if( uid_max != (psa_storage_uid_t)( -1 ) && uid_max < uid )
+        uid_max = uid;
+    return( psa_its_set( uid, data_length, p_data, create_flags ) );
+}
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_ITS_FILE_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void set_get_remove( int uid_arg, int flags_arg, data_t *data )
+{
+    psa_storage_uid_t uid = uid_arg;
+    uint32_t flags = flags_arg;
+    struct psa_storage_info_t info;
+    unsigned char *buffer = NULL;
+
+    ASSERT_ALLOC( buffer, data->len );
+
+    PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, flags ) );
+
+    PSA_ASSERT( psa_its_get_info( uid, &info ) );
+    TEST_ASSERT( info.size == data->len );
+    TEST_ASSERT( info.flags == flags );
+    PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer ) );
+    ASSERT_COMPARE( data->x, data->len, buffer, data->len );
+
+    PSA_ASSERT( psa_its_remove( uid ) );
+
+exit:
+    mbedtls_free( buffer );
+    cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void set_overwrite( int uid_arg,
+                    int flags1_arg, data_t *data1,
+                    int flags2_arg, data_t *data2 )
+{
+    psa_storage_uid_t uid = uid_arg;
+    uint32_t flags1 = flags1_arg;
+    uint32_t flags2 = flags2_arg;
+    struct psa_storage_info_t info;
+    unsigned char *buffer = NULL;
+
+    ASSERT_ALLOC( buffer, MAX( data1->len, data2->len ) );
+
+    PSA_ASSERT( psa_its_set_wrap( uid, data1->len, data1->x, flags1 ) );
+    PSA_ASSERT( psa_its_get_info( uid, &info ) );
+    TEST_ASSERT( info.size == data1->len );
+    TEST_ASSERT( info.flags == flags1 );
+    PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer ) );
+    ASSERT_COMPARE( data1->x, data1->len, buffer, data1->len );
+
+    PSA_ASSERT( psa_its_set_wrap( uid, data2->len, data2->x, flags2 ) );
+    PSA_ASSERT( psa_its_get_info( uid, &info ) );
+    TEST_ASSERT( info.size == data2->len );
+    TEST_ASSERT( info.flags == flags2 );
+    PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer ) );
+    ASSERT_COMPARE( data2->x, data2->len, buffer, data2->len );
+
+    PSA_ASSERT( psa_its_remove( uid ) );
+
+exit:
+    mbedtls_free( buffer );
+    cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void set_multiple( int first_id, int count )
+{
+    psa_storage_uid_t uid0 = first_id;
+    psa_storage_uid_t uid;
+    char stored[40];
+    char retrieved[40];
+
+    memset( stored, '.', sizeof( stored ) );
+    for( uid = uid0; uid < uid0 + count; uid++ )
+    {
+        mbedtls_snprintf( stored, sizeof( stored ),
+                          "Content of file 0x%08lx", (unsigned long) uid );
+        PSA_ASSERT( psa_its_set_wrap( uid, sizeof( stored ), stored, 0 ) );
+    }
+
+    for( uid = uid0; uid < uid0 + count; uid++ )
+    {
+        mbedtls_snprintf( stored, sizeof( stored ),
+                          "Content of file 0x%08lx", (unsigned long) uid );
+        PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved ) );
+        ASSERT_COMPARE( retrieved, sizeof( stored ),
+                        stored, sizeof( stored ) );
+        PSA_ASSERT( psa_its_remove( uid ) );
+        TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+                     PSA_ERROR_DOES_NOT_EXIST );
+    }
+
+exit:
+    cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void nonexistent( int uid_arg, int create_and_remove )
+{
+    psa_storage_uid_t uid = uid_arg;
+    struct psa_storage_info_t info;
+
+    if( create_and_remove )
+    {
+        PSA_ASSERT( psa_its_set_wrap( uid, 0, NULL, 0 ) );
+        PSA_ASSERT( psa_its_remove( uid ) );
+    }
+
+    TEST_ASSERT( psa_its_remove( uid ) == PSA_ERROR_DOES_NOT_EXIST );
+    TEST_ASSERT( psa_its_get_info( uid, &info ) ==
+                 PSA_ERROR_DOES_NOT_EXIST );
+    TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+                 PSA_ERROR_DOES_NOT_EXIST );
+
+exit:
+    cleanup( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void get_at( int uid_arg, data_t *data,
+             int offset, int length_arg,
+             int expected_status )
+{
+    psa_storage_uid_t uid = uid_arg;
+    unsigned char *buffer = NULL;
+    psa_status_t status;
+    size_t length = length_arg >= 0 ? length_arg : 0;
+    unsigned char *trailer;
+    size_t i;
+
+    ASSERT_ALLOC( buffer, length + 16 );
+    trailer = buffer + length;
+    memset( trailer, '-', 16 );
+
+    PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
+
+    status = psa_its_get( uid, offset, length_arg, buffer );
+    TEST_ASSERT( status == (psa_status_t) expected_status );
+    if( status == PSA_SUCCESS )
+        ASSERT_COMPARE( data->x + offset, length,
+                        buffer, length );
+    for( i = 0; i < 16; i++ )
+        TEST_ASSERT( trailer[i] == '-' );
+    PSA_ASSERT( psa_its_remove( uid ) );
+
+exit:
+    mbedtls_free( buffer );
+    cleanup( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index e495151..953b1ff 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -1,3 +1,6 @@
+RSA parameter validation
+rsa_invalid_param:
+
 RSA PKCS1 Verify v1.5 CAVS #1
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
 # Good padding but wrong hash
@@ -255,12 +258,6 @@
 depends_on:MBEDTLS_PKCS1_V15
 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
 
-RSA PKCS1 Sign #8 (Invalid padding type)
-mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2:MBEDTLS_MD_MD5:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING
-
-RSA PKCS1 Sign #8 Verify (Invalid padding type)
-mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":1:MBEDTLS_MD_MD5:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING
-
 RSA PKCS1 Encrypt #1
 depends_on:MBEDTLS_PKCS1_V15
 mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0
@@ -277,12 +274,6 @@
 depends_on:MBEDTLS_PKCS1_V15
 mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 
-RSA PKCS1 Encrypt #3 (Invalid padding mode)
-mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_INVALID_PADDING
-
-RSA PKCS1 Decrypt #3 (Invalid padding mode)
-mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
-
 RSA PKCS1 Decrypt #4 (Output buffer too small)
 depends_on:MBEDTLS_PKCS1_V15
 mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":15:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
@@ -339,6 +330,7 @@
 mbedtls_rsa_check_pubkey:16:"7edcba9876543210deadbeefcafe4321":16:"3":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
 
 RSA Check Public key #6 (N exactly 8192 bits)
+depends_on:MBEDTLS_MPI_MAX_SIZE>=1024
 mbedtls_rsa_check_pubkey:16:"88F48075BF29E95C1C6AE8716678B74E957B69CC2E49708C160C6343AAD2F076D25397ACE74220311ED18AEEB681F463611B3340C3945CAAEAD3ACC616E08A25A55683A32979BD55EA5DAB7630AF393886896F11DDC5F07E15EDF949324CF0F0B2A5C0E85DFA23167193182D1A43079DC8645F6C2C029629F475575802F7D326DE5BD891A9C5F84A433D45154181EC05685A4B368A5B6434775A00ABC6B0A04647D4598CEEE566B552230F691C98CA30B402A76C686A94B373CCD2F60EFA3878A867BB5F585D088E27C507937262D098A477B9218BE7C03B2E4C102D244CA701645F1827CD947E5E796446378B848862E689F0D1773F752056841A1F0EECE7CAB74921A42DBF2EF264ADCF4ABE05A1242E5F629A657A2D67958A2DAC9A2245074A37099B45064723ABE21241058252632C2BA6FE85AB1C75FF310891B84C9C40AB646FE1D90BC716FB3A4B56DA3EA25CA397C04B994F7C6AD1DD0CB9E994CA6B835F7830F4F4E0F976BBEA5AE8556BC7C90B3E50E21C19AD1F6BC4A8FF15F2909D9CC5F3DA533BADFF50F487869D631C3E34D69636B4C25A55127EF5B715F2FC0565734B38DF996D1970E56F7F64EBECB9D00A587AAEC608F2D3AAA51E66BF53E92C3096BF78D1DCBCE1A645FA4F0542E6F68E5A94AAA6E839F75620FABED5D2BCF40AB8EAF95F838BFA962429F281578882DF0F2721C27C8905C9E776B1D3251FC066A8BC64C0CE7FBA2B8E21F65EF6739AB6F19EC2AB07817DFF03DAB7C846AB5CC86C103642D7664A85DC2D846A8004CD6A144C72CCCAC86DB5901A047324927B80E281F5F7315FA2F9083BDE0DB7AA46DC055E36BB73FB6DBD3A14759D06CBBE8D57CBC213C4D55DE4478679E0A5902C8655BE1391C0E88D2B1FBD57E9232A2CEBC67569ECD94E4BF0FCC6C003F9AA51A2A5E6EE084A46DAE65E52400A727F9713D29E92CD6CA37FD599598B3F677624A2A484A8B36B98EFEAD662C0A23BC1D9280EF2A31F887065EB20A93B41F7A264ECFA65B3555F3E400927018186EAA2D4F00C6B7AB1BCED5F893D64478177592C7F2B945307AB474D7EC7FF2E7E55834CC763BEF81DA9BD70FB3D423AE5ADB86B336734C8A3BEC90CEB05438B5BA030D0D30DEC1442D2EB08450480FBAE090FFA1A5ADD748A415BDCDE45094E792420F0AF94BCA0A80A2096D1A478D3428A214A7E68C0F07F58C6FB232ECC3D8B821AE29AE76E13EB751193F6ECA670016D54F3D796937DDBB8900062EF116CCA3F5B3AECA618272875336C9C050FBC0FC7EDD5B88D85DA0061D21E176E1419CF573629BE7B0496E761EAD45FE32B59EB00D47CDD178AC8F8EC8D6F26DED34F7576CD938422E18E936F16A704B483A48EE3BEA59D95F688136119894930EC8E9282E5974740CF031DF8DBB07EB08F2DA0ACCADECE15A6A57502890F4A03740E60BD":16:"010001":0
 
 RSA Check Public key #7 (N larger than 8192 bits)
@@ -486,7 +478,7 @@
 RSA Import (N,-,-,D,E)
 mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0
 
-RSA Import (N,-,-,D,E), succesive
+RSA Import (N,-,-,D,E), successive
 mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0
 
 RSA Import (N,P,Q,-,E)
@@ -573,7 +565,7 @@
 RSA Export (N,-,-,D,E)
 mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0
 
-RSA Export (N,-,-,D,E), succesive
+RSA Export (N,-,-,D,E), successive
 mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1
 
 RSA Export (N,P,Q,-,E)
@@ -594,7 +586,7 @@
 RSA Export Raw (N,-,-,D,E)
 mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0
 
-RSA Export Raw (N,-,-,D,E), succesive
+RSA Export Raw (N,-,-,D,E), successive
 mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1
 
 RSA Export Raw (N,P,Q,-,E)
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index c43ef20..89c84e8 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -17,6 +17,454 @@
  * END_DEPENDENCIES
  */
 
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void rsa_invalid_param( )
+{
+    mbedtls_rsa_context ctx;
+    const int valid_padding = MBEDTLS_RSA_PKCS_V21;
+    const int invalid_padding = 42;
+    const int valid_mode = MBEDTLS_RSA_PRIVATE;
+    const int invalid_mode = 42;
+    unsigned char buf[42] = { 0 };
+    size_t olen;
+
+    TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
+    TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
+    TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
+
+    /* No more variants because only the first argument must be non-NULL. */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_import( NULL, NULL, NULL,
+                                                NULL, NULL, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_import_raw( NULL,
+                                                    NULL, 0,
+                                                    NULL, 0,
+                                                    NULL, 0,
+                                                    NULL, 0,
+                                                    NULL, 0 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_complete( NULL ) );
+
+    /* No more variants because only the first argument must be non-NULL. */
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_export( NULL, NULL, NULL,
+                                                NULL, NULL, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_export_raw( NULL,
+                                                    NULL, 0,
+                                                    NULL, 0,
+                                                    NULL, 0,
+                                                    NULL, 0,
+                                                    NULL, 0 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
+
+    TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
+                                                 valid_padding, 0 ) );
+    TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
+                                                 invalid_padding, 0 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_gen_key( NULL, rnd_std_rand,
+                                                 NULL, 0, 0 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_gen_key( &ctx, NULL,
+                                                 NULL, 0, 0 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_check_pubkey( NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_check_privkey( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_public( NULL, buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_public( &ctx, NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_public( &ctx, buf, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_private( NULL, NULL, NULL,
+                                                 buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_private( &ctx, NULL, NULL,
+                                                 NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_private( &ctx, NULL, NULL,
+                                                 buf, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
+                                                       valid_mode,
+                                                       sizeof( buf ), buf,
+                                                       buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
+                                                       invalid_mode,
+                                                       sizeof( buf ), buf,
+                                                       buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
+                                                       valid_mode,
+                                                       sizeof( buf ), NULL,
+                                                       buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
+                                                       valid_mode,
+                                                       sizeof( buf ), buf,
+                                                       NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
+                                                           NULL,
+                                                           valid_mode,
+                                                           sizeof( buf ), buf,
+                                                           buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
+                                                           NULL,
+                                                           invalid_mode,
+                                                           sizeof( buf ), buf,
+                                                           buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
+                                                           NULL,
+                                                           valid_mode,
+                                                           sizeof( buf ), NULL,
+                                                           buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
+                                                           NULL,
+                                                           valid_mode,
+                                                           sizeof( buf ), buf,
+                                                           NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
+                                                            valid_mode,
+                                                            buf, sizeof( buf ),
+                                                            sizeof( buf ), buf,
+                                                            buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+                                                            invalid_mode,
+                                                            buf, sizeof( buf ),
+                                                            sizeof( buf ), buf,
+                                                            buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+                                                            valid_mode,
+                                                            NULL, sizeof( buf ),
+                                                            sizeof( buf ), buf,
+                                                            buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+                                                            valid_mode,
+                                                            buf, sizeof( buf ),
+                                                            sizeof( buf ), NULL,
+                                                            buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+                                                            valid_mode,
+                                                            buf, sizeof( buf ),
+                                                            sizeof( buf ), buf,
+                                                            NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
+                                                       valid_mode, &olen,
+                                                       buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+                                                       invalid_mode, &olen,
+                                                       buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+                                                       valid_mode, NULL,
+                                                       buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+                                                       valid_mode, &olen,
+                                                       NULL, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+                                                       valid_mode, &olen,
+                                                       buf, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
+                                                           NULL,
+                                                           valid_mode, &olen,
+                                                           buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+                                                           NULL,
+                                                           invalid_mode, &olen,
+                                                           buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+                                                           NULL,
+                                                           valid_mode, NULL,
+                                                           buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+                                                           NULL,
+                                                           valid_mode, &olen,
+                                                           NULL, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+                                                           NULL,
+                                                           valid_mode, &olen,
+                                                           buf, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
+                                                            valid_mode,
+                                                            buf, sizeof( buf ),
+                                                            &olen,
+                                                            buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+                                                            invalid_mode,
+                                                            buf, sizeof( buf ),
+                                                            &olen,
+                                                            buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+                                                            valid_mode,
+                                                            NULL, sizeof( buf ),
+                                                            NULL,
+                                                            buf, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+                                                            valid_mode,
+                                                            buf, sizeof( buf ),
+                                                            &olen,
+                                                            NULL, buf, 42 ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+                                                            valid_mode,
+                                                            buf, sizeof( buf ),
+                                                            &olen,
+                                                            buf, NULL, 42 ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
+                                                    valid_mode,
+                                                    0, sizeof( buf ), buf,
+                                                    buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+                                                    invalid_mode,
+                                                    0, sizeof( buf ), buf,
+                                                    buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+                                                    valid_mode,
+                                                    0, sizeof( buf ), NULL,
+                                                    buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+                                                    valid_mode,
+                                                    0, sizeof( buf ), buf,
+                                                    NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+                                                    valid_mode,
+                                                    MBEDTLS_MD_SHA1,
+                                                    0, NULL,
+                                                    buf ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
+                                                        valid_mode,
+                                                        0, sizeof( buf ), buf,
+                                                        buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+                                                        invalid_mode,
+                                                        0, sizeof( buf ), buf,
+                                                        buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+                                                        valid_mode,
+                                                        0, sizeof( buf ), NULL,
+                                                        buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+                                                        valid_mode,
+                                                        0, sizeof( buf ), buf,
+                                                        NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+                                                        valid_mode,
+                                                        MBEDTLS_MD_SHA1,
+                                                        0, NULL,
+                                                        buf ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
+                                                         valid_mode,
+                                                         0, sizeof( buf ), buf,
+                                                         buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+                                                         invalid_mode,
+                                                         0, sizeof( buf ), buf,
+                                                         buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+                                                         valid_mode,
+                                                         0, sizeof( buf ), NULL,
+                                                         buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+                                                         valid_mode,
+                                                         0, sizeof( buf ), buf,
+                                                         NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+                                                         valid_mode,
+                                                         MBEDTLS_MD_SHA1,
+                                                         0, NULL,
+                                                         buf ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
+                                                      valid_mode,
+                                                      0, sizeof( buf ), buf,
+                                                      buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+                                                      invalid_mode,
+                                                      0, sizeof( buf ), buf,
+                                                      buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+                                                      valid_mode,
+                                                      0, sizeof( buf ), NULL,
+                                                      buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+                                                      valid_mode,
+                                                      0, sizeof( buf ), buf,
+                                                      NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+                                                      valid_mode,
+                                                      MBEDTLS_MD_SHA1, 0, NULL,
+                                                      buf ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
+                                                          NULL,
+                                                          valid_mode,
+                                                          0, sizeof( buf ), buf,
+                                                          buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+                                                          NULL,
+                                                          invalid_mode,
+                                                          0, sizeof( buf ), buf,
+                                                          buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+                                                          NULL,
+                                                          valid_mode,
+                                                          0, sizeof( buf ),
+                                                          NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+                                                          NULL,
+                                                          valid_mode,
+                                                          0, sizeof( buf ), buf,
+                                                          NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+                                                          NULL,
+                                                          valid_mode,
+                                                          MBEDTLS_MD_SHA1,
+                                                          0, NULL,
+                                                          buf ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
+                                                           valid_mode,
+                                                           0, sizeof( buf ),
+                                                           buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+                                                           invalid_mode,
+                                                           0, sizeof( buf ),
+                                                           buf, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+                                                           valid_mode,
+                                                           0, sizeof( buf ),
+                                                           NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+                                                           valid_mode,
+                                                           0, sizeof( buf ),
+                                                           buf, NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+                                                           valid_mode,
+                                                           MBEDTLS_MD_SHA1,
+                                                           0, NULL,
+                                                           buf ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
+                                                               valid_mode,
+                                                               0, sizeof( buf ),
+                                                               buf,
+                                                               0, 0,
+                                                               buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+                                                               invalid_mode,
+                                                               0, sizeof( buf ),
+                                                               buf,
+                                                               0, 0,
+                                                               buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+                                                               valid_mode,
+                                                               0, sizeof( buf ),
+                                                               NULL, 0, 0,
+                                                               buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+                                                               valid_mode,
+                                                               0, sizeof( buf ),
+                                                               buf, 0, 0,
+                                                               NULL ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+                                                               valid_mode,
+                                                               MBEDTLS_MD_SHA1,
+                                                               0, NULL,
+                                                               0, 0,
+                                                               buf ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_copy( NULL, &ctx ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+                            mbedtls_rsa_copy( &ctx, NULL ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
                              int digest, int mod, int radix_P, char * input_P,
diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data
index ee8074d..2f65c23 100644
--- a/tests/suites/test_suite_shax.data
+++ b/tests/suites/test_suite_shax.data
@@ -1,3 +1,9 @@
+SHA-1 - Valid parameters
+sha1_valid_param:
+
+SHA-1 - Invalid parameters
+sha1_invalid_param:
+
 # Test the operation of SHA-1 and SHA-2
 SHA-1 Test Vector NIST CAVS #1
 depends_on:MBEDTLS_SHA1_C
@@ -39,6 +45,12 @@
 depends_on:MBEDTLS_SHA1_C
 mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
 
+SHA-256 Valid parameters
+sha256_valid_param:
+
+SHA-256 Invalid parameters
+sha256_invalid_param:
+
 SHA-224 Test Vector NIST CAVS #1
 depends_on:MBEDTLS_SHA256_C
 sha224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
@@ -95,6 +107,12 @@
 depends_on:MBEDTLS_SHA256_C
 mbedtls_sha256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e"
 
+SHA-512 Invalid parameters
+sha512_invalid_param:
+
+SHA-512 Valid parameters
+sha512_valid_param:
+
 SHA-384 Test Vector NIST CAVS #1
 depends_on:MBEDTLS_SHA512_C
 sha384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 147ae0e..e621f49 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,6 +5,53 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
+void sha1_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void sha1_invalid_param( )
+{
+    mbedtls_sha1_context ctx;
+    unsigned char buf[64] = { 0 };
+    size_t const buflen = sizeof( buf );
+
+    TEST_INVALID_PARAM( mbedtls_sha1_init( NULL ) );
+
+    TEST_INVALID_PARAM( mbedtls_sha1_clone( NULL, &ctx ) );
+    TEST_INVALID_PARAM( mbedtls_sha1_clone( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_sha1_starts_ret( NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_sha1_update_ret( NULL, buf, buflen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_sha1_update_ret( &ctx, NULL, buflen ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_sha1_finish_ret( NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_sha1_finish_ret( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_internal_sha1_process( NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_internal_sha1_process( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_sha1_ret( NULL, buflen, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+                            mbedtls_sha1_ret( buf, buflen, NULL ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
 void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[41];
@@ -19,6 +66,62 @@
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void sha256_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void sha256_invalid_param( )
+{
+    mbedtls_sha256_context ctx;
+    unsigned char buf[64] = { 0 };
+    size_t const buflen = sizeof( buf );
+    int valid_type = 0;
+    int invalid_type = 42;
+
+    TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) );
+
+    TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) );
+    TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_starts_ret( NULL, valid_type ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_starts_ret( &ctx, invalid_type ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_update_ret( NULL, buf, buflen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_update_ret( &ctx, NULL, buflen ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_finish_ret( NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_finish_ret( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_internal_sha256_process( NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_internal_sha256_process( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_ret( NULL, buflen,
+                                                buf, valid_type ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_ret( buf, buflen,
+                                                NULL, valid_type ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+                            mbedtls_sha256_ret( buf, buflen,
+                                                buf, invalid_type ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
 void sha224( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[57];
@@ -47,6 +150,62 @@
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
+void sha512_valid_param( )
+{
+    TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void sha512_invalid_param( )
+{
+    mbedtls_sha512_context ctx;
+    unsigned char buf[64] = { 0 };
+    size_t const buflen = sizeof( buf );
+    int valid_type = 0;
+    int invalid_type = 42;
+
+    TEST_INVALID_PARAM( mbedtls_sha512_init( NULL ) );
+
+    TEST_INVALID_PARAM( mbedtls_sha512_clone( NULL, &ctx ) );
+    TEST_INVALID_PARAM( mbedtls_sha512_clone( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_starts_ret( NULL, valid_type ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_starts_ret( &ctx, invalid_type ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_update_ret( NULL, buf, buflen ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_update_ret( &ctx, NULL, buflen ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_finish_ret( NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_finish_ret( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_internal_sha512_process( NULL, buf ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_internal_sha512_process( &ctx, NULL ) );
+
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_ret( NULL, buflen,
+                                                buf, valid_type ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_ret( buf, buflen,
+                                                NULL, valid_type ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+                            mbedtls_sha512_ret( buf, buflen,
+                                                buf, invalid_type ) );
+
+exit:
+    return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
 void sha384( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[97];
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
deleted file mode 100644
index 1473507..0000000
--- a/tests/suites/test_suite_ssl.data
+++ /dev/null
@@ -1,59 +0,0 @@
-SSL DTLS replay: initial state, seqnum 0
-ssl_dtls_replay:"":"000000000000":0
-
-SSL DTLS replay: 0 seen, 1 arriving
-ssl_dtls_replay:"000000000000":"000000000001":0
-
-SSL DTLS replay: 0 seen, 0 replayed
-ssl_dtls_replay:"000000000000":"000000000000":-1
-
-SSL DTLS replay: 0-1 seen, 2 arriving
-ssl_dtls_replay:"000000000000000000000001":"000000000002":0
-
-SSL DTLS replay: 0-1 seen, 1 replayed
-ssl_dtls_replay:"000000000000000000000001":"000000000001":-1
-
-SSL DTLS replay: 0-1 seen, 0 replayed
-ssl_dtls_replay:"000000000000000000000001":"000000000000":-1
-
-SSL DTLS replay: new
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0
-
-SSL DTLS replay: way new
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0
-
-SSL DTLS replay: delayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
-
-SSL DTLS replay: lastest replayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
-
-SSL DTLS replay: older replayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1
-
-SSL DTLS replay: most recent in window, replayed
-ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1
-
-SSL DTLS replay: oldest in window, replayed
-ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1
-
-SSL DTLS replay: oldest in window, not replayed
-ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0
-
-SSL DTLS replay: just out of the window
-ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1
-
-SSL DTLS replay: way out of the window
-ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1
-
-SSL DTLS replay: big jump then replay
-ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1
-
-SSL DTLS replay: big jump then new
-ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0
-
-SSL DTLS replay: big jump then just delayed
-ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0
-
-SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
-ssl_set_hostname_twice:"server0":"server1"
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
deleted file mode 100644
index 326f22d..0000000
--- a/tests/suites/test_suite_ssl.function
+++ /dev/null
@@ -1,54 +0,0 @@
-/* BEGIN_HEADER */
-#include <mbedtls/ssl.h>
-#include <mbedtls/ssl_internal.h>
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_SSL_TLS_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
-{
-    uint32_t len = 0;
-    mbedtls_ssl_context ssl;
-    mbedtls_ssl_config conf;
-
-    mbedtls_ssl_init( &ssl );
-    mbedtls_ssl_config_init( &conf );
-
-    TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
-                 MBEDTLS_SSL_IS_CLIENT,
-                 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
-                 MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
-    TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
-
-    /* Read previous record numbers */
-    for( len = 0; len < prevs->len; len += 6 )
-    {
-        memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
-        mbedtls_ssl_dtls_replay_update( &ssl );
-    }
-
-    /* Check new number */
-    memcpy( ssl.in_ctr + 2, new->x, 6 );
-    TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
-
-    mbedtls_ssl_free( &ssl );
-    mbedtls_ssl_config_free( &conf );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
-{
-    mbedtls_ssl_context ssl;
-    mbedtls_ssl_init( &ssl );
-
-    TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
-    TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
-
-    mbedtls_ssl_free( &ssl );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data
index 4dddcf7..2522da1 100644
--- a/tests/suites/test_suite_timing.data
+++ b/tests/suites/test_suite_timing.data
@@ -1,41 +1,17 @@
-Timing: basic timer operation
-timing_timer_simple:
-
-Timing: timer reset
-timing_timer_reset:
-
-Timing: two parallel timers, delay 0
-timing_two_timers:0:
-
-Timing: two parallel timers, delay 100
-timing_two_timers:100:
-
-Timing: two parallel timers, delay 1000
-timing_two_timers:1000:
-
-Timing: two parallel timers, delay 10000
-timing_two_timers:10000:
-
-Timing: delay 0ms, 0ms
-timing_delay:0:0:
-
-Timing: delay 0ms, 50ms
-timing_delay:0:50:
-
-Timing: delay 50ms, 50ms
-timing_delay:50:50:
-
-Timing: delay 50ms, 100ms
-timing_delay:50:100:
-
-Timing: delay 50ms, 200ms
-timing_delay:50:200:
-
-Timing: alarm in 0 second
-timing_alarm:0:
-
-Timing: alarm in 1 second
-timing_alarm:1:
-
 Timing: hardclock
 timing_hardclock:
+
+Timing: get timer
+timing_get_timer:
+
+Timing: set alarm with no delay
+timing_set_alarm:0:
+
+Timing: set alarm with 1s delay
+timing_set_alarm:1:
+
+Timing: delay 0ms
+timing_delay:0:
+
+Timing: delay 100ms
+timing_delay:100:
diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 1610155..74dc823 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -1,51 +1,14 @@
 /* BEGIN_HEADER */
 
-/* This test module exercises the timing module. One of the expected failure
-   modes is for timers to never expire, which could lead to an infinite loop.
-   The function timing_timer_simple is protected against this failure mode and
-   checks that timers do expire. Other functions will terminate if their
-   timers do expire. Therefore it is recommended to run timing_timer_simple
-   first and run other test functions only if that timing_timer_simple
-   succeeded. */
+/* This test module exercises the timing module. Since, depending on the
+ * underlying operating system, the timing routines are not always reliable,
+ * this suite only performs very basic sanity checks of the timing API.
+ */
 
 #include <limits.h>
 
 #include "mbedtls/timing.h"
 
-/* Wait this many milliseconds for a short timing test. This duration
-   should be large enough that, in practice, if you read the timer
-   value twice in a row, it won't have jumped by that much. */
-#define TIMING_SHORT_TEST_MS 100
-
-/* A loop that waits TIMING_SHORT_TEST_MS must not take more than this many
-   iterations. This value needs to be large enough to accommodate fast
-   platforms (e.g. at 4GHz and 10 cycles/iteration a CPU can run through 20
-   million iterations in 50ms). The only motivation to keep this value low is
-   to avoid having an infinite loop if the timer functions are not implemented
-   correctly. Ideally this value should be based on the processor speed but we
-   don't have this information! */
-#define TIMING_SHORT_TEST_ITERATIONS_MAX 1e8
-
-/* alarm(0) must fire in no longer than this amount of time. */
-#define TIMING_ALARM_0_DELAY_MS TIMING_SHORT_TEST_MS
-
-static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms,
-                                  unsigned long actual_ms )
-{
-    return( fin_ms == 0 ? -1 :
-            actual_ms >= fin_ms ? 2 :
-            actual_ms >= int_ms ? 1 :
-            0 );
-}
-
-/* Some conditions in timing_timer_simple suggest that timers are unreliable.
-   Most other test cases rely on timers to terminate, and could loop
-   indefinitely if timers are too broken. So if timing_timer_simple detected a
-   timer that risks not terminating (going backwards, or not reaching the
-   desired count in the alloted clock cycles), set this flag to immediately
-   fail those other tests without running any timers. */
-static int timers_are_badly_broken = 0;
-
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -54,350 +17,58 @@
  */
 
 /* BEGIN_CASE */
-void timing_timer_simple( )
+void timing_hardclock( )
 {
-    struct mbedtls_timing_hr_time timer;
-    unsigned long millis = 0;
-    unsigned long new_millis = 0;
-    unsigned long iterations = 0;
-    /* Start the timer. */
-    (void) mbedtls_timing_get_timer( &timer, 1 );
-    /* Busy-wait loop for a few milliseconds. */
-    do
-    {
-        new_millis = mbedtls_timing_get_timer( &timer, 0 );
-        ++iterations;
-        /* Check that the timer didn't go backwards */
-        TEST_ASSERT( new_millis >= millis );
-        millis = new_millis;
-    }
-    while( millis < TIMING_SHORT_TEST_MS &&
-           iterations <= TIMING_SHORT_TEST_ITERATIONS_MAX );
-    /* The wait duration should have been large enough for at least a
-       few runs through the loop, even on the slowest realistic platform. */
-    TEST_ASSERT( iterations >= 2 );
-    /* The wait duration shouldn't have overflowed the iteration count. */
-    TEST_ASSERT( iterations < TIMING_SHORT_TEST_ITERATIONS_MAX );
-    return;
-
-exit:
-    if( iterations >= TIMING_SHORT_TEST_ITERATIONS_MAX ||
-        new_millis < millis )
-    {
-        /* The timer was very unreliable: it didn't increment and the loop ran
-           out, or it went backwards. Other tests that use timers might go
-           into an infinite loop, so we'll skip them. */
-        timers_are_badly_broken = 1;
-    }
-
-    /* No cleanup needed, but show some diagnostic iterations, because timing
-       problems can be hard to reproduce. */
-    mbedtls_fprintf( stdout, "  Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n",
-                     millis, new_millis, mbedtls_timing_get_timer( &timer, 0 ),
-                     iterations );
+    (void) mbedtls_timing_hardclock();
+    /* This goto is added to avoid warnings from the generated code. */
+    goto exit;
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void timing_timer_reset( )
+void timing_get_timer( )
 {
-    struct mbedtls_timing_hr_time timer;
-    unsigned long millis = 0;
-    unsigned long iterations = 0;
-
-    /* Skip this test if it looks like timers don't work at all, to avoid an
-       infinite loop below. */
-    TEST_ASSERT( !timers_are_badly_broken );
-
-    /* Start the timer. Timers are always reset to 0. */
-    TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 );
-    /* Busy-wait loop for a few milliseconds */
-    do
-    {
-        ++iterations;
-        millis = mbedtls_timing_get_timer( &timer, 0 );
-    }
-    while( millis < TIMING_SHORT_TEST_MS );
-
-    /* Reset the timer and check that it has restarted. */
-    TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 );
-    /* Read the timer immediately after reset. It should be 0 or close
-       to it. */
-    TEST_ASSERT( mbedtls_timing_get_timer( &timer, 0 ) < TIMING_SHORT_TEST_MS );
-    return;
-
-exit:
-    /* No cleanup needed, but show some diagnostic information, because timing
-       problems can be hard to reproduce. */
-    if( !timers_are_badly_broken )
-        mbedtls_fprintf( stdout, "  Finished with millis=%lu get(timer)<=%lu iterations=%lu\n",
-                         millis, mbedtls_timing_get_timer( &timer, 0 ),
-                         iterations );
+    struct mbedtls_timing_hr_time time;
+    (void) mbedtls_timing_get_timer( &time, 1 );
+    (void) mbedtls_timing_get_timer( &time, 0 );
+    /* This goto is added to avoid warnings from the generated code. */
+    goto exit;
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void timing_two_timers( int delta )
+void timing_set_alarm( int seconds )
 {
-    struct mbedtls_timing_hr_time timer1, timer2;
-    unsigned long millis1 = 0, millis2 = 0;
-
-    /* Skip this test if it looks like timers don't work at all, to avoid an
-       infinite loop below. */
-    TEST_ASSERT( !timers_are_badly_broken );
-
-    /* Start the first timer and wait for a short time. */
-    (void) mbedtls_timing_get_timer( &timer1, 1 );
-    do
+    if( seconds == 0 )
     {
-        millis1 = mbedtls_timing_get_timer( &timer1, 0 );
-    }
-    while( millis1 < TIMING_SHORT_TEST_MS );
-
-    /* Do a short busy-wait, so that the difference between timer1 and timer2
-       doesn't practically always end up being very close to a whole number of
-       milliseconds. */
-    while( delta > 0 )
-        --delta;
-
-    /* Start the second timer and compare it with the first. */
-    mbedtls_timing_get_timer( &timer2, 1 );
-    do
-    {
-        millis1 = mbedtls_timing_get_timer( &timer1, 0 );
-        millis2 = mbedtls_timing_get_timer( &timer2, 0 );
-        /* The first timer should always be ahead of the first. */
-        TEST_ASSERT( millis1 > millis2 );
-        /* The timers shouldn't drift apart, i.e. millis2-millis1 should stay
-           roughly constant, but this is hard to test reliably, especially in
-           a busy environment such as an overloaded continuous integration
-           system, so we don't test it it. */
-    }
-    while( millis2 < TIMING_SHORT_TEST_MS );
-
-    return;
-
-exit:
-    /* No cleanup needed, but show some diagnostic iterations, because timing
-       problems can be hard to reproduce. */
-    if( !timers_are_badly_broken )
-        mbedtls_fprintf( stdout, "  Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n",
-                         millis1, mbedtls_timing_get_timer( &timer1, 0 ),
-                         millis2, mbedtls_timing_get_timer( &timer2, 0 ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void timing_alarm( int seconds )
-{
-    struct mbedtls_timing_hr_time timer;
-    unsigned long millis = 0;
-    /* We check that about the desired number of seconds has elapsed. Be
-       slightly liberal with the lower bound, so as to allow platforms where
-       the alarm (with second resolution) and the timer (with millisecond
-       resolution) are based on different clocks. Be very liberal with the
-       upper bound, because the platform might be busy. */
-    unsigned long millis_min = ( seconds > 0 ?
-                                 seconds * 900 :
-                                 0 );
-    unsigned long millis_max = ( seconds > 0 ?
-                                 seconds * 1100 + 400 :
-                                 TIMING_ALARM_0_DELAY_MS );
-    unsigned long iterations = 0;
-
-    /* Skip this test if it looks like timers don't work at all, to avoid an
-       infinite loop below. */
-    TEST_ASSERT( !timers_are_badly_broken );
-
-    /* Set an alarm and count how long it takes with a timer. */
-    (void) mbedtls_timing_get_timer( &timer, 1 );
-    mbedtls_set_alarm( seconds );
-
-    if( seconds > 0 )
-    {
-        /* We set the alarm for at least 1 second. It should not have fired
-           immediately, even on a slow and busy platform. */
-        TEST_ASSERT( !mbedtls_timing_alarmed );
-    }
-    /* A 0-second alarm should fire quickly, but we don't guarantee that it
-       fires immediately, so mbedtls_timing_alarmed may or may not be set at
-       this point. */
-
-    /* Busy-wait until the alarm rings */
-    do
-    {
-        ++iterations;
-        millis = mbedtls_timing_get_timer( &timer, 0 );
-    }
-    while( !mbedtls_timing_alarmed && millis <= millis_max );
-
-    TEST_ASSERT( mbedtls_timing_alarmed );
-    TEST_ASSERT( millis >= millis_min );
-    TEST_ASSERT( millis <= millis_max );
-
-    mbedtls_timing_alarmed = 0;
-    return;
-
-exit:
-    /* Show some diagnostic iterations, because timing
-       problems can be hard to reproduce. */
-    if( !timers_are_badly_broken )
-        mbedtls_fprintf( stdout, "  Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n",
-                         mbedtls_timing_alarmed,
-                         millis, mbedtls_timing_get_timer( &timer, 0 ),
-                         iterations );
-    /* Cleanup */
-    mbedtls_timing_alarmed = 0;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void timing_delay( int int_ms, int fin_ms )
-{
-    /* This function assumes that if int_ms is nonzero then it is large
-       enough that we have time to read all timers at least once in an
-       interval of time lasting int_ms milliseconds, and likewise for (fin_ms
-       - int_ms). So don't call it with arguments that are too small. */
-
-    mbedtls_timing_delay_context delay;
-    struct mbedtls_timing_hr_time timer;
-    unsigned long delta = 0; /* delay started between timer=0 and timer=delta */
-    unsigned long before = 0, after = 0;
-    unsigned long iterations = 0;
-    int status = -2;
-    int saw_status_1 = 0;
-    int warn_inconclusive = 0;
-
-    assert( int_ms >= 0 );
-    assert( fin_ms >= 0 );
-
-    /* Skip this test if it looks like timers don't work at all, to avoid an
-       infinite loop below. */
-    TEST_ASSERT( !timers_are_badly_broken );
-
-    /* Start a reference timer. Program a delay, and verify that the status of
-       the delay is consistent with the time given by the reference timer. */
-    (void) mbedtls_timing_get_timer( &timer, 1 );
-    mbedtls_timing_set_delay( &delay, int_ms, fin_ms );
-    /* Set delta to an upper bound for the interval between the start of timer
-       and the start of delay. Reading timer after starting delay gives us an
-       upper bound for the interval, rounded to a 1ms precision. Since this
-       might have been rounded down, but we need an upper bound, we add 1. */
-    delta = mbedtls_timing_get_timer( &timer, 0 ) + 1;
-
-    status = mbedtls_timing_get_delay( &delay );
-    if( fin_ms == 0 )
-    {
-        /* Cancelled timer. Just check the correct status for this case. */
-        TEST_ASSERT( status == -1 );
-        return;
-    }
-
-    /* Initially, none of the delays must be passed yet if they're nonzero.
-       This could fail for very small values of int_ms and fin_ms, where "very
-       small" depends how fast and how busy the platform is. */
-    if( int_ms > 0 )
-    {
-        TEST_ASSERT( status == 0 );
+        mbedtls_set_alarm( seconds );
+        TEST_ASSERT( mbedtls_timing_alarmed == 1 );
     }
     else
     {
-        TEST_ASSERT( status == 1 );
+        mbedtls_set_alarm( seconds );
+        TEST_ASSERT( mbedtls_timing_alarmed == 0 ||
+                     mbedtls_timing_alarmed == 1 );
     }
-
-    do
-    {
-        unsigned long delay_min, delay_max;
-        int status_min, status_max;
-        ++iterations;
-        before = mbedtls_timing_get_timer( &timer, 0 );
-        status = mbedtls_timing_get_delay( &delay );
-        after = mbedtls_timing_get_timer( &timer, 0 );
-        /* At a time between before and after, the delay's status was status.
-           Check that this is consistent given that the delay was started
-           between times 0 and delta. */
-        delay_min = ( before > delta ? before - delta : 0 );
-        status_min = expected_delay_status( int_ms, fin_ms, delay_min );
-        delay_max = after;
-        status_max = expected_delay_status( int_ms, fin_ms, delay_max );
-        TEST_ASSERT( status >= status_min );
-        TEST_ASSERT( status <= status_max );
-        if( status == 1 )
-            saw_status_1 = 1;
-    }
-    while ( before <= fin_ms + delta && status != 2 );
-
-    /* Since we've waited at least fin_ms, the delay must have fully
-       expired. */
-    TEST_ASSERT( status == 2 );
-
-    /* If the second delay is more than the first, then there must have been a
-       point in time when the first delay was passed but not the second delay.
-       This could fail for very small values of (fin_ms - int_ms), where "very
-       small" depends how fast and how busy the platform is. In practice, this
-       is the test that's most likely to fail on a heavily loaded machine. */
-    if( fin_ms > int_ms )
-    {
-        warn_inconclusive = 1;
-        TEST_ASSERT( saw_status_1 );
-    }
-
-    return;
-
-exit:
-    /* No cleanup needed, but show some diagnostic iterations, because timing
-       problems can be hard to reproduce. */
-    if( !timers_are_badly_broken )
-        mbedtls_fprintf( stdout, "  Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n",
-                         delta, before, after, status, iterations );
-    if( warn_inconclusive )
-        mbedtls_fprintf( stdout, "  Inconclusive test, try running it on a less heavily loaded machine.\n" );
- }
+}
 /* END_CASE */
 
 /* BEGIN_CASE */
-void timing_hardclock( )
+void timing_delay( int fin_ms )
 {
-    /* We make very few guarantees about mbedtls_timing_hardclock: its rate is
-       platform-dependent, it can wrap around. So there isn't much we can
-       test. But we do at least test that it doesn't crash, stall or return
-       completely nonsensical values. */
-
-    struct mbedtls_timing_hr_time timer;
-    unsigned long hardclock0 = -1, hardclock1 = -1, delta1 = -1;
-
-    /* Skip this test if it looks like timers don't work at all, to avoid an
-       infinite loop below. */
-    TEST_ASSERT( !timers_are_badly_broken );
-
-    hardclock0 = mbedtls_timing_hardclock( );
-    /* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms
-       resolution and unspecified precision, waiting 1ms might be a very small
-       delay that's rounded up. */
-    (void) mbedtls_timing_get_timer( &timer, 1 );
-    while( mbedtls_timing_get_timer( &timer, 0 ) < 2 )
-        /*busy-wait loop*/;
-    hardclock1 = mbedtls_timing_hardclock( );
-
-    /* Although the hardclock counter can wrap around, the difference
-       (hardclock1 - hardclock0) is taken modulo the type size, so it is
-       correct as long as the counter only wrapped around at most once. We
-       further require the difference to be nonzero (after a wait of more than
-       1ms, the counter must have changed), and not to be overly large (after
-       a wait of less than 3ms, plus time lost because other processes were
-       scheduled on the CPU). If the hardclock counter runs at 4GHz, then
-       1000000000 (which is 1/4 of the counter wraparound on a 32-bit machine)
-       allows 250ms. */
-    delta1 = hardclock1 - hardclock0;
-    TEST_ASSERT( delta1 > 0 );
-    TEST_ASSERT( delta1 < 1000000000 );
-    return;
-
-exit:
-    /* No cleanup needed, but show some diagnostic iterations, because timing
-       problems can be hard to reproduce. */
-    if( !timers_are_badly_broken )
-        mbedtls_fprintf( stdout, "  Finished with hardclock=%lu,%lu\n",
-                         hardclock0, hardclock1 );
+    mbedtls_timing_delay_context ctx;
+    int result;
+    if( fin_ms == 0 )
+    {
+        mbedtls_timing_set_delay( &ctx, 0, 0 );
+        result = mbedtls_timing_get_delay( &ctx );
+        TEST_ASSERT( result == -1 );
+    }
+    else
+    {
+        mbedtls_timing_set_delay( &ctx, fin_ms / 2, fin_ms );
+        result = mbedtls_timing_get_delay( &ctx );
+        TEST_ASSERT( result >= 0 && result <= 2 );
+    }
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 3fe549a..a4575ab 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.14.0"
+check_compiletime_version:"2.17.0"
 
 Check runtime library version
-check_runtime_version:"2.14.0"
+check_runtime_version:"2.17.0"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
deleted file mode 100644
index 8f97c0c..0000000
--- a/tests/suites/test_suite_x509parse.data
+++ /dev/null
@@ -1,1979 +0,0 @@
-X509 Certificate information #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.crt":"cert. version     \: 3\nserial number     \: 01\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server2.crt":"cert. version     \: 3\nserial number     \: 02\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/test-ca.crt":"cert. version     \: 3\nserial number     \: 03\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued  on        \: 2011-02-12 14\:44\:00\nexpires on        \: 2021-02-12 14\:44\:00\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=true\n"
-
-X509 Certificate information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509_cert_info:"data_files/cert_md2.crt":"cert. version     \: 3\nserial number     \: 09\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued  on        \: 2009-07-12 10\:56\:59\nexpires on        \: 2011-07-12 10\:56\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information MD4 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C
-x509_cert_info:"data_files/cert_md4.crt":"cert. version     \: 3\nserial number     \: 05\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued  on        \: 2011-02-12 14\:44\:07\nexpires on        \: 2021-02-12 14\:44\:07\nsigned using      \: RSA with MD4\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information MD5 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C
-x509_cert_info:"data_files/cert_md5.crt":"cert. version     \: 3\nserial number     \: 06\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued  on        \: 2011-02-12 14\:44\:07\nexpires on        \: 2021-02-12 14\:44\:07\nsigned using      \: RSA with MD5\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_sha1.crt":"cert. version     \: 3\nserial number     \: 07\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued  on        \: 2011-02-12 14\:44\:07\nexpires on        \: 2021-02-12 14\:44\:07\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha224.crt":"cert. version     \: 3\nserial number     \: 08\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued  on        \: 2011-02-12 14\:44\:07\nexpires on        \: 2021-02-12 14\:44\:07\nsigned using      \: RSA with SHA-224\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha256.crt":"cert. version     \: 3\nserial number     \: 09\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued  on        \: 2011-02-12 14\:44\:07\nexpires on        \: 2021-02-12 14\:44\:07\nsigned using      \: RSA with SHA-256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/cert_sha384.crt":"cert. version     \: 3\nserial number     \: 0A\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued  on        \: 2011-02-12 14\:44\:07\nexpires on        \: 2021-02-12 14\:44\:07\nsigned using      \: RSA with SHA-384\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/cert_sha512.crt":"cert. version     \: 3\nserial number     \: 0B\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued  on        \: 2011-02-12 14\:44\:07\nexpires on        \: 2021-02-12 14\:44\:07\nsigned using      \: RSA with SHA-512\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server9.crt":"cert. version     \: 3\nserial number     \: 16\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2014-01-20 13\:38\:16\nexpires on        \: 2024-01-18 13\:38\:16\nsigned using      \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server9-sha224.crt":"cert. version     \: 3\nserial number     \: 17\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2014-01-20 13\:57\:36\nexpires on        \: 2024-01-18 13\:57\:36\nsigned using      \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server9-sha256.crt":"cert. version     \: 3\nserial number     \: 18\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2014-01-20 13\:57\:45\nexpires on        \: 2024-01-18 13\:57\:45\nsigned using      \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server9-sha384.crt":"cert. version     \: 3\nserial number     \: 19\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2014-01-20 13\:57\:58\nexpires on        \: 2024-01-18 13\:57\:58\nsigned using      \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information RSA-PSS, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server9-sha512.crt":"cert. version     \: 3\nserial number     \: 1A\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2014-01-20 13\:58\:12\nexpires on        \: 2024-01-18 13\:58\:12\nsigned using      \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server5-sha1.crt":"cert. version     \: 3\nserial number     \: 12\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 16\:21\:27\nexpires on        \: 2023-09-22 16\:21\:27\nsigned using      \: ECDSA with SHA1\nEC key size       \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-sha224.crt":"cert. version     \: 3\nserial number     \: 13\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 16\:21\:27\nexpires on        \: 2023-09-22 16\:21\:27\nsigned using      \: ECDSA with SHA224\nEC key size       \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5.crt":"cert. version     \: 3\nserial number     \: 09\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 15\:52\:04\nexpires on        \: 2023-09-22 15\:52\:04\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server5-sha384.crt":"cert. version     \: 3\nserial number     \: 14\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 16\:21\:27\nexpires on        \: 2023-09-22 16\:21\:27\nsigned using      \: ECDSA with SHA384\nEC key size       \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server5-sha512.crt":"cert. version     \: 3\nserial number     \: 15\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 16\:21\:27\nexpires on        \: 2023-09-22 16\:21\:27\nsigned using      \: ECDSA with SHA512\nEC key size       \: 256 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information, NS Cert Type
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.cert_type.crt":"cert. version     \: 3\nserial number     \: 01\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\ncert. type        \: SSL Server\n"
-
-X509 Certificate information, Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.key_usage.crt":"cert. version     \: 3\nserial number     \: 01\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\n"
-
-X509 Certificate information, Key Usage with decipherOnly
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version     \: 3\nserial number     \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name       \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name      \: C=GB, L=Cambridge, O=Default Company Ltd\nissued  on        \: 2015-05-12 10\:36\:55\nexpires on        \: 2018-05-11 10\:36\:55\nsigned using      \: RSA with SHA1\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
-
-X509 Certificate information, Subject Alt Name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_example_multi.crt":"cert. version     \: 3\nserial number     \: 11\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=www.example.com\nissued  on        \: 2012-05-10 13\:23\:41\nexpires on        \: 2022-05-11 13\:23\:41\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name  \: example.com, example.net, *.example.org\n"
-
-X509 Certificate information, Subject Alt Name + Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version     \: 3\nserial number     \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name       \: C=NL\nsubject name      \: C=NL\nissued  on        \: 2014-01-22 10\:04\:33\nexpires on        \: 2024-01-22 10\:04\:33\nsigned using      \: RSA with SHA1\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name  \: www.shotokan-braunschweig.de, www.massimo-abate.eu\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\n"
-
-X509 Certificate information, Key Usage + Extended Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version     \: 3\nserial number     \: 21\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued  on        \: 2014-04-01 14\:44\:43\nexpires on        \: 2024-03-29 14\:44\:43\nsigned using      \: RSA with SHA-256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\next key usage     \: TLS Web Server Authentication\n"
-
-X509 Certificate information RSA signed by EC
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_cert_info:"data_files/server4.crt":"cert. version     \: 3\nserial number     \: 08\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 15\:52\:04\nexpires on        \: 2023-09-22 15\:52\:04\nsigned using      \: ECDSA with SHA256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information EC signed by RSA
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_cert_info:"data_files/server3.crt":"cert. version     \: 3\nserial number     \: 0D\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-08-09 09\:17\:03\nexpires on        \: 2023-08-07 09\:17\:03\nsigned using      \: RSA with SHA1\nEC key size       \: 192 bits\nbasic constraints \: CA=false\n"
-
-X509 Certificate information Bitstring in subject name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version     \: 3\nserial number     \: 02\nissuer name       \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name      \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued  on        \: 2015-03-11 12\:06\:51\nexpires on        \: 2025-03-08 12\:06\:51\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name  \: \next key usage     \: TLS Web Client Authentication\n"
-
-X509 certificate v1 with extension
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version     \: 1\nserial number     \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name       \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name      \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued  on        \: 2013-07-04 16\:17\:02\nexpires on        \: 2014-07-04 16\:17\:02\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nsubject alt name  \: identity-check.org, www.identity-check.org\n"
-
-X509 CRL information #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-20 10\:24\:19\nnext update   \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with SHA1\n"
-
-X509 CRL Information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2009-07-19 19\:56\:37\nnext update   \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using  \: RSA with MD2\n"
-
-X509 CRL Information MD4 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C
-mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-12 14\:44\:07\nnext update   \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with MD4\n"
-
-X509 CRL Information MD5 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-12 14\:44\:07\nnext update   \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with MD5\n"
-
-X509 CRL Information SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-12 14\:44\:07\nnext update   \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with SHA1\n"
-
-X509 CRL Information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-12 14\:44\:07\nnext update   \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with SHA-224\n"
-
-X509 CRL Information SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-12 14\:44\:07\nnext update   \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with SHA-256\n"
-
-X509 CRL Information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-12 14\:44\:07\nnext update   \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with SHA-384\n"
-
-X509 CRL Information SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-12 14\:44\:07\nnext update   \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with SHA-512\n"
-
-X509 CRL information RSA-PSS, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2014-01-20 13\:46\:35\nnext update   \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using  \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
-
-X509 CRL information RSA-PSS, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2014-01-20 13\:56\:06\nnext update   \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using  \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
-
-X509 CRL information RSA-PSS, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2014-01-20 13\:56\:16\nnext update   \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using  \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
-
-X509 CRL information RSA-PSS, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2014-01-20 13\:56\:28\nnext update   \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using  \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
-
-X509 CRL information RSA-PSS, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2014-01-20 13\:56\:38\nnext update   \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using  \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
-
-X509 CRL Information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update   \: 2013-09-24 16\:31\:08\nnext update   \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using  \: ECDSA with SHA1\n"
-
-X509 CRL Information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update   \: 2013-09-24 16\:31\:08\nnext update   \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using  \: ECDSA with SHA224\n"
-
-X509 CRL Information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update   \: 2013-09-24 16\:31\:08\nnext update   \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using  \: ECDSA with SHA256\n"
-
-X509 CRL Information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update   \: 2013-09-24 16\:31\:08\nnext update   \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using  \: ECDSA with SHA384\n"
-
-X509 CRL Information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update   \: 2013-09-24 16\:31\:08\nnext update   \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using  \: ECDSA with SHA512\n"
-
-X509 CRL Malformed Input (trailing spaces at end of file)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
-
-X509 CRL Unsupported critical extension (issuingDistributionPoint)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
-
-X509 CSR Information RSA with MD4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with MD4\nRSA key size  \: 2048 bits\n"
-
-X509 CSR Information RSA with MD5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with MD5\nRSA key size  \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with SHA1\nRSA key size  \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with SHA-224\nRSA key size  \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with SHA-256\nRSA key size  \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with SHA-384\nRSA key size  \: 2048 bits\n"
-
-X509 CSR Information RSA with SHA512
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with SHA-512\nRSA key size  \: 2048 bits\n"
-
-X509 CSR Information EC with SHA1
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: ECDSA with SHA1\nEC key size   \: 256 bits\n"
-
-X509 CSR Information EC with SHA224
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: ECDSA with SHA224\nEC key size   \: 256 bits\n"
-
-X509 CSR Information EC with SHA256
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: ECDSA with SHA256\nEC key size   \: 256 bits\n"
-
-X509 CSR Information EC with SHA384
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: ECDSA with SHA384\nEC key size   \: 256 bits\n"
-
-X509 CSR Information EC with SHA512
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: ECDSA with SHA512\nEC key size   \: 256 bits\n"
-
-X509 CSR Information RSA-PSS with SHA1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size  \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size  \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size  \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size  \: 1024 bits\n"
-
-X509 CSR Information RSA-PSS with SHA512
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size  \: 1024 bits\n"
-
-X509 Verify Information: empty
-x509_verify_info:0:"":""
-
-X509 Verify Information: one issue
-x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
-
-X509 Verify Information: two issues
-x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
-
-X509 Verify Information: two issues, one unknown
-x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x80000000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
-
-X509 Verify Information: empty, with prefix
-x509_verify_info:0:"  ! ":""
-
-X509 Verify Information: one issue, with prefix
-x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"  ! ":"  ! Certificate was missing\n"
-
-X509 Verify Information: two issues, with prefix
-x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"  ! ":"  ! The certificate validity has expired\n  ! The CRL is expired\n"
-
-X509 Get Distinguished Name #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
-
-X509 Get Distinguished Name #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
-
-X509 Get Distinguished Name #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost"
-
-X509 Get Distinguished Name #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
-
-X509 Time Expired #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server1.crt":"valid_from":1
-
-X509 Time Expired #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server1.crt":"valid_to":0
-
-X509 Time Expired #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server2.crt":"valid_from":1
-
-X509 Time Expired #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/server2.crt":"valid_to":0
-
-X509 Time Expired #5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_from":1
-
-X509 Time Expired #6
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
-mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0
-
-X509 Time Future #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
-
-X509 Time Future #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
-
-X509 Time Future #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
-
-X509 Time Future #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
-
-X509 Time Future #5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0
-
-X509 Time Future #6
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
-mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
-
-X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #2 (Revoked Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #2a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #4 (Valid Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #4a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #5 (Revoked Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #5' (Revoked Cert, differing DN string formats #1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_utf8.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #5'' (Revoked Cert, differing DN string formats #2)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_printable.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #5''' (Revoked Cert, differing upper and lower case)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_uppercase.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #6 (Revoked Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #8 (Valid Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #8a (Expired Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #8b (Future Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #8c (Expired Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #8d (Future Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #9 (Not trusted Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #12 (Valid Cert MD4 Digest)
-depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-
-X509 Certificate verification #13 (Valid Cert MD5 Digest)
-depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-
-X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"":"NULL"
-
-X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL"
-
-X509 Certificate verification #15 (Valid Cert SHA224 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #16 (Valid Cert SHA256 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #17 (Valid Cert SHA384 Digest)
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #18 (Valid Cert SHA512 Digest)
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #19 (Valid Cert, denying callback)
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none"
-
-X509 Certificate verification #19 (Not trusted Cert, allowing callback)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all"
-
-X509 Certificate verification #21 (domain matching wildcard certificate, case insensitive)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL"
-
-X509 Certificate verification #22 (domain not matching wildcard certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #23 (domain not matching wildcard certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #24 (domain matching CN of multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #25 (domain matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"compat":"NULL"
-
-X509 Certificate verification #26 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #27 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #27 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #28 (domain not matching wildcard in multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-
-X509 Certificate verification #29 (domain matching wildcard in multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL"
-
-X509 Certificate verification #30 (domain matching multi certificate without CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #31 (domain not matching multi certificate without CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #32 (Valid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #33 (Valid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #34 (Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #35 (Revoked, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #41 (Valid, depth 0, EC, CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #42 (Depth 0, not CA, RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #43 (Depth 0, not CA, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #44 (Corrupted signature, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #45 (Corrupted signature, RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #45b (Corrupted signature, intermediate CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #50 (Valid, multiple CAs)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #52 (CA keyUsage valid)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #53 (CA keyUsage missing cRLSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #55 (CA keyUsage missing keyCertSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #56 (CA keyUsage plain wrong)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #68 (RSASSA-PSS, wrong salt_len)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #69 (RSASSA-PSS, wrong mgf_hash)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #70 (v1 trusted CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #71 (v1 trusted CA, other)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #72 (v1 chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #73 (selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
-X509 Certificate verification #75 (encoding mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #76 (multiple CRLs, not revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #77 (multiple CRLs, revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #78 (multiple CRLs, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #79 (multiple CRLs, revoked by future)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-
-X509 Certificate verification #81 (multiple CRLs, none relevant)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #82 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #83 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #84 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #85 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #86 (Not yet valid CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-
-X509 Certificate verification #87 (Expired CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-
-X509 Certificate verification #88 (Spurious cert in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #89 (Spurious cert later in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #90 (EE with same name as trusted root)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
-
-X509 Certificate verification #91 (same CA with good then bad key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_verify:"data_files/server1.crt":"data_files/test-ca-good-alt.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #91 (same CA with bad then good key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-
-X509 Certificate verification #92 (bad name, allowing callback)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
-
-X509 Certificate verification #93 (Suite B invalid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
-
-X509 Certificate verification #94 (Suite B invalid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
-
-X509 Certificate verification #95 (Suite B Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
-
-X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL"
-
-X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
-
-X509 Certificate verification callback: bad name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
-
-X509 Certificate verification callback: trusted EE cert
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
-
-X509 Certificate verification callback: trusted EE cert, expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n"
-
-X509 Certificate verification callback: simple
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: simple, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
-
-X509 Certificate verification callback: simple, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two trusted roots
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: two trusted roots, reversed order
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
-
-X509 Certificate verification callback: intermediate ca, int expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: intermediate ca, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
-x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates, top int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: two intermediates, low int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-
-X509 Certificate verification callback: no intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
-
-X509 Certificate verification callback: one intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
-
-X509 Parse Selftest
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_selftest:
-
-X509 Certificate ASN1 (Incorrect first tag)
-x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 Certificate ASN1 (Correct first tag, data length does not match)
-x509parse_crt:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, no more data)
-x509parse_crt:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, length data incorrect)
-x509parse_crt:"30023085":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"30023083":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"30023081":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"3003308200":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
-x509parse_crt:"300100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
-x509parse_crt:"3003300100":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, invalid version tag)
-x509parse_crt:"30053003a00101":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
-x509parse_crt:"30053003a00102":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
-x509parse_crt:"30163014a012021000000000000000000000000000000000":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
-x509parse_crt:"30073005a003020104":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
-x509parse_crt:"30083006a00402010400":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
-x509parse_crt:"30083006a00302010400":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
-x509parse_crt:"30083006a00302010482":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
-x509parse_crt:"300d300ba0030201048204deadbeef":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
-x509parse_crt:"300e300ca0030201048204deadbeef00":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, alg oid no data in sequence)
-x509parse_crt:"300f300da0030201048204deadbeef3000":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, alg with params)
-x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct alg data, no params unknown version)
-x509parse_crt:"30153013a0030201048204deadbeef30060604cafed00d":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
-x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (TBSCertificate, correct alg data, length mismatch)
-x509parse_crt:"30183016a0030201048204deadbeef30090604cafed00d050000":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
-x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
-x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 Certificate ASN1 (TBSCertificate, correct alg, bad RSASSA-PSS params)
-depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT
-x509parse_crt:"30193017A003020102020118300D06092A864886F70D01010A3100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, issuer no set data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, issuer, no string data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":MBEDTLS_ERR_X509_INVALID_NAME+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, too much date data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, invalid from date)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE
-
-X509 Certificate ASN1 (TBSCertificate, invalid to date)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE
-
-X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mbedtls_mpi)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, check failed)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
-
-X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
-
-X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 Certificate ASN1 (TBSCertificate v3, ext empty)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 Certificate ASN1 (SubjectAltName repeated)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-
-X509 Certificate ASN1 (ExtKeyUsage repeated)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-
-X509 Certificate ASN1 (correct pubkey, no sig_alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (sig_alg mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
-
-X509 Certificate ASN1 (sig_alg, no sig)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 Certificate ASN1 (signature, invalid sig data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 Certificate ASN1 (signature, data left)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 Certificate ASN1 (correct)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (GeneralizedTime instead of UTCTime)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2010-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 CN)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: CN=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 C)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: C=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 L)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: L=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 ST)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ST=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 O)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: O=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with X520 OU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: OU=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with unknown X520 part)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with composite RDN)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version     \: 3\nserial number     \: 4C\:20\:E3\:BD\nissuer name       \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name      \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued  on        \: 2013-08-02 15\:14\:37\nexpires on        \: 2015-08-17 05\:54\:31\nsigned using      \: RSA with SHA1\nRSA key size      \: 1024 bits\n":0
-
-X509 Certificate ASN1 (Name with PKCS9 email)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: emailAddress=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (Name with unknown PKCS9 part)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with MD2\nRSA key size      \: 128 bits\n":0
-
-X509 Certificate ASN1 (ECDSA signature, RSA key)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
-x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version     \: 1\nserial number     \: 03\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 09\:46\:18\nexpires on        \: 2023-07-08 09\:46\:18\nsigned using      \: ECDSA with SHA1\nRSA key size      \: 384 bits\n":0
-
-X509 Certificate ASN1 (ECDSA signature, EC key)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version     \: 1\nserial number     \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 09\:40\:19\nexpires on        \: 2023-07-08 09\:40\:19\nsigned using      \: ECDSA with SHA1\nEC key size       \: 192 bits\n":0
-
-X509 Certificate ASN1 (RSA signature, EC key)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version     \: 1\nserial number     \: 04\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 15\:02\:37\nexpires on        \: 2023-07-08 15\:02\:37\nsigned using      \: RSA with SHA1\nEC key size       \: 192 bits\n":0
-
-X509 Certificate ASN1 (invalid version 3)
-x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (invalid version overflow)
-x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (invalid SubjectAltNames tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL ASN1 (Incorrect first tag)
-x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 CRL ASN1 (Correct first tag, data length does not match)
-x509parse_crl:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CRL ASN1 (TBSCertList, tag missing)
-x509parse_crl:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, version tag len missing)
-x509parse_crl:"3003300102":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, version correct, alg missing)
-x509parse_crl:"30053003020100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, alg correct, incorrect version)
-x509parse_crl:"300b3009020102300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CRL ASN1 (TBSCertList, correct version, sig_oid1 unknown)
-x509parse_crl:"300b3009020100300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-
-X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown)
-x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-
-X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, issuer set missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
-
-X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CRL ASN1 (TBSCertList, sig present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version   \: 1\nissuer name   \: CN=ABCD\nthis update   \: 2009-01-01 00\:00\:00\nnext update   \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using  \: RSA with SHA-224\n":0
-
-X509 CRL ASN1 (TBSCertList, no entries)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version   \: 1\nissuer name   \: CN=ABCD\nthis update   \: 2009-01-01 00\:00\:00\nnext update   \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using  \: RSA with SHA-224\n":0
-
-X509 CRL ASN1 (invalid version 2)
-x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CRL ASN1 (invalid version overflow)
-x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-
-X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2018-03-14 07\:31\:48\nnext update   \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using  \: RSA with SHA-256\n":0
-
-X509 CRT parse path #2 (one cert)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
-
-X509 CRT parse path #3 (two certs)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_parse_path:"data_files/dir2":0:2
-
-X509 CRT parse path #4 (two certs, one non-cert)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_parse_path:"data_files/dir3":1:2
-
-X509 CRT verify long chain (max intermediate CA, trusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0
-
-X509 CRT verify long chain (max intermediate CA, untrusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED
-
-X509 CRT verify long chain (max intermediate CA + 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1
-
-X509 CRT verify chain #1 (zero pathlen intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #2 (zero pathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #3 (nonzero pathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #4 (nonzero pathlen intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
-
-X509 CRT verify chain #5 (nonzero maxpathlen intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0:0:"":0
-
-X509 CRT verify chain #6 (nonzero maxpathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0
-
-X509 CRT verify chain #7 (maxpathlen root, self signed in path)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0:0:"":0
-
-X509 CRT verify chain #8 (self signed maxpathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0
-
-X509 CRT verify chain #9 (zero pathlen first intermediate, valid)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0:0:"":0
-
-X509 CRT verify chain #10 (zero pathlen root, valid)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"":0
-
-X509 CRT verify chain #11 (valid chain, missing profile)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
-
-X509 CRT verify chain #12 (suiteb profile, RSA root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
-
-X509 CRT verify chain #13 (RSA only profile, EC root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #13 (RSA only profile, EC trusted EE)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #14 (RSA-3072 profile, root key too small)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #15 (suiteb profile, rsa intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
-
-X509 CRT verify chain #16 (RSA-only profile, EC intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
-
-X509 CRT verify chain #17 (SHA-512 profile)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0
-
-X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-2:"":2
-
-X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-1:"":1
-
-X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca.crt":-1:-1:"":1
-
-X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-4:"":8
-
-X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-3:"":4
-
-X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-2:"":2
-
-X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-1:"":1
-
-X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8
-
-X509 OID description #1
-x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
-
-X509 OID description #2
-x509_oid_desc:"2B0601050507030f":"notfound"
-
-X509 OID description #3
-x509_oid_desc:"2B0601050507030100":"notfound"
-
-X509 OID numstring #1 (wide buffer)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":20:17
-
-X509 OID numstring #2 (buffer just fits)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":18:17
-
-X509 OID numstring #3 (buffer too small)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL
-
-X509 OID numstring #4 (larger number)
-x509_oid_numstr:"2A864886F70D":"1.2.840.113549":15:14
-
-X509 OID numstring #5 (arithmetic overflow)
-x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
-
-X509 crt keyUsage #1 (no extension, expected KU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
-
-X509 crt keyUsage #2 (no extension, surprising KU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0
-
-X509 crt keyUsage #3 (extension present, no KU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":0:0
-
-X509 crt keyUsage #4 (extension present, single KU present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE:0
-
-X509 crt keyUsage #5 (extension present, single KU absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #6 (extension present, combined KU present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
-
-X509 crt keyUsage #7 (extension present, combined KU both absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #8 (extension present, combined KU one absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #9 (extension present, decOnly allowed absent)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
-
-X509 crt keyUsage #10 (extension present, decOnly non-allowed present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt keyUsage #11 (extension present, decOnly allowed present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
-
-X509 crt extendedKeyUsage #1 (no extension, serverAuth)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0
-
-X509 crt extendedKeyUsage #2 (single value, present)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2B06010505070301":0
-
-X509 crt extendedKeyUsage #3 (single value, absent)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2B06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt extendedKeyUsage #4 (two values, first)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070301":0
-
-X509 crt extendedKeyUsage #5 (two values, second)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070302":0
-
-X509 crt extendedKeyUsage #6 (two values, other)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA
-
-X509 crt extendedKeyUsage #7 (any, random)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2B060105050703FF":0
-
-X509 RSASSA-PSS parameters ASN1 (good, all defaults)
-x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (wrong initial tag)
-x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence)
-x509_parse_rsassa_pss_params:"A400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A00D300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A009300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1)
-x509_parse_rsassa_pss_params:"A00A300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A00A300706052B0E03021A00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters)
-x509_parse_rsassa_pss_params:"A00F300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_DATA
-
-X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID)
-x509_parse_rsassa_pss_params:"A00D300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A116301406092A864886F70D010108300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1)
-x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1)
-x509_parse_rsassa_pss_params:"A11A301906092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010109300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108310B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1a)
-x509_parse_rsassa_pss_params:"A10F300D06092A864886F70D0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1b)
-x509_parse_rsassa_pss_params:"A11B301906092A864886F70D010108300C0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c)
-x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94)
-x509_parse_rsassa_pss_params:"A20302015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit saltLen = default)
-x509_parse_rsassa_pss_params:"A203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #1)
-x509_parse_rsassa_pss_params:"A20402015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #2)
-x509_parse_rsassa_pss_params:"A20402015E00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (saltLen not an int)
-x509_parse_rsassa_pss_params:"A2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (good, explicit trailerField = default)
-x509_parse_rsassa_pss_params:"A303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
-
-X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #1)
-x509_parse_rsassa_pss_params:"A304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #2)
-x509_parse_rsassa_pss_params:"A30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 RSASSA-PSS parameters ASN1 (trailerField not an int)
-x509_parse_rsassa_pss_params:"A3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 RSASSA-PSS parameters ASN1 (trailerField not 1)
-x509_parse_rsassa_pss_params:"A303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
-
-X509 CSR ASN.1 (OK)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nsigned using  \: ECDSA with SHA1\nEC key size   \: 256 bits\n":0
-
-X509 CSR ASN.1 (bad first tag)
-mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 CSR ASN.1 (bad sequence: overlong)
-mbedtls_x509_csr_parse:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-
-X509 CSR ASN.1 (total length mistmatch)
-mbedtls_x509_csr_parse:"30010000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CSR ASN.1 (bad CRI: not a sequence)
-mbedtls_x509_csr_parse:"30023100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad CRI: overlong)
-mbedtls_x509_csr_parse:"30023001":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad CRI.Version: overlong)
-mbedtls_x509_csr_parse:"30053002020100":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad CRI.Version: not v1)
-mbedtls_x509_csr_parse:"30053003020101":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 CSR ASN.1 (bad CRI.Name: not a sequence)
-mbedtls_x509_csr_parse:"300730050201003100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad CRI.Name: overlong)
-mbedtls_x509_csr_parse:"30083005020100300100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad CRI.Name payload: not a set)
-mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad CRI.Name payload: overlong)
-mbedtls_x509_csr_parse:"300A30080201003002310100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad SubjectPublicKeyInfo: missing)
-mbedtls_x509_csr_parse:"30143012020100300D310B3009060355040613024E4C":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad SubjectPublicKeyInfo: not a sequence)
-mbedtls_x509_csr_parse:"30163014020100300D310B3009060355040613024E4C3100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong)
-mbedtls_x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad attributes: missing)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad attributes: bad tag)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad attributes: overlong)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sigAlg: missing)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sigAlg: not a sequence)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad sigAlg: overlong)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sigAlg: unknown)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-
-X509 CSR ASN.1 (bad sig: missing)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (bad sig: not a bit string)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
-X509 CSR ASN.1 (bad sig: overlong)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-
-X509 CSR ASN.1 (extra data after signature)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-
-X509 CSR ASN.1 (invalid version overflow)
-mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 File parse (no issues)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_int-ca.crt":0
-
-X509 File parse (extra space in one certificate)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_pem_space.crt":1
-
-X509 File parse (all certificates fail)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER
-
-X509 File parse (trailing spaces, OK)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_trailing_space.crt":0
-
-X509 Get time (UTC no issues)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
-
-X509 Get time (Generalized Time no issues)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"99991231235959Z":0:9999:12:31:23:59:59
-
-X509 Get time (UTC year without leap day)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"490229121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC year with leap day)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212Z":0:2000:2:29:12:12:12
-
-X509 Get time (UTC invalid day of month #1)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000132121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid day of month #2)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001131121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid hour)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130241212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid min)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid sec)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC without time zone)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212":0:2000:2:29:12:12:12
-
-X509 Get time (UTC with invalid time zone #1)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC with invalid time zone #2)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Date with invalid tag)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERR_X509_INVALID_DATE+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0:0:0:0:0:0
-
-X509 Get time (UTC, truncated)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Generalized Time, truncated)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC without seconds)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212":MBEDTLS_ERR_X509_INVALID_DATE:2000:2:29:12:12:0
-
-X509 Get time (UTC without seconds and with invalid time zone #1)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC without second and with invalid time zone #2)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in month)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001%30231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in day)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011`0231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in hour)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302h1212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in min)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"00113023u012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (UTC invalid character in sec)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0
-
-X509 Get time (Generalized Time, year multiple of 400 is a leap year)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0
-
-X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400)
-depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
-
-X509 cert verify restart: trusted EE, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0
-
-X509 cert verify restart: trusted EE, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0
-
-X509 cert verify restart: no intermediate, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0
-
-X509 cert verify restart: no intermediate, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:1:100:10000
-
-X509 cert verify restart: no intermediate, max_ops=40000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:40000:0:0
-
-X509 cert verify restart: no intermediate, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:500:20:80
-
-X509 cert verify restart: no intermediate, badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
-
-X509 cert verify restart: no intermediate, badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
-
-X509 cert verify restart: no intermediate, badsign, max_ops=40000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0
-
-X509 cert verify restart: no intermediate, badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80
-
-X509 cert verify restart: one int, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0
-
-X509 cert verify restart: one int, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:1:100:10000
-
-X509 cert verify restart: one int, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:30000:0:0
-
-X509 cert verify restart: one int, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:500:25:100
-
-X509 cert verify restart: one int, EE badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
-
-X509 cert verify restart: one int, EE badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
-
-X509 cert verify restart: one int, EE badsign, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
-
-X509 cert verify restart: one int, EE badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
-
-X509 cert verify restart: one int, int badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
-
-X509 cert verify restart: one int, int badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
-
-X509 cert verify restart: one int, int badsign, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
-
-X509 cert verify restart: one int, int badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
-x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
deleted file mode 100644
index 552c494..0000000
--- a/tests/suites/test_suite_x509parse.function
+++ /dev/null
@@ -1,831 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/bignum.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/x509_csr.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/base64.h"
-#include "string.h"
-
-#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
-#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
-than the current threshold 19. To test larger values, please \
-adapt the script tests/data_files/dir-max/long.sh."
-#endif
-
-/* Profile for backward compatibility. Allows SHA-1, unlike the default
-   profile. */
-const mbedtls_x509_crt_profile compat_profile =
-{
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
-    0xFFFFFFF, /* Any PK alg    */
-    0xFFFFFFF, /* Any curve     */
-    1024,
-};
-
-const mbedtls_x509_crt_profile profile_rsa3072 =
-{
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
-    0,
-    3072,
-};
-
-const mbedtls_x509_crt_profile profile_sha512 =
-{
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
-    0xFFFFFFF, /* Any PK alg    */
-    0xFFFFFFF, /* Any curve     */
-    1024,
-};
-
-int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
-    ((void) data);
-    ((void) crt);
-    ((void) certificate_depth);
-    *flags |= MBEDTLS_X509_BADCERT_OTHER;
-
-    return 0;
-}
-
-int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
-    ((void) data);
-    ((void) crt);
-    ((void) certificate_depth);
-    *flags = 0;
-
-    return 0;
-}
-
-int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
-    int *levels = (int *) data;
-
-    ((void) crt);
-    ((void) certificate_depth);
-
-    /* Simulate a fatal error in the callback */
-    if( *levels & ( 1 << certificate_depth ) )
-    {
-        *flags |= ( 1 << certificate_depth );
-        return( -1 - certificate_depth );
-    }
-
-    return( 0 );
-}
-
-/* strsep() not available on Windows */
-char *mystrsep(char **stringp, const char *delim)
-{
-    const char *p;
-    char *ret = *stringp;
-
-    if( *stringp == NULL )
-        return( NULL );
-
-    for( ; ; (*stringp)++ )
-    {
-        if( **stringp == '\0' )
-        {
-            *stringp = NULL;
-            goto done;
-        }
-
-        for( p = delim; *p != '\0'; p++ )
-            if( **stringp == *p )
-            {
-                **stringp = '\0';
-                (*stringp)++;
-                goto done;
-            }
-    }
-
-done:
-    return( ret );
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-typedef struct {
-    char buf[512];
-    char *p;
-} verify_print_context;
-
-void verify_print_init( verify_print_context *ctx )
-{
-    memset( ctx, 0, sizeof( verify_print_context ) );
-    ctx->p = ctx->buf;
-}
-
-int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
-{
-    int ret;
-    verify_print_context *ctx = (verify_print_context *) data;
-    char *p = ctx->p;
-    size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
-    ((void) flags);
-
-    ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, " - subject " );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ctx->p = p;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_cert_info( char * crt_file, char * result_str )
-{
-    mbedtls_x509_crt   crt;
-    char buf[2000];
-    int res;
-
-    mbedtls_x509_crt_init( &crt );
-    memset( buf, 0, 2000 );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-    res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
-
-    TEST_ASSERT( res != -1 );
-    TEST_ASSERT( res != -2 );
-
-    TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_info( char * crl_file, char * result_str )
-{
-    mbedtls_x509_crl   crl;
-    char buf[2000];
-    int res;
-
-    mbedtls_x509_crl_init( &crl );
-    memset( buf, 0, 2000 );
-
-    TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
-    res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
-
-    TEST_ASSERT( res != -1 );
-    TEST_ASSERT( res != -2 );
-
-    TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
-    mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_parse( char * crl_file, int result )
-{
-    mbedtls_x509_crl   crl;
-    char buf[2000];
-
-    mbedtls_x509_crl_init( &crl );
-    memset( buf, 0, 2000 );
-
-    TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
-
-exit:
-    mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_info( char * csr_file, char * result_str )
-{
-    mbedtls_x509_csr   csr;
-    char buf[2000];
-    int res;
-
-    mbedtls_x509_csr_init( &csr );
-    memset( buf, 0, 2000 );
-
-    TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
-    res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
-
-    TEST_ASSERT( res != -1 );
-    TEST_ASSERT( res != -2 );
-
-    TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
-    mbedtls_x509_csr_free( &csr );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_info( int flags, char * prefix, char * result_str )
-{
-    char buf[2000];
-    int res;
-
-    memset( buf, 0, sizeof( buf ) );
-
-    res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
-
-    TEST_ASSERT( res >= 0 );
-
-    TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
-void x509_verify_restart( char *crt_file, char *ca_file,
-                          int result, int flags_result,
-                          int max_ops, int min_restart, int max_restart )
-{
-    int ret, cnt_restart;
-    mbedtls_x509_crt_restart_ctx rs_ctx;
-    mbedtls_x509_crt crt;
-    mbedtls_x509_crt ca;
-    uint32_t flags = 0;
-
-    /*
-     * See comments on ecp_test_vect_restart() for op count precision.
-     *
-     * For reference, with mbed TLS 2.6 and default settings:
-     * - ecdsa_verify() for P-256:  ~  6700
-     * - ecdsa_verify() for P-384:  ~ 18800
-     * - x509_verify() for server5 -> test-ca2:             ~ 18800
-     * - x509_verify() for server10 -> int-ca3 -> int-ca2:  ~ 25500
-     */
-
-    mbedtls_x509_crt_restart_init( &rs_ctx );
-    mbedtls_x509_crt_init( &crt );
-    mbedtls_x509_crt_init( &ca );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
-
-    mbedtls_ecp_set_max_ops( max_ops );
-
-    cnt_restart = 0;
-    do {
-        ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
-                &mbedtls_x509_crt_profile_default, NULL, &flags,
-                NULL, NULL, &rs_ctx );
-    } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
-
-    TEST_ASSERT( ret == result );
-    TEST_ASSERT( flags == (uint32_t) flags_result );
-
-    TEST_ASSERT( cnt_restart >= min_restart );
-    TEST_ASSERT( cnt_restart <= max_restart );
-
-    /* Do we leak memory when aborting? */
-    ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
-            &mbedtls_x509_crt_profile_default, NULL, &flags,
-            NULL, NULL, &rs_ctx );
-    TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
-
-exit:
-    mbedtls_x509_crt_restart_free( &rs_ctx );
-    mbedtls_x509_crt_free( &crt );
-    mbedtls_x509_crt_free( &ca );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
-void x509_verify( char *crt_file, char *ca_file, char *crl_file,
-                  char *cn_name_str, int result, int flags_result,
-                  char *profile_str,
-                  char *verify_callback )
-{
-    mbedtls_x509_crt   crt;
-    mbedtls_x509_crt   ca;
-    mbedtls_x509_crl    crl;
-    uint32_t         flags = 0;
-    int         res;
-    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
-    char *      cn_name = NULL;
-    const mbedtls_x509_crt_profile *profile;
-
-    mbedtls_x509_crt_init( &crt );
-    mbedtls_x509_crt_init( &ca );
-    mbedtls_x509_crl_init( &crl );
-
-    if( strcmp( cn_name_str, "NULL" ) != 0 )
-        cn_name = cn_name_str;
-
-    if( strcmp( profile_str, "" ) == 0 )
-        profile = &mbedtls_x509_crt_profile_default;
-    else if( strcmp( profile_str, "next" ) == 0 )
-        profile = &mbedtls_x509_crt_profile_next;
-    else if( strcmp( profile_str, "suite_b" ) == 0 )
-        profile = &mbedtls_x509_crt_profile_suiteb;
-    else if( strcmp( profile_str, "compat" ) == 0 )
-        profile = &compat_profile;
-    else
-        TEST_ASSERT( "Unknown algorithm profile" == 0 );
-
-    if( strcmp( verify_callback, "NULL" ) == 0 )
-        f_vrfy = NULL;
-    else if( strcmp( verify_callback, "verify_none" ) == 0 )
-        f_vrfy = verify_none;
-    else if( strcmp( verify_callback, "verify_all" ) == 0 )
-        f_vrfy = verify_all;
-    else
-        TEST_ASSERT( "No known verify callback selected" == 0 );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
-    TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
-
-    res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
-
-    TEST_ASSERT( res == ( result ) );
-    TEST_ASSERT( flags == (uint32_t)( flags_result ) );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-    mbedtls_x509_crt_free( &ca );
-    mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_callback( char *crt_file, char *ca_file, char *name,
-                           int exp_ret, char *exp_vrfy_out )
-{
-    int ret;
-    mbedtls_x509_crt crt;
-    mbedtls_x509_crt ca;
-    uint32_t flags = 0;
-    verify_print_context vrfy_ctx;
-
-    mbedtls_x509_crt_init( &crt );
-    mbedtls_x509_crt_init( &ca );
-    verify_print_init( &vrfy_ctx );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
-
-    if( strcmp( name, "NULL" ) == 0 )
-        name = NULL;
-
-    ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
-                                                &compat_profile,
-                                                name, &flags,
-                                                verify_print, &vrfy_ctx );
-
-    TEST_ASSERT( ret == exp_ret );
-    TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-    mbedtls_x509_crt_free( &ca );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
-{
-    mbedtls_x509_crt   crt;
-    char buf[2000];
-    int res = 0;
-
-    mbedtls_x509_crt_init( &crt );
-    memset( buf, 0, 2000 );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-    if( strcmp( entity, "subject" ) == 0 )
-        res =  mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
-    else if( strcmp( entity, "issuer" ) == 0 )
-        res =  mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
-    else
-        TEST_ASSERT( "Unknown entity" == 0 );
-
-    TEST_ASSERT( res != -1 );
-    TEST_ASSERT( res != -2 );
-
-    TEST_ASSERT( strcmp( buf, result_str ) == 0 );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
-{
-    mbedtls_x509_crt   crt;
-
-    mbedtls_x509_crt_init( &crt );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
-    if( strcmp( entity, "valid_from" ) == 0 )
-        TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
-    else if( strcmp( entity, "valid_to" ) == 0 )
-        TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
-    else
-        TEST_ASSERT( "Unknown entity" == 0 );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
-{
-    mbedtls_x509_crt   crt;
-
-    mbedtls_x509_crt_init( &crt );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
-    if( strcmp( entity, "valid_from" ) == 0 )
-        TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
-    else if( strcmp( entity, "valid_to" ) == 0 )
-        TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
-    else
-        TEST_ASSERT( "Unknown entity" == 0 );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
-void x509parse_crt_file( char * crt_file, int result )
-{
-    mbedtls_x509_crt crt;
-
-    mbedtls_x509_crt_init( &crt );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt( data_t * buf, char * result_str, int result )
-{
-    mbedtls_x509_crt   crt;
-    unsigned char output[2000];
-    int res;
-
-    mbedtls_x509_crt_init( &crt );
-    memset( output, 0, 2000 );
-
-
-    TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf->x, buf->len ) == ( result ) );
-    if( ( result ) == 0 )
-    {
-        res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
-
-        TEST_ASSERT( res != -1 );
-        TEST_ASSERT( res != -2 );
-
-        TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
-    }
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
-void x509parse_crl( data_t * buf, char * result_str, int result )
-{
-    mbedtls_x509_crl   crl;
-    unsigned char output[2000];
-    int res;
-
-    mbedtls_x509_crl_init( &crl );
-    memset( output, 0, 2000 );
-
-
-    TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
-    if( ( result ) == 0 )
-    {
-        res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
-
-        TEST_ASSERT( res != -1 );
-        TEST_ASSERT( res != -2 );
-
-        TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
-    }
-
-exit:
-    mbedtls_x509_crl_free( &crl );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
-{
-    mbedtls_x509_csr csr;
-    char my_out[1000];
-    int my_ret;
-
-    mbedtls_x509_csr_init( &csr );
-    memset( my_out, 0, sizeof( my_out ) );
-
-    my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
-    TEST_ASSERT( my_ret == ref_ret );
-
-    if( ref_ret == 0 )
-    {
-        size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
-        TEST_ASSERT( my_out_len == strlen( ref_out ) );
-        TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
-    }
-
-exit:
-    mbedtls_x509_csr_free( &csr );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
-{
-    mbedtls_x509_crt chain, *cur;
-    int i;
-
-    mbedtls_x509_crt_init( &chain );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
-
-    /* Check how many certs we got */
-    for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
-        if( cur->raw.p != NULL )
-            i++;
-
-    TEST_ASSERT( i == nb_crt );
-
-exit:
-    mbedtls_x509_crt_free( &chain );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
-                                  int ret_chk, int flags_chk )
-{
-    char file_buf[128];
-    int ret;
-    uint32_t flags;
-    mbedtls_x509_crt trusted, chain;
-
-    /*
-     * We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
-     * with NN.crt signed by NN-1.crt
-     */
-
-    mbedtls_x509_crt_init( &trusted );
-    mbedtls_x509_crt_init( &chain );
-
-    /* Load trusted root */
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
-
-    /* Load a chain with nb_int intermediates (from 01 to nb_int),
-     * plus one "end-entity" cert (nb_int + 1) */
-    ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
-                                                            nb_int + 1 );
-    TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
-
-    /* Try to verify that chain */
-    ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
-                                   NULL, NULL );
-    TEST_ASSERT( ret == ret_chk );
-    TEST_ASSERT( flags == (uint32_t) flags_chk );
-
-exit:
-    mbedtls_x509_crt_free( &chain );
-    mbedtls_x509_crt_free( &trusted );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_chain(  char *chain_paths, char *trusted_ca,
-                                     int flags_result, int result,
-                                     char *profile_name, int vrfy_fatal_lvls )
-{
-    char* act;
-    uint32_t flags;
-    int res;
-    mbedtls_x509_crt trusted, chain;
-    const mbedtls_x509_crt_profile *profile = NULL;
-
-    mbedtls_x509_crt_init( &chain );
-    mbedtls_x509_crt_init( &trusted );
-
-    while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
-        TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
-
-    if( strcmp( profile_name, "" ) == 0 )
-        profile = &mbedtls_x509_crt_profile_default;
-    else if( strcmp( profile_name, "next" ) == 0 )
-        profile = &mbedtls_x509_crt_profile_next;
-    else if( strcmp( profile_name, "suiteb" ) == 0 )
-        profile = &mbedtls_x509_crt_profile_suiteb;
-    else if( strcmp( profile_name, "rsa3072" ) == 0 )
-        profile = &profile_rsa3072;
-    else if( strcmp( profile_name, "sha512" ) == 0 )
-        profile = &profile_sha512;
-
-    res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
-            NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
-
-    TEST_ASSERT( res == ( result ) );
-    TEST_ASSERT( flags == (uint32_t)( flags_result ) );
-
-exit:
-    mbedtls_x509_crt_free( &trusted );
-    mbedtls_x509_crt_free( &chain );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_desc( data_t * buf, char * ref_desc )
-{
-    mbedtls_x509_buf oid;
-    const char *desc = NULL;
-    int ret;
-
-
-    oid.tag = MBEDTLS_ASN1_OID;
-    oid.p   = buf->x;
-    oid.len   = buf->len;
-
-    ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
-
-    if( strcmp( ref_desc, "notfound" ) == 0 )
-    {
-        TEST_ASSERT( ret != 0 );
-        TEST_ASSERT( desc == NULL );
-    }
-    else
-    {
-        TEST_ASSERT( ret == 0 );
-        TEST_ASSERT( desc != NULL );
-        TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
-    }
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
-{
-    mbedtls_x509_buf oid;
-    char num_buf[100];
-
-    memset( num_buf, 0x2a, sizeof num_buf );
-
-    oid.tag = MBEDTLS_ASN1_OID;
-    oid.p   = oid_buf->x;
-    oid.len   = oid_buf->len;
-
-    TEST_ASSERT( (size_t) blen <= sizeof num_buf );
-
-    TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
-
-    if( ret >= 0 )
-    {
-        TEST_ASSERT( num_buf[ret] == 0 );
-        TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
-    }
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
-void x509_check_key_usage( char * crt_file, int usage, int ret )
-{
-    mbedtls_x509_crt crt;
-
-    mbedtls_x509_crt_init( &crt );
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
-    TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
-                                    )
-{
-    mbedtls_x509_crt crt;
-
-    mbedtls_x509_crt_init( &crt );
-
-
-    TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
-
-    TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
-
-exit:
-    mbedtls_x509_crt_free( &crt );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
-                    int day, int hour, int min, int sec )
-{
-    mbedtls_x509_time time;
-    unsigned char buf[21];
-    unsigned char* start = buf;
-    unsigned char* end = buf;
-
-    memset( &time, 0x00, sizeof( time ) );
-    *end = (unsigned char)tag; end++;
-    *end = strlen( time_str );
-    TEST_ASSERT( *end < 20 );
-    end++;
-    memcpy( end, time_str, (size_t)*(end - 1) );
-    end += *(end - 1);
-
-    TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
-    if( ret == 0 )
-    {
-        TEST_ASSERT( year == time.year );
-        TEST_ASSERT( mon  == time.mon  );
-        TEST_ASSERT( day  == time.day  );
-        TEST_ASSERT( hour == time.hour );
-        TEST_ASSERT( min  == time.min  );
-        TEST_ASSERT( sec  == time.sec  );
-    }
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
-                                   int ref_msg_md, int ref_mgf_md,
-                                   int ref_salt_len, int ref_ret )
-{
-    int my_ret;
-    mbedtls_x509_buf params;
-    mbedtls_md_type_t my_msg_md, my_mgf_md;
-    int my_salt_len;
-
-    params.p = hex_params->x;
-    params.len = hex_params->len;
-    params.tag = params_tag;
-
-    my_ret = mbedtls_x509_get_rsassa_pss_params( &params, &my_msg_md, &my_mgf_md,
-                                         &my_salt_len );
-
-    TEST_ASSERT( my_ret == ref_ret );
-
-    if( ref_ret == 0 )
-    {
-        TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
-        TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
-        TEST_ASSERT( my_salt_len == ref_salt_len );
-    }
-
-exit:
-    ;;
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
-void x509_selftest(  )
-{
-    TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
deleted file mode 100644
index 4096425..0000000
--- a/tests/suites/test_suite_x509write.data
+++ /dev/null
@@ -1,97 +0,0 @@
-Certificate Request check Server1 SHA1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0
-
-Certificate Request check Server1 SHA224
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0
-
-Certificate Request check Server1 SHA256
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0
-
-Certificate Request check Server1 SHA384
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0
-
-Certificate Request check Server1 SHA512
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0
-
-Certificate Request check Server1 MD4
-depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0
-
-Certificate Request check Server1 MD5
-depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0
-
-Certificate Request check Server1 key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
-
-Certificate Request check Server1 ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
-
-Certificate Request check Server1 key_usage + ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
-
-Certificate Request check Server5 ECDSA, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
-
-Certificate Request check opaque Server5 ECDSA, key_usage
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
-
-Certificate write check Server1 SHA1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
-
-Certificate write check Server1 SHA1, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
-
-Certificate write check Server1 SHA1, ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
-
-Certificate write check Server1 SHA1, version 1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
-
-Certificate write check Server1 SHA1, RSA_ALT
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1
-
-Certificate write check Server1 SHA1, RSA_ALT, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
-
-Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1
-
-Certificate write check Server1 SHA1, RSA_ALT, version 1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
-
-X509 String to Names #1
-mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
-
-X509 String to Names #2
-mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
-
-X509 String to Names #3 (Name precisely 255 bytes)
-mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
-
-X509 String to Names #4 (Name larger than 255 bytes)
-mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
-
-X509 String to Names #5 (Escape non-allowed characters)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
-
-X509 String to Names #6 (Escape at end)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
deleted file mode 100644
index bf43a80..0000000
--- a/tests/suites/test_suite_x509write.function
+++ /dev/null
@@ -1,336 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/bignum.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_csr.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/rsa.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#endif
-
-
-#if defined(MBEDTLS_RSA_C)
-int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
-                       const unsigned char *input, unsigned char *output,
-                       size_t output_max_len )
-{
-    return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
-                               input, output, output_max_len ) );
-}
-int mbedtls_rsa_sign_func( void *ctx,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                   int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
-                   const unsigned char *hash, unsigned char *sig )
-{
-    return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
-                            md_alg, hashlen, hash, sig ) );
-}
-size_t mbedtls_rsa_key_len_func( void *ctx )
-{
-    return( ((const mbedtls_rsa_context *) ctx)->len );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
-{
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-    const mbedtls_md_info_t *md_info;
-    mbedtls_x509_csr csr;
-
-    if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    md_info = mbedtls_md_info_from_type( csr.sig_md );
-    if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
-    {
-        /* Note: this can't happen except after an internal error */
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-    }
-
-    if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
-                       csr.sig_md, hash, mbedtls_md_get_size( md_info ),
-                       csr.sig.p, csr.sig.len ) != 0 )
-    {
-        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
-void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
-                     int key_usage, int cert_type )
-{
-    mbedtls_pk_context key;
-    mbedtls_x509write_csr req;
-    unsigned char buf[4096];
-    unsigned char check_buf[4000];
-    int ret;
-    size_t olen = 0, pem_len = 0;
-    int der_len = -1;
-    FILE *f;
-    const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
-    rnd_pseudo_info rnd_info;
-
-    memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
-
-    mbedtls_pk_init( &key );
-    TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
-
-    mbedtls_x509write_csr_init( &req );
-    mbedtls_x509write_csr_set_md_alg( &req, md_type );
-    mbedtls_x509write_csr_set_key( &req, &key );
-    TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
-    if( key_usage != 0 )
-        TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
-    if( cert_type != 0 )
-        TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
-
-    ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
-                             rnd_pseudo_rand, &rnd_info );
-    TEST_ASSERT( ret == 0 );
-
-    pem_len = strlen( (char *) buf );
-
-    f = fopen( cert_req_check_file, "r" );
-    TEST_ASSERT( f != NULL );
-    olen = fread( check_buf, 1, sizeof( check_buf ), f );
-    fclose( f );
-
-    TEST_ASSERT( olen >= pem_len - 1 );
-    TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
-
-    der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
-                            rnd_pseudo_rand, &rnd_info );
-    TEST_ASSERT( der_len >= 0 );
-
-    if( der_len == 0 )
-        goto exit;
-
-    ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
-                            rnd_pseudo_rand, &rnd_info );
-    TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-exit:
-    mbedtls_x509write_csr_free( &req );
-    mbedtls_pk_free( &key );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
-void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
-                                 int cert_type )
-{
-    mbedtls_pk_context key;
-    psa_key_slot_t slot;
-    psa_algorithm_t md_alg_psa;
-    mbedtls_x509write_csr req;
-    unsigned char buf[4096];
-    int ret;
-    size_t pem_len = 0;
-    const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
-    rnd_pseudo_info rnd_info;
-
-    psa_crypto_init();
-    memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
-
-    md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
-    TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
-
-    mbedtls_pk_init( &key );
-    TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
-    TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 );
-
-    mbedtls_x509write_csr_init( &req );
-    mbedtls_x509write_csr_set_md_alg( &req, md_type );
-    mbedtls_x509write_csr_set_key( &req, &key );
-    TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
-    if( key_usage != 0 )
-        TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
-    if( cert_type != 0 )
-        TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
-
-    ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
-                             rnd_pseudo_rand, &rnd_info );
-    TEST_ASSERT( ret == 0 );
-
-    pem_len = strlen( (char *) buf );
-    buf[pem_len] = '\0';
-    TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
-
-exit:
-    mbedtls_x509write_csr_free( &req );
-    mbedtls_pk_free( &key );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */
-void x509_crt_check( char *subject_key_file, char *subject_pwd,
-                     char *subject_name, char *issuer_key_file,
-                     char *issuer_pwd, char *issuer_name,
-                     char *serial_str, char *not_before, char *not_after,
-                     int md_type, int key_usage, int cert_type, int auth_ident,
-                     int ver, char *cert_check_file, int rsa_alt )
-{
-    mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
-    mbedtls_pk_context *key = &issuer_key;
-
-    mbedtls_x509write_cert crt;
-    unsigned char buf[4096];
-    unsigned char check_buf[5000];
-    mbedtls_mpi serial;
-    int ret;
-    size_t olen = 0, pem_len = 0;
-    int der_len = -1;
-    FILE *f;
-    rnd_pseudo_info rnd_info;
-
-    memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
-    mbedtls_mpi_init( &serial );
-
-    mbedtls_pk_init( &subject_key );
-    mbedtls_pk_init( &issuer_key  );
-    mbedtls_pk_init( &issuer_key_alt );
-
-    mbedtls_x509write_crt_init( &crt );
-
-    TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
-                                         subject_pwd ) == 0 );
-
-    TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
-                                         issuer_pwd ) == 0 );
-
-#if defined(MBEDTLS_RSA_C)
-    /* For RSA PK contexts, create a copy as an alternative RSA context. */
-    if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
-    {
-        TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
-                                            mbedtls_pk_rsa( issuer_key ),
-                                            mbedtls_rsa_decrypt_func,
-                                            mbedtls_rsa_sign_func,
-                                            mbedtls_rsa_key_len_func ) == 0 );
-
-        key = &issuer_key_alt;
-    }
-#else
-    (void) rsa_alt;
-#endif
-
-    TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
-
-    if( ver != -1 )
-        mbedtls_x509write_crt_set_version( &crt, ver );
-
-    TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
-    TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
-                                                     not_after ) == 0 );
-    mbedtls_x509write_crt_set_md_alg( &crt, md_type );
-    TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
-    TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
-    mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
-
-    mbedtls_x509write_crt_set_issuer_key( &crt, key );
-
-    if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
-    {
-        TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
-        TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
-        if( auth_ident )
-            TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
-        if( key_usage != 0 )
-            TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
-        if( cert_type != 0 )
-            TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
-    }
-
-    ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
-                                     rnd_pseudo_rand, &rnd_info );
-    TEST_ASSERT( ret == 0 );
-
-    pem_len = strlen( (char *) buf );
-
-    f = fopen( cert_check_file, "r" );
-    TEST_ASSERT( f != NULL );
-    olen = fread( check_buf, 1, sizeof( check_buf ), f );
-    fclose( f );
-    TEST_ASSERT( olen < sizeof( check_buf ) );
-
-    TEST_ASSERT( olen >= pem_len - 1 );
-    TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
-
-    der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
-                                         rnd_pseudo_rand, &rnd_info );
-    TEST_ASSERT( der_len >= 0 );
-
-    if( der_len == 0 )
-        goto exit;
-
-    ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
-                                     rnd_pseudo_rand, &rnd_info );
-    TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-exit:
-    mbedtls_x509write_crt_free( &crt );
-    mbedtls_pk_free( &issuer_key_alt );
-    mbedtls_pk_free( &subject_key );
-    mbedtls_pk_free( &issuer_key );
-    mbedtls_mpi_free( &serial );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
-                                   )
-{
-    int ret;
-    size_t len = 0;
-    mbedtls_asn1_named_data *names = NULL;
-    mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
-    unsigned char buf[1024], out[1024], *c;
-
-    memset( &parsed, 0, sizeof( parsed ) );
-    memset( out, 0, sizeof( out ) );
-    memset( buf, 0, sizeof( buf ) );
-    c = buf + sizeof( buf );
-
-    ret = mbedtls_x509_string_to_names( &names, name );
-    TEST_ASSERT( ret == result );
-
-    if( ret != 0 )
-        goto exit;
-
-    ret = mbedtls_x509_write_names( &c, buf, names );
-    TEST_ASSERT( ret > 0 );
-
-    TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len,
-                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 );
-    TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
-
-    ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed );
-    TEST_ASSERT( ret > 0 );
-
-    TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 );
-
-exit:
-    mbedtls_asn1_free_named_data_list( &names );
-
-    parsed_cur = parsed.next;
-    while( parsed_cur != 0 )
-    {
-        parsed_prv = parsed_cur;
-        parsed_cur = parsed_cur->next;
-        mbedtls_free( parsed_prv );
-    }
-}
-/* END_CASE */
diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj
deleted file mode 100644
index b2fae80..0000000
--- a/visualc/VS2010/dh_client.vcxproj
+++ /dev/null
@@ -1,174 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

-  <ItemGroup Label="ProjectConfigurations">

-    <ProjectConfiguration Include="Debug|Win32">

-      <Configuration>Debug</Configuration>

-      <Platform>Win32</Platform>

-    </ProjectConfiguration>

-    <ProjectConfiguration Include="Debug|x64">

-      <Configuration>Debug</Configuration>

-      <Platform>x64</Platform>

-    </ProjectConfiguration>

-    <ProjectConfiguration Include="Release|Win32">

-      <Configuration>Release</Configuration>

-      <Platform>Win32</Platform>

-    </ProjectConfiguration>

-    <ProjectConfiguration Include="Release|x64">

-      <Configuration>Release</Configuration>

-      <Platform>x64</Platform>

-    </ProjectConfiguration>

-  </ItemGroup>

-  <ItemGroup>

-    <ClCompile Include="..\..\programs\pkey\dh_client.c" />

-  </ItemGroup>

-  <ItemGroup>

-    <ProjectReference Include="mbedTLS.vcxproj">
-      <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>

-      <LinkLibraryDependencies>true</LinkLibraryDependencies>

-    </ProjectReference>

-  </ItemGroup>

-  <PropertyGroup Label="Globals">

-    <ProjectGuid>{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}</ProjectGuid>

-    <Keyword>Win32Proj</Keyword>

-    <RootNamespace>dh_client</RootNamespace>

-  </PropertyGroup>

-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />

-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">

-    <ConfigurationType>Application</ConfigurationType>

-    <UseDebugLibraries>true</UseDebugLibraries>

-    <CharacterSet>Unicode</CharacterSet>

-  </PropertyGroup>

-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">

-    <ConfigurationType>Application</ConfigurationType>

-    <UseDebugLibraries>true</UseDebugLibraries>

-    <CharacterSet>Unicode</CharacterSet>

-  </PropertyGroup>

-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">

-    <ConfigurationType>Application</ConfigurationType>

-    <UseDebugLibraries>false</UseDebugLibraries>

-    <WholeProgramOptimization>true</WholeProgramOptimization>

-    <CharacterSet>Unicode</CharacterSet>

-  </PropertyGroup>

-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">

-    <ConfigurationType>Application</ConfigurationType>

-    <UseDebugLibraries>false</UseDebugLibraries>

-    <WholeProgramOptimization>true</WholeProgramOptimization>

-    <CharacterSet>Unicode</CharacterSet>

-    <PlatformToolset>Windows7.1SDK</PlatformToolset>

-  </PropertyGroup>

-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />

-  <ImportGroup Label="ExtensionSettings">

-  </ImportGroup>

-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">

-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

-  </ImportGroup>

-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">

-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

-  </ImportGroup>

-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">

-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

-  </ImportGroup>

-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">

-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

-  </ImportGroup>

-  <PropertyGroup Label="UserMacros" />

-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <LinkIncremental>true</LinkIncremental>
-    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LinkIncremental>true</LinkIncremental>
-    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <LinkIncremental>false</LinkIncremental>
-    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LinkIncremental>false</LinkIncremental>
-    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">

-    <ClCompile>

-      <PrecompiledHeader>

-      </PrecompiledHeader>

-      <WarningLevel>Level3</WarningLevel>

-      <Optimization>Disabled</Optimization>

-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>

-      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>

-    </ClCompile>

-    <Link>

-      <SubSystem>Console</SubSystem>

-      <GenerateDebugInformation>true</GenerateDebugInformation>

-      <ShowProgress>NotSet</ShowProgress>

-      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>

-    </Link>

-    <ProjectReference>

-      <LinkLibraryDependencies>false</LinkLibraryDependencies>

-    </ProjectReference>

-  </ItemDefinitionGroup>

-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

-    <ClCompile>

-      <PrecompiledHeader>

-      </PrecompiledHeader>

-      <WarningLevel>Level3</WarningLevel>

-      <Optimization>Disabled</Optimization>

-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>

-      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>

-    </ClCompile>

-    <Link>

-      <SubSystem>Console</SubSystem>

-      <GenerateDebugInformation>true</GenerateDebugInformation>

-      <ShowProgress>NotSet</ShowProgress>

-      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>

-    </Link>

-    <ProjectReference>

-      <LinkLibraryDependencies>false</LinkLibraryDependencies>

-    </ProjectReference>

-  </ItemDefinitionGroup>

-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">

-    <ClCompile>

-      <WarningLevel>Level3</WarningLevel>

-      <PrecompiledHeader>

-      </PrecompiledHeader>

-      <Optimization>MaxSpeed</Optimization>

-      <FunctionLevelLinking>true</FunctionLevelLinking>

-      <IntrinsicFunctions>true</IntrinsicFunctions>

-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>

-      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>

-    </ClCompile>

-    <Link>

-      <SubSystem>Console</SubSystem>

-      <GenerateDebugInformation>true</GenerateDebugInformation>

-      <EnableCOMDATFolding>true</EnableCOMDATFolding>

-      <OptimizeReferences>true</OptimizeReferences>

-      <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>

-      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>

-  </ItemDefinitionGroup>

-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">

-    <ClCompile>

-      <WarningLevel>Level3</WarningLevel>

-      <PrecompiledHeader>

-      </PrecompiledHeader>

-      <Optimization>MaxSpeed</Optimization>

-      <FunctionLevelLinking>true</FunctionLevelLinking>

-      <IntrinsicFunctions>true</IntrinsicFunctions>

-      <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>

-      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>

-    </ClCompile>

-    <Link>

-      <SubSystem>Console</SubSystem>

-      <GenerateDebugInformation>true</GenerateDebugInformation>

-      <EnableCOMDATFolding>true</EnableCOMDATFolding>

-      <OptimizeReferences>true</OptimizeReferences>

-      <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>

-      <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>

-    </Link>

-  </ItemDefinitionGroup>

-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

-  <ImportGroup Label="ExtensionTargets">

-  </ImportGroup>

-</Project>

diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index 32c86c0..35417a9 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -23,21 +23,11 @@
 		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

 	EndProjectSection

 EndProject

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_client", "dh_client.vcxproj", "{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}"

-	ProjectSection(ProjectDependencies) = postProject

-		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

-	EndProjectSection

-EndProject

 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_genprime", "dh_genprime.vcxproj", "{718960D9-5DA6-7B56-39AD-637E81076C71}"

 	ProjectSection(ProjectDependencies) = postProject

 		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

 	EndProjectSection

 EndProject

-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_server", "dh_server.vcxproj", "{8D91B804-E2CE-142D-8E06-FBB037ED1F65}"

-	ProjectSection(ProjectDependencies) = postProject

-		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

-	EndProjectSection

-EndProject

 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ecdh_curve25519", "ecdh_curve25519.vcxproj", "{82EE497E-12CC-7C5B-A072-665678ACB43E}"

 	ProjectSection(ProjectDependencies) = postProject

 		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

@@ -223,6 +213,11 @@
 		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

 	EndProjectSection

 EndProject

+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}"

+	ProjectSection(ProjectDependencies) = postProject

+		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

+	EndProjectSection

+EndProject

 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}"

 	ProjectSection(ProjectDependencies) = postProject

 		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}

@@ -306,14 +301,6 @@
 		{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.Build.0 = Release|Win32

 		{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.ActiveCfg = Release|x64

 		{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.Build.0 = Release|x64

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.ActiveCfg = Debug|Win32

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.Build.0 = Debug|Win32

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.ActiveCfg = Debug|x64

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.Build.0 = Debug|x64

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.ActiveCfg = Release|Win32

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.Build.0 = Release|Win32

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.ActiveCfg = Release|x64

-		{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.Build.0 = Release|x64

 		{718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.ActiveCfg = Debug|Win32

 		{718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.Build.0 = Debug|Win32

 		{718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|x64.ActiveCfg = Debug|x64

@@ -322,14 +309,6 @@
 		{718960D9-5DA6-7B56-39AD-637E81076C71}.Release|Win32.Build.0 = Release|Win32

 		{718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.ActiveCfg = Release|x64

 		{718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.Build.0 = Release|x64

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.ActiveCfg = Debug|Win32

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.Build.0 = Debug|Win32

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.ActiveCfg = Debug|x64

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.Build.0 = Debug|x64

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.ActiveCfg = Release|Win32

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.Build.0 = Release|Win32

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.ActiveCfg = Release|x64

-		{8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.Build.0 = Release|x64

 		{82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|Win32.ActiveCfg = Debug|Win32

 		{82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|Win32.Build.0 = Debug|Win32

 		{82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|x64.ActiveCfg = Debug|x64

@@ -626,6 +605,14 @@
 		{10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32

 		{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64

 		{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64

+		{D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64

 		{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32

 		{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32

 		{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64

diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 23d5c2c..c56e976 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -238,9 +238,10 @@
     <ClInclude Include="..\..\include\psa\crypto_values.h" />

     <ClInclude Include="..\..\library/psa_crypto_core.h" />

     <ClInclude Include="..\..\library/psa_crypto_invasive.h" />

+    <ClInclude Include="..\..\library/psa_crypto_its.h" />

+    <ClInclude Include="..\..\library/psa_crypto_service_integration.h" />

     <ClInclude Include="..\..\library/psa_crypto_slot_management.h" />

     <ClInclude Include="..\..\library/psa_crypto_storage.h" />

-    <ClInclude Include="..\..\library/psa_crypto_storage_backend.h" />

   </ItemGroup>

   <ItemGroup>

     <ClCompile Include="..\..\library\aes.c" />

@@ -300,8 +301,7 @@
     <ClCompile Include="..\..\library\psa_crypto.c" />

     <ClCompile Include="..\..\library\psa_crypto_slot_management.c" />

     <ClCompile Include="..\..\library\psa_crypto_storage.c" />

-    <ClCompile Include="..\..\library\psa_crypto_storage_file.c" />

-    <ClCompile Include="..\..\library\psa_crypto_storage_its.c" />

+    <ClCompile Include="..\..\library\psa_its_file.c" />

     <ClCompile Include="..\..\library\ripemd160.c" />

     <ClCompile Include="..\..\library\rsa.c" />

     <ClCompile Include="..\..\library\rsa_internal.c" />

diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj
similarity index 96%
rename from visualc/VS2010/dh_server.vcxproj
rename to visualc/VS2010/query_compile_time_config.vcxproj
index 6f87cb8..dcb6f32 100644
--- a/visualc/VS2010/dh_server.vcxproj
+++ b/visualc/VS2010/query_compile_time_config.vcxproj
@@ -19,7 +19,8 @@
     </ProjectConfiguration>

   </ItemGroup>

   <ItemGroup>

-    <ClCompile Include="..\..\programs\pkey\dh_server.c" />

+    <ClCompile Include="..\..\programs\test\query_compile_time_config.c" />

+    <ClCompile Include="..\..\programs\test\query_config.c" />

   </ItemGroup>

   <ItemGroup>

     <ProjectReference Include="mbedTLS.vcxproj">
@@ -28,9 +29,9 @@
     </ProjectReference>

   </ItemGroup>

   <PropertyGroup Label="Globals">

-    <ProjectGuid>{8D91B804-E2CE-142D-8E06-FBB037ED1F65}</ProjectGuid>

+    <ProjectGuid>{D6F58AF2-9D80-562A-E2B0-F743281522B9}</ProjectGuid>

     <Keyword>Win32Proj</Keyword>

-    <RootNamespace>dh_server</RootNamespace>

+    <RootNamespace>query_compile_time_config</RootNamespace>

   </PropertyGroup>

   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />

   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">

diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj
index 1d44fa7..9b6db7f 100644
--- a/visualc/VS2010/ssl_client2.vcxproj
+++ b/visualc/VS2010/ssl_client2.vcxproj
@@ -20,6 +20,7 @@
   </ItemGroup>

   <ItemGroup>

     <ClCompile Include="..\..\programs\ssl\ssl_client2.c" />

+    <ClCompile Include="..\..\programs\test\query_config.c" />

   </ItemGroup>

   <ItemGroup>

     <ProjectReference Include="mbedTLS.vcxproj">
diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj
index d06e062..9bfe6ce 100644
--- a/visualc/VS2010/ssl_server2.vcxproj
+++ b/visualc/VS2010/ssl_server2.vcxproj
@@ -20,6 +20,7 @@
   </ItemGroup>

   <ItemGroup>

     <ClCompile Include="..\..\programs\ssl\ssl_server2.c" />

+    <ClCompile Include="..\..\programs\test\query_config.c" />

   </ItemGroup>

   <ItemGroup>

     <ProjectReference Include="mbedTLS.vcxproj">